WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Mysearchdial issue [Solved]

Started by h1gg1 , Mar 02 2014 10:24 AM

Plus clean me thouroughly

This topic is locked

17 replies to this topic

#1 h1gg1

Authentic Member

Authentic Member
123 posts

Posted 02 March 2014 - 10:24 AM

ODL texts.

OTL logfile created on: 3/2/2014 3:43:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\steve\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 49.46% Memory free
5.74 Gb Paging File | 3.92 Gb Available in Paging File | 68.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.81 Gb Total Space | 71.50 Gb Free Space | 48.04% Space Free | Partition Type: NTFS
Drive D: | 148.88 Gb Total Space | 141.97 Gb Free Space | 95.35% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465.76 Gb Total Space | 282.89 Gb Free Space | 60.74% Space Free | Partition Type: NTFS

Computer Name: STEVE-TOSH | User Name: steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\steve\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\FindRight\FindRight.FirstRun.exe ()
PRC - C:\Program Files (x86)\FindRight\updateFindRight.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()

========== Modules (No Company Name) ==========

MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\_ssl.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\wx._controls_.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\wx._windows_.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\wx._gdi_.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\_hashlib.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\unicodedata.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\windows._lib_cacheinvalidation.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\_elementtree.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\pyexpat.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\win32file.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\PyWinTypes27.dll ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\win32security.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\win32api.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\_ctypes.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\wx._html2.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\_socket.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\win32inet.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\win32process.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\_multiprocessing.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\win32pdh.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\win32pipe.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\win32event.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\win32profile.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\select.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\wx._core_.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\wx._misc_.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\pysqlite2._sqlite.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\pythoncom27.dll ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\win32com.shell.shell.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\wx._wizard.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\win32ts.pyd ()
MOD - C:\Users\steve\AppData\Local\Temp\_MEI28842\win32crypt.pyd ()
MOD - C:\Program Files (x86)\FindRight\FindRight.FirstRun.exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Users\steve\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\steve\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()

