Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Norton360 Adpeak and Scorpion infection [Closed]


  • This topic is locked This topic is locked
9 replies to this topic

#1 BnTheMan

BnTheMan

    Authentic Member

  • Authentic Member
  • PipPip
  • 100 posts

Posted 01 February 2014 - 03:36 PM

So I woke up this morning, and when I went to my computer, I found out that there was threats found after Norton360 doing its overnight full scan that I do monthly. I went to look at the details and the files related to adpeak and scorpion. At first, I did not like Norton360's decision was to just fix them, but when I went to change it, thinking I could set it to remove, my only option was to fix it or exclude. I certainly did not want to exclude it, so I kept it as fix. Then all of the sudden Norton said the infection was resolved, without me choosing the apply button???? I then said to myself, that this does not sound good, so I wanted to try doing a scan with mbam, but not just the file, the whole entire folder of Malwarebytes is missing???? I certainly did not uninstall Malwarebytes, and I know I had it installed because, I was just here a few months ago reporting an infection that MBAM found but Norton didn't. I here that there is a really nasty Trojan called Trojan.MBAM, which deletes mbam, but not the whole entire folder. Is there something going on. Could someone please help me out??? Here is my OTL

 

OTL logfile created on: 2/1/2014 3:58:22 PM - Run 8
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\BigPapa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 46.74% Memory free
11.25 Gb Paging File | 8.71 Gb Available in Paging File | 77.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.22 Gb Total Space | 810.84 Gb Free Space | 88.21% Space Free | Partition Type: NTFS

Computer Name: BIGPAPA-PC | User Name: BigPapa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\BigPapa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
PRC - C:\Program Files (x86)\Connectify\Connectifyd.exe (Connectify)
PRC - C:\Program Files (x86)\Connectify\ConnectifyService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\c94852f43f7ac59fcbe4c54b119788d2\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a42743bb1ed71d59b6594b67cf6c9384\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4774201dc923674852e089053f76e76e\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\65fa27da96ef57affcac61ac16c111e0\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\39a794f979946d714d5d38dc52d9dfc5\SmartAudio.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\17714b087b2b485c916b1b8ce31c3bb5\Interop.CxHDAudioAPILib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll ()
MOD - C:\Program Files (x86)\Connectify\Scannify.dll ()
MOD - C:\Program Files (x86)\Connectify\DriverLib.dll ()
MOD - C:\Program Files (x86)\Connectify\BuildProps.dll ()
MOD - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AdpeakProxy) -- C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe File not found
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HoudiniServer) -- C:\WINDOWS\SysNative\hserver.exe (Side Effects Software Inc.)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyService.exe ()
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\WINDOWS\SysNative\drivers\N360x64\1404000.028\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\WINDOWS\SysNative\drivers\N360x64\1404000.028\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\WINDOWS\SysNative\drivers\N360x64\1404000.028\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\WINDOWS\SysNative\drivers\N360x64\1404000.028\symnets.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\WINDOWS\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (easytether) -- C:\WINDOWS\SysNative\drivers\easytthr.sys (Mobile Stream)
DRV:64bit: - (SymIRON) -- C:\WINDOWS\SysNative\drivers\N360x64\1404000.028\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\WINDOWS\SysNative\drivers\N360x64\1404000.028\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (igfx) -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (cnnctfy2) -- C:\WINDOWS\SysNative\drivers\cnnctfy2.sys (Connectify)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CnxtHdAudService) -- C:\WINDOWS\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (RMCAST) -- C:\WINDOWS\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (athr) -- C:\WINDOWS\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\WINDOWS\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (PxHlpa64) -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (androidusb) -- C:\WINDOWS\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140131.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20140121.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140131.002\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140131.002\eng64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope =

IE - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.com/
IE - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\..\SearchScopes,DefaultScope = {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
IE - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\..\SearchScopes\{E3F15D58-092E-47B8-AC12-4F1195C84251}: "URL" = http://www.google.co...1I7NDKB_enUS524
IE - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.lycos.com"
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.2.02
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.4.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.4.5.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\BigPapa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ [2014/01/22 11:59:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFF [2013/10/09 14:00:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/06/07 19:14:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BigPapa\AppData\Roaming\Mozilla\Extensions
[2013/12/03 22:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BigPapa\AppData\Roaming\Mozilla\Firefox\Profiles\hvscwft2.default\extensions
[2013/12/03 22:10:40 | 000,778,022 | ---- | M] () (No name found) -- C:\Users\BigPapa\AppData\Roaming\Mozilla\Firefox\Profiles\hvscwft2.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/11/17 17:06:07 | 000,002,531 | ---- | M] () -- C:\Users\BigPapa\AppData\Roaming\Mozilla\Firefox\Profiles\hvscwft2.default\searchplugins\safesearch.xml
[2013/12/18 22:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/18 22:26:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/22 11:59:47 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\COFFPLGN
[2013/10/09 14:00:21 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFF

========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\BigPapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\BigPapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Selection Links = C:\Users\BigPapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmljcahgmhdlnhmnjiaakhkbbiapjkb\4.3_0\
CHR - Extension: Norton Identity Protection = C:\Users\BigPapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
CHR - Extension: GreatArcadeHits Add-on = C:\Users\BigPapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
CHR - Extension: Gmail = C:\Users\BigPapa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/11/18 19:12:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1653179536-2399911319-13676569-1000..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
O4 - HKU\S-1-5-21-1653179536-2399911319-13676569-1000..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKU\S-1-5-21-1653179536-2399911319-13676569-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-21-1653179536-2399911319-13676569-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_152_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\BigPapa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\WINDOWS\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\WINDOWS\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\WINDOWS\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\WINDOWS\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\WINDOWS\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\WINDOWS\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\WINDOWS\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\WINDOWS\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\WINDOWS\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\WINDOWS\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\WINDOWS\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\WINDOWS\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\WINDOWS\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\WINDOWS\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\WINDOWS\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\WINDOWS\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\WINDOWS\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\WINDOWS\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1653179536-2399911319-13676569-1000\..Trusted Domains: eset.eu ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{289AE411-EA0B-4258-AD5D-F126A0456B52}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/02/01 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\BigPapa\Desktop\otl logs
[2014/01/27 19:41:12 | 000,021,704 | ---- | C] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys
[2014/01/27 19:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Stream
[2014/01/14 18:17:36 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/14 18:17:36 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/14 18:17:22 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/09 15:49:24 | 000,000,000 | ---D | C] -- C:\Users\BigPapa\Documents\Work for Mom