========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (Update FindRight) -- C:\Program Files (x86)\FindRight\updateFindRight.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1085628055&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...=1085628055&ir=
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...=1085628055&ir=
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{C0D9125E-BCDF-42F0-869F-111CFC952579}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1085628055&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{A0245DA5-0C8E-444A-8D62-548C05CD5ED9}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mozilla%20firefox/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine: "Mysearchdial"
FF - prefs.js..browser.startup.homepage: "http://start.mysearc...1085628055&ir="
FF - prefs.js..extensions.enabledAddons: 008abed2-b43a-46c9-9a5b-a771c87b82da%401ad61d53-2bdc-4484-a26b-b888ecae1906.com:0.93.32
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mysearchdial.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3
FF - prefs.js..extensions.enabledAddons: %7B42e50651-9669-456e-9081-d5a836274274%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/11 12:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Extensions
[2014/03/02 15:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions
[2014/03/02 15:00:37 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2014/02/09 08:30:02 | 000,000,000 | ---D | M] ("weDownload Manager Pro") -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
[2014/03/02 15:00:38 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\ffxtlbr@mysearchdial.com
[2014/02/26 22:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData
[2014/02/26 22:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins
[2014/02/26 22:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode
[2014/02/08 23:49:24 | 000,207,637 | ---- | M] () (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\firefox@org.audiotube.xpi
[2014/02/26 05:19:14 | 000,008,049 | ---- | M] () (No name found) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi
[2014/03/02 15:00:41 | 000,002,401 | ---- | M] () -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\searchplugins\Mysearchdial.xml
[2014/02/14 16:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 16:38:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: {_signature:TeaYB5se+TN/l59kOB2JGz4Lq02YLbnzREEw9XAQ3+E=,_version:4,extensions:{ids:[ahfgeienlihckogmohjhadlkjgocpleb,blpcfgokakmgnkcojhhkbfbldkacnbeo,coobgpohoikkiipiblmjeljniedjpjpf,eemcgdkfndhakfknompkggombfjjjeno,mfehgcgbbipciphmccgaenjidiccnmng,pjkljhegncpnkpknbcohdijeoejaedia]},homepage:http://www.google.co...earch_provider:
CHR - homepage: {create_all_shortcuts:true,do_not_launch_chrome:true,import_history:false,import_search_engine:false,make_chrome_default:true,ping_delay:-60,skip_first_run_ui:false,verbose_logging:false},dns_prefetching:{host_referral_list:[2,[http://ad-apac.doubleclick.net/,[http://ads.rubiconpr...2984254343813]],[http://ad-emea.doubleclick.net/,[http://ad-emea.doubl...5503599978645]],[http://ad.doubleclick.net/,[http://googleads.g.d...6745476020354]],[http://ads.heias.com/,[http://ads.heias.com...6525344788971]],[http://ams1.ib.adnxs.com/,[http://cdn.flashtalk...6455438143852]],[http://assets.zendesk.com/,[http://assets.zendes...5999411921652]],[http://b3-uk.mookie1.com/,[http://e.nexac.com/,...3714495520542]],[http://bcp.crwdcntrl.net/,[http://bcp.crwdcntrl...9769221390867]],[http://ct1.addthis.com/,[http://aidps.atdmt.c...6241343833072]],[http://dp2.specificclick.net/,[http://b.scorecardre...4354218957534]],[http