========== Files - Modified Within 30 Days ==========

[2014/02/01 15:29:51 | 000,000,132 | ---- | M] () -- C:\Users\BigPapa\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/02/01 15:21:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/01 15:09:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BigPapa\Desktop\OTL.exe
[2014/01/27 19:52:41 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/27 19:52:41 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/27 19:43:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2014/01/22 11:56:20 | 3152,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/20 13:09:53 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/20 13:09:53 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/20 13:09:53 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/20 13:07:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2014/01/15 03:26:30 | 004,953,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/13 21:23:55 | 000,000,132 | ---- | M] () -- C:\Users\BigPapa\AppData\Roaming\Adobe Targa Format CS5 Prefs

========== Files Created - No Company Name ==========

[2014/01/27 19:43:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2014/01/27 19:42:20 | 000,002,533 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTether.lnk
[2014/01/20 13:07:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/12/13 15:41:08 | 000,000,132 | ---- | C] () -- C:\Users\BigPapa\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2013/11/17 01:39:22 | 000,002,347 | ---- | C] () -- C:\Users\BigPapa\AppData\Local\recently-used.xbel
[2013/11/16 17:36:25 | 000,061,645 | ---- | C] () -- C:\Users\BigPapa\temp__005_autosave.map
[2013/11/16 17:36:25 | 000,003,753 | ---- | C] () -- C:\Users\BigPapa\temp__005_autosave.darkradiant
[2013/11/16 17:31:24 | 000,061,744 | ---- | C] () -- C:\Users\BigPapa\temp__005.map
[2013/11/16 17:31:24 | 000,061,744 | ---- | C] () -- C:\Users\BigPapa\temp__005.bak
[2013/11/16 17:31:24 | 000,003,753 | ---- | C] () -- C:\Users\BigPapa\temp__005.darkradiant.bak
[2013/11/16 17:31:24 | 000,003,753 | ---- | C] () -- C:\Users\BigPapa\temp__005.darkradiant
[2013/11/16 15:33:53 | 000,061,201 | ---- | C] () -- C:\Users\BigPapa\temp__040_autosave.map
[2013/11/16 15:33:53 | 000,003,753 | ---- | C] () -- C:\Users\BigPapa\temp__040_autosave.darkradiant
[2013/11/16 15:28:53 | 000,045,762 | ---- | C] () -- C:\Users\BigPapa\temp__040.map
[2013/11/16 15:28:53 | 000,003,202 | ---- | C] () -- C:\Users\BigPapa\temp__040.darkradiant
[2013/11/16 13:03:55 | 000,044,644 | ---- | C] () -- C:\Users\BigPapa\temp__003_autosave.map
[2013/11/16 13:03:55 | 000,003,132 | ---- | C] () -- C:\Users\BigPapa\temp__003_autosave.darkradiant
[2013/11/16 12:48:55 | 000,028,705 | ---- | C] () -- C:\Users\BigPapa\temp__003.map
[2013/11/16 12:48:55 | 000,002,012 | ---- | C] () -- C:\Users\BigPapa\temp__003.darkradiant
[2013/11/16 12:28:20 | 000,028,608 | ---- | C] () -- C:\Users\BigPapa\temp__002_autosave.map
[2013/11/16 12:28:20 | 000,002,012 | ---- | C] () -- C:\Users\BigPapa\temp__002_autosave.darkradiant
[2013/11/16 11:53:45 | 000,025,624 | ---- | C] () -- C:\Users\BigPapa\temp__002.map
[2013/11/16 11:53:45 | 000,001,732 | ---- | C] () -- C:\Users\BigPapa\temp__002.darkradiant
[2013/11/15 20:12:22 | 000,029,882 | ---- | C] () -- C:\Users\BigPapa\temp_autosave.map
[2013/11/15 20:12:22 | 000,002,012 | ---- | C] () -- C:\Users\BigPapa\temp_autosave.darkradiant
[2013/11/14 20:32:23 | 000,022,423 | ---- | C] () -- C:\Users\BigPapa\temp.map
[2013/11/14 20:32:23 | 000,021,554 | ---- | C] () -- C:\Users\BigPapa\temp.bak
[2013/11/14 20:32:23 | 000,001,416 | ---- | C] () -- C:\Users\BigPapa\temp.darkradiant.bak
[2013/11/14 20:32:23 | 000,001,416 | ---- | C] () -- C:\Users\BigPapa\temp.darkradiant
[2013/06/25 22:35:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2013/06/25 22:33:50 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2013/06/25 22:33:50 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2013/06/02 23:24:47 | 000,867,301 | ---- | C] () -- C:\Users\BigPapa\AppData\Local\census.cache
[2013/06/02 23:24:09 | 000,121,341 | ---- | C] () -- C:\Users\BigPapa\AppData\Local\ars.cache
[2013/06/02 22:11:39 | 000,000,036 | ---- | C] () -- C:\Users\BigPapa\AppData\Local\housecall.guid.cache
[2013/04/21 14:02:15 | 000,000,258 | RHS- | C] () -- C:\Users\BigPapa\ntuser.pol
[2013/02/09 19:00:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/09 19:00:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/09 19:00:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/09 19:00:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/09 19:00:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/14 01:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 01:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 01:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/08/08 22:31:23 | 000,001,456 | ---- | C] () -- C:\Users\BigPapa\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/07/15 23:01:04 | 000,000,132 | ---- | C] () -- C:\Users\BigPapa\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/03 17:48:08 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/04/19 00:58:28 | 000,000,132 | ---- | C] () -- C:\Users\BigPapa\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2012/02/14 17:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 17:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/19 16:21:40 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\Audacity
[2012/03/02 15:49:14 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\Autodesk
[2012/10/20 10:20:25 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\Blender Foundation
[2012/04/14 13:42:27 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/12/07 11:34:10 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2013/11/16 12:22:55 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\DarkRadiant
[2012/04/12 14:47:40 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\Fingertapps
[2012/11/04 05:22:39 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\gtk-2.0
[2013/02/08 05:46:22 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\JOSM
[2012/08/26 16:13:57 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\KompoZer
[2013/11/29 19:22:47 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\kompozer.net
[2012/02/25 20:40:29 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\Leadertech
[2012/11/05 09:34:47 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\MonoDevelop-Unity
[2013/10/03 14:22:10 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\Notepad++
[2012/04/18 03:31:03 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\PACE Anti-Piracy
[2012/05/18 10:00:29 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/28 18:59:08 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\Tific
[2012/10/05 11:06:47 | 000,000,000 | ---D | M] -- C:\Users\BigPapa\AppData\Roaming\Unity
[2012/08/25 10:02:13 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Fingertapps
[2012/08/25 10:01:57 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Leadertech

========== Purity Check ==========



========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

<  %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML  >
[2010/11/21 02:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX  >
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\erdnt\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\WINDOWS\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: EXPLORER.EXE.3260.DMP  >
[2014/01/21 08:25:46 | 004,065,948 | ---- | M] () MD5=E207D505100CA029037A3118064711C8 -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\explorer.exe.3260.dmp
[2014/01/21 08:25:46 | 004,065,948 | ---- | M] () MD5=E207D505100CA029037A3118064711C8 -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\explorer.exe.3260.dmp

< MD5 for: EXPLORER.EXE.7264.DMP  >
[2013/11/03 22:39:09 | 003,972,101 | ---- | M] () MD5=F80263EF6254F0AFB18B1000E387DE98 -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\explorer.exe.7264.dmp
[2013/11/03 22:39:09 | 003,972,101 | ---- | M] () MD5=F80263EF6254F0AFB18B1000E387DE98 -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\explorer.exe.7264.dmp

< MD5 for: EXPLORER.EXE.MUI  >
[2010/11/21 02:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\WINDOWS\en-US\explorer.exe.mui
[2010/11/21 02:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2010/11/21 02:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\WINDOWS\SysWOW64\en-US\explorer.exe.mui
[2010/11/21 02:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-D5E97654.PF  >
[2014/02/01 15:46:44 | 000,030,094 | ---- | M] () MD5=2F9F6EDCC3917A523B9AC30F581DF20F -- C:\WINDOWS\Prefetch\EXPLORER.EXE-D5E97654.pf

< MD5 for: IEXPLORE.BAT  >
[2013/01/04 15:58:30 | 000,031,067 | ---- | M] () MD5=709A62B22C7BA09D875F765341E0FFFC -- C:\JRT\iexplore.bat

< MD5 for: IEXPLORE.EXE  >
[2012/06/02 06:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_0dbfc836999db0ca\iexplore.exe
[2013/01/08 20:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
[2013/05/16 21:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
[2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2012/06/29 00:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2013/07/26 01:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
[2013/08/10 01:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
[2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2013/02/22 02:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
[2012/05/17 17:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe
[2012/10/08 03:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2013/06/11 23:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[2012/08/24 06:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2013/04/05 00:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_0a122b746c443b42\iexplore.exe
[2013/06/11 19:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[2013/02/21 23:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
[2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[2013/08/10 01:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/08/09 23:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013/05/16 20:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
[2013/10/12 16:42:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=39D0074C59F6D1A62731942C7FA8B60B -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_167ae4781e4936f5\iexplore.exe
[2013/10/12 04:49:48 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=3C8C00380462B1023C9F8EA2A9A7A137 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_ffa340aa37f7ff34\iexplore.exe
[2013/02/21 23:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe
[2013/08/10 00:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[2012/10/08 07:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2012/05/17 21:51:05 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=4E99F42504A99D5024C2EFA015001937 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_0d43fc3580754114\iexplore.exe
[2012/08/24 05:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012/06/28 21:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
[2012/06/02 07:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe
[2012/08/24 02:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2013/04/30 02:10:55 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_16920d4a1e377ea4\iexplore.exe
[2013/01/08 17:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2013/07/25 22:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[2013/02/02 03:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe
[2010/11/20 22:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/10/24 23:45:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8AA8CFAF04E518C81E0C515585CD6AE4 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20861_none_ffa5e0b637f57e7b\iexplore.exe
[2013/07/26 00:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
[2013/10/25 02:41:14 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8E6225096C44271A88FD201C7188BDFC -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/10/25 02:41:14 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8E6225096C44271A88FD201C7188BDFC -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_167d6dbc1e46cfdd\iexplore.exe
[2013/05/16 22:02:08 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8F00471CA24ADF8D2AFAACF856EB70A4 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_ffaaf8f037f2b0df\iexplore.exe
[2011/06/21 15:17:14 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2013/06/11 21:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
[2013/10/12 02:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_09f7eafc6c58c12f\iexplore.exe
[2013/10/25 00:22:15 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9ED469260687108F5F8FD544D56ABC54 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/10/25 00:22:15 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9ED469260687108F5F8FD544D56ABC54 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_20d2180e52a791d8\iexplore.exe
[2013/02/01 23:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[2013/10/24 20:16:38 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=A8130AEDCC06FBDEBEC8E34732C01A16 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20861_none_09fa8b086c564076\iexplore.exe
[2013/02/02 02:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe
[2013/04/05 01:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
[2012/11/15 22:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2013/02/22 02:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe
[2012/06/02 03:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
[2010/11/20 22:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2013/06/12 02:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe
[2013/04/05 02:53:33 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_169485781e35646f\iexplore.exe
[2012/10/08 03:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2013/09/22 18:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013/10/12 02:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\WINDOWS\erdnt\cache86\iexplore.exe
[2013/10/12 02:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_20cf8eca52a9f8f0\iexplore.exe
[2013/09/22 19:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/02/01 23:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[2013/04/05 02:23:03 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=DE751E18F8DBF7BCCE46989CBA4A9828 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_ffbd812237e37947\iexplore.exe
[2013/04/30 02:10:57 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_20e6b79c5298409f\iexplore.exe
[2013/07/26 00:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[2013/09/22 20:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2012/06/28 18:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[2013/05/16 22:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=EDC77CF787FA015205936C9A3228486E -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_1683e1601e42b514\iexplore.exe
[2013/01/08 19:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013/01/08 16:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2011/06/21 15:17:14 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2012/10/08 06:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012/11/13 21:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2013/09/22 20:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
[2012/05/17 20:37:57 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=F8B2D47ED17C1D087D14EC747E5AC57A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_0dbdc7a2999f7e1c\iexplore.exe
[2012/11/14 02:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe

< MD5 for: IEXPLORE.EXE.11804.DMP  >
[2013/05/24 14:59:19 | 006,578,247 | ---- | M] () MD5=A8CED430E0FB9E1BBDD32162F07377BC -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.11804.dmp
[2013/05/24 14:59:19 | 006,578,247 | ---- | M] () MD5=A8CED430E0FB9E1BBDD32162F07377BC -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.11804.dmp

< MD5 for: IEXPLORE.EXE.12568.DMP  >
[2013/05/08 18:55:57 | 006,083,201 | ---- | M] () MD5=202FE7D1F64A8ED207A8941D37AF358F -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.12568.dmp
[2013/05/08 18:55:57 | 006,083,201 | ---- | M] () MD5=202FE7D1F64A8ED207A8941D37AF358F -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.12568.dmp

< MD5 for: IEXPLORE.EXE.3352.DMP  >
[2013/09/02 01:43:09 | 010,708,205 | ---- | M] () MD5=A9F7D7D70B1D7291B040FF152135CC7C -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.3352.dmp
[2013/09/02 01:43:09 | 010,708,205 | ---- | M] () MD5=A9F7D7D70B1D7291B040FF152135CC7C -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.3352.dmp

< MD5 for: IEXPLORE.EXE.3544.DMP  >
[2013/09/03 14:19:32 | 008,498,493 | ---- | M] () MD5=794DA659E77396663A786E3FBBBD998A -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.3544.dmp
[2013/09/03 14:19:32 | 008,498,493 | ---- | M] () MD5=794DA659E77396663A786E3FBBBD998A -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.3544.dmp

< MD5 for: IEXPLORE.EXE.40672.DMP  >
[2013/05/13 15:54:21 | 013,310,898 | ---- | M] () MD5=0444FCA20EA630FE5A2CDD84B786EEAE -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.40672.dmp
[2013/05/13 15:54:21 | 013,310,898 | ---- | M] () MD5=0444FCA20EA630FE5A2CDD84B786EEAE -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.40672.dmp

< MD5 for: IEXPLORE.EXE.43944.DMP  >
[2013/05/13 15:05:26 | 011,211,422 | ---- | M] () MD5=569451A9A6B250B5C2442181692563DB -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.43944.dmp
[2013/05/13 15:05:26 | 011,211,422 | ---- | M] () MD5=569451A9A6B250B5C2442181692563DB -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.43944.dmp

< MD5 for: IEXPLORE.EXE.44928.DMP  >
[2013/05/13 15:05:31 | 010,354,080 | ---- | M] () MD5=5B488AC6D6B2ED7DF76FBB61DAFCC3AF -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.44928.dmp
[2013/05/13 15:05:31 | 010,354,080 | ---- | M] () MD5=5B488AC6D6B2ED7DF76FBB61DAFCC3AF -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.44928.dmp

< MD5 for: IEXPLORE.EXE.7976.DMP  >
[2013/05/13 15:54:29 | 011,711,808 | ---- | M] () MD5=B1205ED450C298549A098802BE4EA508 -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.7976.dmp
[2013/05/13 15:54:29 | 011,711,808 | ---- | M] () MD5=B1205ED450C298549A098802BE4EA508 -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.7976.dmp

< MD5 for: IEXPLORE.EXE.8160.DMP  >
[2013/05/08 18:55:39 | 009,256,999 | ---- | M] () MD5=46199F0251770A3A2B22CA57081D5585 -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.8160.dmp
[2013/05/08 18:55:39 | 009,256,999 | ---- | M] () MD5=46199F0251770A3A2B22CA57081D5585 -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.8160.dmp

< MD5 for: IEXPLORE.EXE.8692.DMP  >
[2013/05/18 02:55:02 | 009,119,615 | ---- | M] () MD5=1FF727823865E616DA56392F709D501E -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.8692.dmp
[2013/05/18 02:55:02 | 009,119,615 | ---- | M] () MD5=1FF727823865E616DA56392F709D501E -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.8692.dmp

< MD5 for: IEXPLORE.EXE.9808.DMP  >
[2013/05/08 18:55:51 | 006,308,153 | ---- | M] () MD5=981E3386820653A9909801021B77C08E -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.9808.dmp
[2013/05/08 18:55:51 | 006,308,153 | ---- | M] () MD5=981E3386820653A9909801021B77C08E -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps\iexplore.exe.9808.dmp

< MD5 for: IEXPLORE.EXE.MUI  >
[2011/06/21 15:17:14 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2011/06/21 15:17:14 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/04/30 02:10:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/04/30 02:10:56 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/04/30 02:10:56 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/04/30 02:10:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\WINDOWS\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-058FE8F5.PF  >
[2014/02/01 15:57:25 | 000,248,466 | ---- | M] () MD5=9B9C4FD62B505BAAFBA8DD2DCDE67F8E -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-058FE8F5.pf

< MD5 for: SERVICES  >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG  >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/05/11 05:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.CSS  >
[2013/12/29 20:26:32 | 000,002,385 | ---- | M] () MD5=8049CA5D6AEAED346AD80F356A5CB626 -- C:\Users\BigPapa\Documents\Christmas\Clean & Press XPress website cleanup\db\css\services.css

< MD5 for: SERVICES.CSS.LNK  >
[2013/12/29 20:26:32 | 000,008,026 | ---- | M] () MD5=30DEAC08430761DE32CF631A14FAF214 -- C:\Users\BigPapa\AppData\Roaming\Microsoft\Windows\Recent\services.css.lnk

< MD5 for: SERVICES.DAT  >
[2013/02/02 19:47:04 | 000,001,508 | ---- | M] () MD5=687B06F8F906AE9FC4D92F16F19356C0 -- C:\JRT\services.dat

< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\WINDOWS\erdnt\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI  >
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.HTM  >
[2012/08/09 22:31:12 | 000,034,594 | ---- | M] () MD5=73844BEEADFB228085E1BB849F4EB694 -- C:\Users\BigPapa\Downloads\services.htm

< MD5 for: SERVICES.HTML  >
[2013/12/13 17:22:40 | 000,008,790 | ---- | M] () MD5=0B4B0CB5BBA43E8EC046AA7275835B33 -- C:\Users\BigPapa\Documents\Christmas\Clean & Press Xpress website\services.html
[2012/08/19 18:19:22 | 000,009,259 | ---- | M] () MD5=70608D53852BBC5549905890AF94B42B -- C:\Users\BigPapa\Documents\cdc website\prev html practice\services.html
[2012/09/02 10:33:20 | 000,009,703 | ---- | M] () MD5=92ADA9F54ADD3D04908EEE0FC3729191 -- C:\Users\BigPapa\Documents\cdc website\services.html

< MD5 for: SERVICES.JPG  >
[2012/08/09 23:29:14 | 000,002,115 | ---- | M] () MD5=40A0D2D2E469C7EFDE334C31D1D29247 -- C:\Users\BigPapa\Documents\cdc website\old\images\services.jpg
[2012/08/15 17:18:00 | 000,001,871 | ---- | M] () MD5=54956C7378CD6BC01280769A7969B903 -- C:\Users\BigPapa\Documents\cdc website\images\services.jpg
[2012/08/26 14:22:54 | 000,001,871 | ---- | M] () MD5=54956C7378CD6BC01280769A7969B903 -- C:\Users\BigPapa\Documents\cdc website\prev html practice\services.jpg
[2012/08/13 15:06:45 | 000,002,115 | ---- | M] () MD5=60E4316F78CFB850AF582BAA168947DB -- C:\Users\BigPapa\Documents\cdc website\old\images-new\services.jpg
[2012/08/09 23:27:00 | 000,002,115 | ---- | M] () MD5=A4052B60D9DA6AF9271908727BDE1A71 -- C:\Users\BigPapa\Documents\website practice\images\services.jpg

< MD5 for: SERVICES.LNK  >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF  >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC  >
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\SysWOW64\services.msc
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PHP  >
[2013/12/29 20:13:36 | 000,002,629 | ---- | M] () MD5=F7782178A747FE2927C150E94E1E8017 -- C:\Users\BigPapa\Documents\Christmas\Clean & Press XPress website cleanup\db\services.php

< MD5 for: SERVICES.PHP.LNK  >
[2013/12/29 20:12:00 | 000,006,582 | ---- | M] () MD5=D5F485EA2F4723A24EE58E75DBEA1AF9 -- C:\Users\BigPapa\AppData\Roaming\Microsoft\Windows\Recent\services.php.lnk

< MD5 for: SERVICES.PTXML  >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: WINLOGON.ADML  >
[2010/11/21 02:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX  >
[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE  >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\WINDOWS\erdnt\cache64\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/21 02:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/21 02:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

< MD5 for: WINLOGON.MFL  >
[2010/11/21 02:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2010/11/21 02:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF  >
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

<  %SYSTEMDRIVE%\*.* >
[2013/11/14 20:29:37 | 000,010,741 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/02/09 08:42:31 | 000,005,100 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2013/05/27 19:16:26 | 000,004,028 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2013/05/31 13:58:51 | 000,000,966 | ---- | M] () -- C:\AdwCleaner[S3].txt
[2013/11/14 20:33:27 | 000,010,934 | ---- | M] () -- C:\AdwCleaner[S4].txt
[2013/11/18 19:16:10 | 000,016,073 | ---- | M] () -- C:\ComboFix.txt
[2011/06/21 15:32:10 | 000,026,998 | R--- | M] () -- C:\dell.sdr
[2014/01/22 11:56:20 | 3152,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/31 13:24:53 | 3583,102,975 | -HS- | M] () -- C:\pagefile.sys
[2013/05/29 21:32:12 | 000,015,486 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_29.05.2013_22.29.25_log.txt
[2013/05/29 21:46:38 | 000,133,258 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_29.05.2013_22.32.19_log.txt
[2012/10/27 13:10:52 | 000,002,712 | ---- | M] () -- C:\{02B5292C-FF2D-4779-B5DC-5DF216DD40A0}
[2013/01/15 20:12:15 | 000,002,336 | ---- | M] () -- C:\{05940A61-2816-4B1F-AE96-D8F4815C63A4}
[2012/10/27 13:13:42 | 000,002,672 | ---- | M] () -- C:\{1455FFE8-BE43-4825-A097-C161963A4688}
[2012/10/13 05:13:48 | 000,002,816 | ---- | M] () -- C:\{233BBCA5-D7F9-4F28-A612-E9BD2FC28806}
[2013/01/07 22:05:22 | 000,002,440 | ---- | M] () -- C:\{2C3DE9B3-ADE4-4A67-A287-550443437449}
[2013/01/07 22:13:54 | 000,002,336 | ---- | M] () -- C:\{31DB37F6-F8F7-47CD-8638-7201A6CBFB9C}
[2013/01/07 22:10:08 | 000,002,456 | ---- | M] () -- C:\{34F392C8-E311-45FC-B8A7-7C0FA146E16E}
[2013/01/30 22:52:49 | 000,002,440 | ---- | M] () -- C:\{386C5091-4BBA-424C-A99F-FBB913D386B0}
[2012/10/20 11:45:35 | 000,002,440 | ---- | M] () -- C:\{7354A4EA-1F7A-4972-9CCF-1D8A3338DEE1}
[2012/10/20 11:57:46 | 000,002,592 | ---- | M] () -- C:\{736F3EA8-2A88-48AD-BAED-C22272E7F839}
[2013/01/15 20:10:11 | 000,002,456 | ---- | M] () -- C:\{7BA0F268-6EE0-4AF1-A6E5-4247379435A2}
[2013/04/21 22:24:04 | 000,002,960 | ---- | M] () -- C:\{7EEF044B-E272-4DE8-B4A2-C0F97C13866E}
[2012/10/27 12:58:32 | 000,002,456 | ---- | M] () -- C:\{826571A2-B621-4294-A826-B332C1100F27}
[2013/01/30 22:58:15 | 000,002,528 | ---- | M] () -- C:\{91C86FCE-4339-43DB-9991-C02228EA9B6C}
[2013/04/21 22:25:19 | 000,002,792 | ---- | M] () -- C:\{98155DB3-0E3C-4430-BEFF-71FD3C5D3B3A}
[2013/01/30 22:55:30 | 000,002,464 | ---- | M] () -- C:\{A051F5A8-A17B-4ADA-94E5-854BA72A4002}
[2013/01/30 22:54:25 | 000,002,320 | ---- | M] () -- C:\{AABDF2EC-ECCF-4EF8-A12A-74FE24BD4E42}
[2012/10/27 13:06:13 | 000,002,592 | ---- | M] () -- C:\{ACE13285-97C5-47B4-A81B-AF1C769913A1}
[2013/01/15 20:07:30 | 000,002,440 | ---- | M] () -- C:\{B5D56F34-C417-480F-9EB0-0A796EA74138}
[2012/05/04 21:21:15 | 000,002,296 | ---- | M] () -- C:\{B8960B32-E6D8-4092-B7A7-0E62709E17A8}
[2013/09/02 03:37:19 | 000,030,896 | ---- | M] () -- C:\{BD433D42-6091-40B8-B2F7-B1AC54CDA7A0}
[2012/05/04 21:26:49 | 000,002,592 | ---- | M] () -- C:\{C7C4C159-2246-4045-9C70-B51CFDF188F7}
[2012/12/14 21:01:57 | 000,000,272 | ---- | M] () -- C:\{CD621917-66E7-450F-8CBA-8E09A318BBC0}
[2012/10/13 05:09:29 | 000,002,864 | ---- | M] () -- C:\{CD871C41-A9FC-4986-8DA5-57277DCF5DAE}
[2013/01/07 22:07:26 | 000,002,320 | ---- | M] () -- C:\{CFEC71FB-26EF-4419-8737-456DA1D53B8A}
[2012/10/13 05:11:10 | 000,002,424 | ---- | M] () -- C:\{D97762AA-7399-4F28-81E4-5953EFC73592}
[2012/09/13 05:18:48 | 000,003,680 | ---- | M] () -- C:\{E003921A-BE0C-47BE-86E1-593619D9B6D7}
[2013/02/07 04:09:15 | 000,002,600 | ---- | M] () -- C:\{E58DBFF1-EA65-4B0D-B860-04123F9C644B}
[2013/01/30 23:03:53 | 000,002,600 | ---- | M] () -- C:\{EC3F0508-ECA0-4BF9-8802-98A5E25C4DFD}
[2013/01/15 20:01:43 | 000,002,320 | ---- | M] () -- C:\{ED42D095-80F7-40F8-A9BC-4E249031212A}
[2013/01/07 22:12:22 | 000,002,456 | ---- | M] () -- C:\{F6ABD6F1-FE1C-4E91-95BE-46C35A3DB458}
[2012/05/04 21:30:03 | 000,002,704 | ---- | M] () -- C:\{FF5AE5AE-29F5-4F2C-81BB-76EFE74480FA}

<  %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

<  %systemroot%\Fonts\*.dll >

<  %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

<  %systemroot%\Fonts\*.ini2 >

<  %systemroot%\Fonts\*.exe >

<  %systemroot%\system32\spool\prtprocs\w32x86\*.* >

<  %systemroot%\REPAIR\*.bak1 >

<  %systemroot%\REPAIR\*.ini >

<  %systemroot%\system32\*.jpg >

<  %systemroot%\*.jpg >

<  %systemroot%\*.png >

<  %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

<  %systemroot%\*._sy >

<  %APPDATA%\Adobe\Update\*.* >

<  %ALLUSERSPROFILE%\Favorites\*.* >

<  %APPDATA%\Microsoft\*.* >

<  %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

<  %APPDATA%\Update\*.* >

<  %systemroot%\*. /mp /s >

<  dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is E0F5-87F5
Directory of C:\
07/14/2009  12:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
Directory of C:\ProgramData
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users
07/14/2009  12:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
Directory of C:\Users\All Users
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\BigPapa
02/25/2012  08:36 PM    <JUNCTION>     Application Data [C:\Users\BigPapa\AppData\Roaming]
02/25/2012  08:36 PM    <JUNCTION>     Cookies [C:\Users\BigPapa\AppData\Roaming\Microsoft\Windows\Cookies]
02/25/2012  08:36 PM    <JUNCTION>     Local Settings [C:\Users\BigPapa\AppData\Local]
02/25/2012  08:36 PM    <JUNCTION>     My Documents [C:\Users\BigPapa\Documents]
02/25/2012  08:36 PM    <JUNCTION>     NetHood [C:\Users\BigPapa\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/25/2012  08:36 PM    <JUNCTION>     PrintHood [C:\Users\BigPapa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/25/2012  08:36 PM    <JUNCTION>     Recent [C:\Users\BigPapa\AppData\Roaming\Microsoft\Windows\Recent]
02/25/2012  08:36 PM    <JUNCTION>     SendTo [C:\Users\BigPapa\AppData\Roaming\Microsoft\Windows\SendTo]
02/25/2012  08:36 PM    <JUNCTION>     Start Menu [C:\Users\BigPapa\AppData\Roaming\Microsoft\Windows\Start Menu]
02/25/2012  08:36 PM    <JUNCTION>     Templates [C:\Users\BigPapa\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\BigPapa\AppData\Local
02/25/2012  08:36 PM    <JUNCTION>     Application Data [C:\Users\BigPapa\AppData\Local]
02/25/2012  08:36 PM    <JUNCTION>     History [C:\Users\BigPapa\AppData\Local\Microsoft\Windows\History]
02/25/2012  08:36 PM    <JUNCTION>     Temporary Internet Files [C:\Users\BigPapa\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\BigPapa\Documents
02/25/2012  08:36 PM    <JUNCTION>     My Music [C:\Users\BigPapa\Music]
02/25/2012  08:36 PM    <JUNCTION>     My Pictures [C:\Users\BigPapa\Pictures]
02/25/2012  08:36 PM    <JUNCTION>     My Videos [C:\Users\BigPapa\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Default
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  12:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  12:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  12:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  12:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Default\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\norton
10/27/2013  01:22 PM    <JUNCTION>     Application Data [C:\Users\norton\AppData\Roaming]
10/27/2013  01:22 PM    <JUNCTION>     Cookies [C:\Users\norton\AppData\Roaming\Microsoft\Windows\Cookies]
10/27/2013  01:22 PM    <JUNCTION>     Local Settings [C:\Users\norton\AppData\Local]
10/27/2013  01:22 PM    <JUNCTION>     My Documents [C:\Users\norton\Documents]
10/27/2013  01:22 PM    <JUNCTION>     NetHood [C:\Users\norton\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/27/2013  01:22 PM    <JUNCTION>     PrintHood [C:\Users\norton\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/27/2013  01:22 PM    <JUNCTION>     Recent [C:\Users\norton\AppData\Roaming\Microsoft\Windows\Recent]
10/27/2013  01:22 PM    <JUNCTION>     SendTo [C:\Users\norton\AppData\Roaming\Microsoft\Windows\SendTo]
10/27/2013  01:22 PM    <JUNCTION>     Start Menu [C:\Users\norton\AppData\Roaming\Microsoft\Windows\Start Menu]
10/27/2013  01:22 PM    <JUNCTION>     Templates [C:\Users\norton\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\norton\AppData\Local
10/27/2013  01:22 PM    <JUNCTION>     Application Data [C:\Users\norton\AppData\Local]
10/27/2013  01:22 PM    <JUNCTION>     History [C:\Users\norton\AppData\Local\Microsoft\Windows\History]
10/27/2013  01:22 PM    <JUNCTION>     Temporary Internet Files [C:\Users\norton\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\norton\Documents
10/27/2013  01:22 PM    <JUNCTION>     My Music [C:\Users\norton\Music]
10/27/2013  01:22 PM    <JUNCTION>     My Pictures [C:\Users\norton\Pictures]
10/27/2013  01:22 PM    <JUNCTION>     My Videos [C:\Users\norton\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Public\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\User2
08/25/2012  10:00 AM    <JUNCTION>     Application Data [C:\Users\User2\AppData\Roaming]
08/25/2012  10:00 AM    <JUNCTION>     Cookies [C:\Users\User2\AppData\Roaming\Microsoft\Windows\Cookies]
08/25/2012  10:00 AM    <JUNCTION>     Local Settings [C:\Users\User2\AppData\Local]
08/25/2012  10:00 AM    <JUNCTION>     My Documents [C:\Users\User2\Documents]
08/25/2012  10:00 AM    <JUNCTION>     NetHood [C:\Users\User2\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/25/2012  10:00 AM    <JUNCTION>     PrintHood [C:\Users\User2\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/25/2012  10:00 AM    <JUNCTION>     Recent [C:\Users\User2\AppData\Roaming\Microsoft\Windows\Recent]
08/25/2012  10:00 AM    <JUNCTION>     SendTo [C:\Users\User2\AppData\Roaming\Microsoft\Windows\SendTo]
08/25/2012  10:00 AM    <JUNCTION>     Start Menu [C:\Users\User2\AppData\Roaming\Microsoft\Windows\Start Menu]
08/25/2012  10:00 AM    <JUNCTION>     Templates [C:\Users\User2\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\User2\AppData\Local
08/25/2012  10:00 AM    <JUNCTION>     Application Data [C:\Users\User2\AppData\Local]
08/25/2012  10:00 AM    <JUNCTION>     History [C:\Users\User2\AppData\Local\Microsoft\Windows\History]
08/25/2012  10:00 AM    <JUNCTION>     Temporary Internet Files [C:\Users\User2\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\User2\Documents
08/25/2012  10:00 AM    <JUNCTION>     My Music [C:\Users\User2\Music]
08/25/2012  10:00 AM    <JUNCTION>     My Pictures [C:\Users\User2\Pictures]
08/25/2012  10:00 AM    <JUNCTION>     My Videos [C:\Users\User2\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              81 Dir(s)  870,377,230,336 bytes free

<  %systemroot%\System32\config\*.sav >

<  %PROGRAMFILES%\bak. /s >

<  %systemroot%\system32\bak. /s >

<  %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

<  %systemroot%\system32\config\systemprofile\*.dat /x >

<  %systemroot%\*.config >

<  %systemroot%\system32\*.db >

<  %PROGRAMFILES%\Internet Explorer\*.dat >

<  %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/02/25 20:24:33 | 000,000,221 | -HS- | M] () -- C:\Users\BigPapa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

<  %USERPROFILE%\Desktop\*.exe >
[2013/11/15 19:16:46 | 001,085,542 | ---- | M] () -- C:\Users\BigPapa\Desktop\adwcleaner.exe
[2013/02/18 13:28:56 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\BigPapa\Desktop\aswMBR.exe
[2013/11/18 18:09:00 | 005,146,764 | R--- | M] (Swearware) -- C:\Users\BigPapa\Desktop\ComboFix.exe
[2013/11/15 00:45:29 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\BigPapa\Desktop\HiJackThis.exe
[2013/06/02 22:09:14 | 002,406,064 | ---- | M] (Trend Micro Inc.) -- C:\Users\BigPapa\Desktop\HousecallLauncher64.exe
[2013/11/15 19:28:08 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\BigPapa\Desktop\JRT.exe
[2014/02/01 15:09:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BigPapa\Desktop\OTL.exe
[2013/05/28 21:46:18 | 000,791,040 | ---- | M] () -- C:\Users\BigPapa\Desktop\RogueKillerX64.exe
[2013/11/18 17:29:57 | 000,891,200 | ---- | M] () -- C:\Users\BigPapa\Desktop\SecurityCheck.exe
[2013/05/29 21:19:59 | 000,139,264 | ---- | M] () -- C:\Users\BigPapa\Desktop\SystemLook.exe
[2013/02/11 17:51:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\BigPapa\Desktop\TDSSKiller.exe
[2013/04/29 17:29:31 | 003,413,519 | ---- | M] () -- C:\Users\BigPapa\Desktop\zweifull.exe

<  %PROGRAMFILES%\Common Files\*.* >

<  %systemroot%\*.src >

<  %systemroot%\install\*.* >

<  %systemroot%\system32\DLL\*.* >

<  %systemroot%\system32\HelpFiles\*.* >

<  %systemroot%\system32\rundll\*.* >

<  %systemroot%\winn32\*.* >

<  %systemroot%\Java\*.* >

<  %systemroot%\system32\test\*.* >

<  %systemroot%\system32\Rundll32\*.* >

<  %systemroot%\AppPatch\Custom\*.* >

<  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

<  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >


    Advertisements

Register to Remove


#2 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 02 February 2014 - 04:49 AM

:welcome:

Hello BnTheMan,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***

2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***

3. Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo

#3 BnTheMan

BnTheMan

    Authentic Member

  • Authentic Member
  • PipPip
  • 100 posts

Posted 02 February 2014 - 08:37 AM

Hi Jo. I have the log that was created using SecurityCheck, but before I continue with Malwarebytes Anti-Rootkit, I need to ask a question. Since you are recommending me to backup my data, for the type of media I would like to use is an external hard drive. The hard drive came from an older computer that I think might have been infected. Without possibly transferring some sort of infection that the hard drive may have, is there a method that I can use that allows me to scan the drive before using? If I cannot scan the drive, then, is there a way to at least backup the documents from that hard drive prior to formatting it? Other than that, I do not have any source of media to backup my data on, in which that case I would need to get back to you within a couple of days before I could get some DVD's.



#4 BnTheMan

BnTheMan

    Authentic Member

  • Authentic Member
  • PipPip
  • 100 posts

Posted 02 February 2014 - 08:37 AM

Silly me, I forgot to post my SecurityCheck log....

Results of screen317's Security Check version 0.99.79 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled! 
Norton 360   
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.9.900.152 
Adobe Reader XI 
Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent```````` 
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````



#5 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 02 February 2014 - 09:00 AM

Hello BnTheMan,

you can only scan an external hard drive if it is connected to a pc.
Then scan it with your Norton and post the log here.

Or use a usb stick for the backup.

Your Norton360 should allow you Online Backup too.

Don't forget to backup your Norton Identity Safe logins, if they are in a local vault.
Graduate of the WTT Classroom
Cheers,
Jo

#6 BnTheMan

BnTheMan

    Authentic Member

  • Authentic Member
  • PipPip
  • 100 posts

Posted 03 February 2014 - 07:49 AM

Jo, I think you are missing my point. If I am correct, I thought I heard awhile ago, that when plugging in an infected USB media device to a PC, it is possible that it can transfer the infection to the PC as soon as you plug it in. Am I correct on this? If so, what precautions can I use to prevent this if I wanted to use this external device to backup my files? Or is it that this cannot be prevented, and I should use a USB stick? Also, I am unable to reach Norton backup, which is not relevant to explain why.



#7 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 03 February 2014 - 08:40 AM

Hi BnTheMan,

we can do one of two things:

1. wait until you have DVDs for a backup

2. disable Autorun for all media and devices
What Do You Do With an Infected CD, DVD, or Flash Drive?

Windows 7 and Vista users have it easier. Click Start, type autoplay, and press ENTER.
Uncheck Use AutoPlay for all media and devices.
Now you can safely insert the suspect media. But don't open or move any files on it just yet. Instead, scan the disc or drive with every antivirus and malware scanner you've got. You want to determine whether the files you need are infected, and if so, if they can be cleaned.


Graduate of the WTT Classroom
Cheers,
Jo

#8 BnTheMan

BnTheMan

    Authentic Member

  • Authentic Member
  • PipPip
  • 100 posts

Posted 04 February 2014 - 12:51 PM

Okay sorry the delay. I just finished converting an internal hard drive to an external hard drive case. So, hopefully everything works out and I can scan the drive. I should have an answer by tonight.

#9 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 06 February 2014 - 03:35 PM

still need help?


Graduate of the WTT Classroom
Cheers,
Jo

#10 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 08 February 2014 - 05:57 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Graduate of the WTT Classroom
Cheers,
Jo

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users