://emea-bidder.mathtag.com/,[http://ad.doubleclic...7105595980861]],[http://forum.ctc.org.uk/,[http://ajax.googleap...2984254343813]],[http://googleads.g.doubleclick.net/,[http://emea-bidder.m...8504174173832]],[http://gotoshop.virginmedia.com/,[http://ad.doubleclic...6102865362829]],[http://optimized-by....conproject.com/,[http://a.scorecardre...6525344788971]],[http://platform.twitter.com/,[http://cdn.api.twitt...4444411627724]],[http://srx.au.ebayrtm.com/,[http://ad-apac.doubl...2984254343813]],[http://store.virginmedia.com/,[http://virgin.inq.co...8175401910324]],[http://tags.bluekai.com/,[http://cm.g.doublecl...5999411921652]],[http://tap2-cdn.rubiconproject.com/,[http://ads.p161.net/...4354218957534]],[http://virgin.inq.com/,[http://store.virginm...4681347249376]],[http://www.beewee.org.uk/,[http://www.beewee.or...8904784593297]],[http://www.bikeforums.net/,[http://b.scorecardre...7691368222829]],[http://www.ctc.org.uk/,[http://ct1.addthis.c...2984254343813]],[http://www.ctcshop.org.uk/,[http://d3io1k5o0zdpq...7691368222829]],[http://www.dailymail.co.uk/,[http://ad.yieldmanag...5295730496120]],[http://www.ebay.co.uk/,[http://ad-emea.doubl...5348279254952]],[http://www.ebay.com.au/,[http://ad-apac.doubl...7691368222829]],[http://www.facebook.com/,[http://static.ak.fbc...0903328583551]],[http://www.freenewswebsite.com/,[http://www.google-an...9416085407748]],[http://www.google.co.uk/,[http://lh4.googleuse...2086570657060]],[http://www.google.com/,[http://www.google.co...4439670053731]],[http://www.halifax.co.uk/,[http://ad-emea.doubl...5335319191497]],[http://www.hannan-uk.com/,[http://c.statcounter...6084614441109]],[http://www.jzx100.com/,[http://cm.g.doublecl...7691368222829]],[http://www.kickstarter.com/,[http://api.mixpanel....7105595980861]],[http://www.rightmove.co.uk/,[http://b.scorecardre...3166035031863]],[http://www.rutlandcycling.com/,[http://api-public.ad...7691368222829]],[http://www.thesamba.com/,[http://i517.photobuc...7105595980861]],[http://www.timetriallingforum.co.uk/,[http://i2.wp.com/,3....2984254343813]],[http://www.virginmedia.com/,[http://ad.yieldmanag...8067527882096]],[https://accounts.google.com/,[https://accounts.you...8994870919889]],[https://apis.google.com/,[https://apis.google....9476730092063]],[https://check.lloydstsb.co.uk/,[https://check.lloyds...9614810014193]],[https://check2.halifax-online.co.uk/,[https://check2.halif...5335319191497]],[https://en-gb.facebook.com/,[https://fbcdn-dragon...4200465375926]],[https://mail.google.com/,[https://clients2.goo...2356671811124]],[https://plus.google.com/,[https://apis.google....8102097879814]],[https://plusone.google.com/,[https://plusone.goog...3395879477677]],[https://secure.halifax-online.co.uk/,[https://aa.online-me...2360650398162]],[https://www.google.com/,[https://fonts.google...4616119918744]],[https://www.halifax-online.co.uk/,[https://ad-emea.doub...3763608113506]],[https://www.rutlandcycling.com/,[https://seal.thawte....],startup_list:[1,http://www.google.com/]},download:{directory_upgrade:true},extensions:{autoupdate:{last_check:13004636827181370,next_check:13004737106323928},blacklistupdate:{lastpingday:13004611207991370,version:0.0.0.139},chrome_url_overrides:{bookmarks:[chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html]},known_disabled:null,last_chrome_version:24.0.1312.57,settings:{aakhlmakppmkkmfkoibponkmmpgpmjgl:{blacklist:true},aandpgohbohmlknpjbblpmoladhoochg:{blacklist:true},abciiempgohamehppammbkhkicmkgkob:{blacklist:true},abfclfmhaemoockhhinpplncjehfpdbd:{blacklist:true},acmpfcamncegnhjdeiodgilikjafcamg:{blacklist:true},acomnmbomlajgjbcijkflekoojdfcldj:{blacklist:true},aconhjfogglfnkjhkjipaifepjklolog:{blacklist:true},aebfkgcamgnimcbnbiopgdakknjgggnm:{blacklist:true},aemcjbfajnnmhblifaejadoecfoaebld:{blacklist:true},afenhmponmfmdmbmccbmglppcmjhmhmh:{blacklist:true},aglmapjbjphdidmnileogpjkgpdoliep:{blacklist:true},agmhonoepgcnakccfpidhjehlocaeaaj:{blacklist:true},ahfgeienlihckogmohjhadlkjgocpleb:{active_permissions:{api:[appNotifications,management,webstorePrivate]},app_launcher_ordinal:n,page_ordinal:n},ahjfgnikolodijnpakeknpilnemojlhc:{blacklist:true},aieglpnmmhleoenpbmfaffppfomgjmba:{blacklist:true},aieihijcjcccdiepockaiekhpflicdii:{blacklist:true},aifmjmboebdkdelpjenakhaodgneempp:{blacklist:true},ajlkjjdbgcjdiklbcomhnfghjigfccoh:{blacklist:true},akadaakimgegecohlifeejdnnjbnobop:{blacklist:true},akbdojiajlefghcdclgkgmbbljamgehd:{blacklist:true},alcbnnpmipohgdllkkglhkbncijplago:{blacklist:true},aldalonecchncedclgcndcndgilaclnk:{blacklist:true},alfahpoknocfdebmiclonikapcnljlob:{blacklist:true},aljdncnajablgppdcfbehhmidlmbndda:{blacklist:true},amfgdngndpfldigimkcindjalokfnmem:{blacklist:true},amoobcjlpgloocplpikcldcpjjdnoeii:{blacklist:true},anmjpohfnlopdfaojooicpemopnliimn:{blacklist:true},aofechiiopolnegcjcddgedjabmkemhf:{blacklist:true},aojicjocmihiopalnhjikigammkhgckb:{blacklist:true},apdebchnkegjokdjplmfmepcdgneemhe:{blacklist:true},apdmgffkfhjfeejmbjidennfjdkmmmbl:{blacklist:true},aphncaagnlabkeipnbbicmcahnamibgb:{blacklist:true},bandboadndbkchlpicmfkpoedgnocblf:{blacklist:true},bcddmcejgphfgofbpoocakaeapfomlek:{blacklist:true},bdgijcibmhjjccgbdohofncdjcophknj:{blacklist:true},benclngoadbppljglhphhnfknoppmjoa:{blacklist:true},bhdkpmneahdelgdgfhddianklldfoell:{blacklist:true},bhmahaiplmeodpakkcchmolaihbhkpdl:{blacklist:true},bilgncckogfgfipdlejkffnbkgjkmflh:{blacklist:true},bioeopenmokdgbekbgpgnacecjmpckbb:{blacklist:true},bjihddggcgnblgojnmhpnngonofbnkaj:{blacklist:true},bkhafliomebnpccanacmlfaemgfiofko:{blacklist:true},bkkchglolnigbfncnbnnbhhempjkdpkf:{blacklist:true},bkplhcigeaiiliajeehehiikokgocbhb:{blacklist:true},bldgnkigdcpgnbfehgbameigoohecdfl:{blacklist:true},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,active_permissions:{api:[appNotifications]},app_launcher_ordinal:x,creation_flags:153,exclude_from_sideload_wipeout:true,from_bookmark:true,from_webstore:true,granted_permissions:{api:[appNotifications]},install_time:13004233702425898,lastpingday:13004611207975370,location:1,manifest:{app:{launch:{container:tab,web_url:http://www.youtube.com/},web_content:{enabled:true,origin:http://www.youtube.com}},current_locale:en_US,default_locale:en,description:The world's most popular online video community.,icons:{128:128.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB,name:YouTube,permissions:[appNotifications],update_url:http://clients2.google.com/service/update2/crx,version:4.2.5},page_ordinal:n,path:blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0,state:1,was_installed_by_default:true},bndahdijlcnncjbpammoedeapmlobllc:{blacklist:true},bnffnggkphadlnoopcoakdnkellnifjp:{blacklist:true},boaoagnmpennjoigkkmnjhecapibhfko:{blacklist:true},boclfockfmgcppbajihcgajhpggaakgl:{blacklist:true},bokkificjhapflinbdejegngffgkcgfe:{blacklist:true},caphkimknlmnhpjoneddiaakmcaajagb:{blacklist:true},cbbbpmlnlpnjojeplppgeilanlihoojg:{blacklist:true},cbbjhegipokkofhhicbckicchjpcpeni:{blacklist:true},cbhhdkemlehgodemcigfabmcdnohhhef:{blacklist:true},cbjlfaogacjpkplebfbijaakaifoflno:{blacklist:true},cdogaeccgljmkecjmoedambgiekkllij:{blacklist:true},cedclbokcakighlpbnbhfjffdjeihfdp:{blacklist:true},cekdjgnecpoooikhmceokdhojckkkhmh:{blacklist:true},cepfogmgfkddnllaopgknbdfkceejmhk:{blacklist:true},cfbdodejdeejbkffcmiaknpmojjeibpn:{blacklist:true},cfnfobbpdaccoljfahpmfjdmbfmmkeof:{blacklist:true},cfogpbanfnocakdckmgafapdlmclpiln:{blacklist:true},cgnegjfmdfenjojhjffejinpnpoglmlh:{blacklist:true},cgnkbnaiipmfbakpmhllalggoepniemh:{blacklist:true},cihlkpohodpdkdnfalhdkhhlhmhffmbe:{blacklist:true},cjhklhdjonhcohlacgggcbklpnldleck:{blacklist:true},cjohbbapkbkkhpohinffggbphnhoblea:{blacklist:true},ckckpgefkpjfopjppjfcikppehdhceah:{blacklist:true},ckphhghhpjbfddcgkpfbelfeojcciglo:{blacklist:true},clapnamcglekekmamicmbahkghdcjaeh:{blacklist:true},clfhanhcjmgjnbpjfopldmnabimhmcmp:{blacklist:true},cmjphjljejnfgdbkdgdlclaabimpknna:{blacklist:true},cmlokmkdolieoaoddlfhaidnlmiadhik:{blacklist:true},cnimdnlablahacgompaahbgohcokcclp:{blacklist:true},coajchbkdbfhmhbgcjepiofllfjjcpfp:{blacklist:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,app_launcher_ordinal:w,creation_flags:153,exclude_from_sideload_wipeout:true,from_bookmark:true,from_webstore:true,install_time:13004233702302898,lastpingday:13004611207975370,location:1,manifest:{app:{launch:{web_url:http://www.google.com/webhp?source=search_app},urls:[*://www.google.com/search,*://www.google.com/webhp,*://www.google.com/imgres]},current_locale:en_US,default_locale:en,description:The fastest way to search the web.,icons:{128:128.png,16:16.png,32:32.png,48:48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB,name:Google Search,update_url:http://clients2.google.com/service/update2/crx,version:0.0.0.19},page_ordinal:n,path:coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0,state:1,was_installed_by_default:true},copjbedljgpkaakkmbhgkpoaadeahido:{blacklist:true},cpiiakoibaohkfoaijaigdnocfolnmll:{blacklist:true},dadcalgappognjbjpalfophhcfakoeac:{blacklist:true},danapgfidmepmcfbjjacceiaiiioieio:{blacklist:true},dbanhghadfmjndnjmmejdgfdmgidlbpm:{blacklist:true},dbiblcmlcgdjjbdpbmbcpineegngkiip:{blacklist:true},dbmdicehacbaohlockjgdglcobimmjkh:{blacklist:true},dejippphmhbpgckbhdidnjmdcpfccbaj:{blacklist:true},deocpjmfifplhepinpkmpinpnbiemfje:{blacklist:true},deonbedlmakdddidplniclflladdjoep:{blacklist:true},dfafokiagoiocidlpglcanjkcdbdnioi:{blacklist:true},dfoegfajplmijblljfancdapbdaopebb:{blacklist:true},dgaehaeahdegbdlenicbmkbakhdgoeml:{blacklist:true},dgcfmgdfbfbgcpbendbhbkfjppboebed:{blacklist:true},dgkemngdheppgohkjjelnkjmdeimmfml:{blacklist:true},dhclobcklknojliojkkclgjndemadnig:{blacklist:true},dibljdngacjhpccjckmlmeklpgjeinjd:{blacklist:true},digmihafmlfkgdbjjdgbcojghcgcoeoa:{blacklist:true},diinokaoicgobepmadnmedlhdfnpehcj:{blacklist:true},dinhjcapnfbffhiihdlnbdfjdjjfhcbk:{blacklist:true},djnahdkbfgnhgpakidinfonfcjbagkgp:{blacklist:true},dkhkecikbdfpoiopnnpoeglbdphgflmf:{blacklist:true},dlobhinihbmedmheccecfnkcadpehmbf:{blacklist:true},dmabikjmolgegjajdhmgpmgffajlmmkb:{blacklist:true},dmhgenmamfphbclmhdgmffajkfommkom:{blacklist:true},dmhjdbigobajgnfoabodjgmcdgoeoljm:{blacklist:true},dmkdhgkknhnfpdjeicefnpmhcpbimden:{blacklist:true},dnemhlkdpajbbniphgkgceplmnkfnhfo:{blacklist:true},doneghboglgnflpdicnkaojmmljgejkj:{blacklist:true},dpaphgcjeeochbiafgbochohgmpcmlbj:{blacklist:true},dpgenihgggagjjggfocjceeobjkadcbc:{blacklist:true},dpmloehicimdjkibmobhmpgdndgbcced:{blacklist:true},ebdcdchjcndpjhehacedepnggfdbfkpn:{blacklist:true},echjhfifjidfhoappglfmoffcpmpkigb:{blacklist:true},echngajnlpjeacbanjejlhcajjfoedcc:{blacklist:true},ecinfbhalenfhdhnljmkglajfjjfehoj:{blacklist:true},edmnikahahfkfilbbjbdoiabnghbkmjc:{blacklist:true},efbeabpbbkahnnjalakldjfhljboclkf:{blacklist:true},efhjelcghjkfigiagdfbfilndaffpmdj:{blacklist:true},efnaljpgehfilpmkhobibbjceeeondmn:{blacklist:true},egljdhfnbjahogjahnigfnbpidlmdagi:{blacklist:true},ehgoiaffgjoinpkllmmnikghgpghnabc:{blacklist:true},ehmjnpjodmgeocfphkjjnheiheehcoid:{blacklist:true},ehomcoocpagnlcakcbecdaknmacmedld:{blacklist:true},eiflkkehgogioennialfbilppmegcpoa:{blacklist:true},eihjeehdobnpkonebmpanonopghepfle:{blacklist:true},eijbdinddjecmebnlienfoijpjjobkjh:{blacklist:true},ejakhnjbomgngodiidgbkapjgbdckhnh:{blacklist:true},ejijgghlncnaphklndknkbkclebfboca:{blacklist:true},ejlekamipdcfcfpgfepjmklllbpeecaj:{blacklist:true},elcaigjcaijbfpjngaekbblphmfjdhfo:{blacklist:true},emcdpbapjmnjgoannclkongdfboaabho:{blacklist:true},eofejpelggimkodeojpeojnbijgiglgh:{blacklist:true},eopmhecjnginkckggjmhombbopmkjpam:{blacklist:true},epbmnbdplhcomkedpjfceakddnbgfjmf:{blacklist:true},fafoohpbicgbcejffcplajonhhooddle:{blacklist:true},fbhiehmngojjcmljddjmgpmcockbccmo:{blacklist:true},fbjjhbijaiopkcdolheliknnjlkaekeb:{blacklist:true},fcfepemfihgibdacjlnlecebknaaepmj:{blacklist:true},fclheclkknbgfndeahkfdomollhmfkcn:{blacklist:true},ffgfbfakpcnngelphjnppokmoicdollk:{blacklist:true},fhlkffpjoajppmhcakbkjndbjfljccpi:{blacklist:true},fiapkdjniadkodmdibdnchoifkpfoiid:{blacklist:true},fibgploapkhokkbncddlkcmbmiengcfp:{blacklist:true},fihepkmlkmciffbhijldnpmifhbkiinp:{blacklist:true},fiiblakkkkgeljngobmpeljjapemenhi:{blacklist:true},fjhfnfakmfcejgmfkmnapemgblmehppf:{blacklist:true},fjjeecfjmgfnleghoellhldedkaocjfc:{blacklist:true},fleljamdchegbjeiipbnmiebnhgheeld:{blacklist:true},flmmgcfcpbfddenepkfmgfpbaceolcoe:{blacklist:true},fmcccidacjgnfiafddkngmeolkoiihil:{blacklist:true},fmonlemffgbabjifjfaoamdflijecdbk:{blacklist:true},fngolbdmkneakeaoiieafkilnogbocda:{blacklist:true},fnhcgnmfccojojojacgeiaaeacefdohb:{blacklist:true},fnkaadkanmfgpfbmdcllhjdgmdbgljpi:{blacklist:true},fnnmbghphdnmmjdapccfobgjemjadeli:{blacklist:true},fnoadkjdjfgafomgmablhmffooijcfbn:{blacklist:true},foenbafkkmajnmfnlcmejonkfaipdmme:{blacklist:true},fomljmklmcefndkgpakgifbiiidgbjej:{blacklist:true},fommcgokigkhmnhlhlkckfjhefnmfohd:{blacklist:true},fopgndklnkecillfbdmfknhmadmenikm:{blacklist:true},fpbippbofbmgmbojjmgfcifpmdaelcmd:{blacklist:true},fpbkafpphnhlpakobppekmkebmbhkoco:{blacklist:true},fpjdackpllilinpkgmhkpidkanmccblc:{blacklist:true},fpmajanjndhgpifbcbnklbiehgnpkgmf:{blacklist:true},fpoajjnnpmledpmohlgpgbmlhbgkgahg:{blacklist:true},fpokembamndopkflopmplkklbdngnknd:{blacklist:true},gaicmfjflflabagobdiodejfpjikheeo:{blacklist:true},gandihaiobadcggbfkhpbkocmiemjlnf:{blacklist:true},gbenikfjhilhpgagllmfgggdjaflbmbi:{blacklist:true},gchbiabnbdikkgfhnkclecjncojnkmhb:{blacklist:true},gdggdkkjecogagaffaemnbfmllcoihjp:{blacklist:true},gekkhpjigmckhgmgngadbeknekgpgolb:{blacklist:true},gfjfhihpkmehdmblhfaikkipeplpdcla:{blacklist:true},gfmmoiakbmdohkgeoekiokjgljcminig:{blacklist:true},ggkpicnfnljflddbdoeeaajjgepapcbf:{blacklist:true},ghgphbmpcfgkfneodjpbdanmdoemklio:{blacklist:true},ghmaokcegalalefnhlfcnjhnpdbanjkj:{blacklist:true},gifglngcdbggmlgkcombebegdaoknkho:{blacklist:true},gjkbghdignnlcknknflbigpammebiolo:{blacklist:true},gjmhdmobkhfhkpfmfegnkkimlamjdldi:{blacklist:true},gkhbgnodbilglgholifcjdblbgdaieah:{blacklist:true},gkjeccpmibljcfpfapfljciimedljpnm:{blacklist:true},gkjmgdpdndoaiholejnmdbbpdaafahmm:{blacklist:true},glhhlafadlhkgbklgbjnmblfhnkfknbm:{blacklist:true},gmghjgfdialcnhadahmjefeflgnhcjeb:{blacklist:true},gnapdhmknipknfmhhnhdmhakdfhgeing:{blacklist:true},gncfgndgeoddelbfhlndhljnecoednaa:{blacklist:true},gngmkbiihflpghldjnbpemaicedhdddk:{blacklist:true},gobjcjhhebpjbmjdgmejhebbleadnceo:{blacklist:true},goedioiidkokkbobdnopnlnaaalniegm:{blacklist:true},gpgehbjbkfhngdlfpfeokjgbkmmokjhe:{blacklist:true},gplgjmecjpbfcdikpbicknafcnfcidek:{blacklist:true},hbaajkahagmlkdekmbdabikbopdgpaac:{blacklist:true},hbdhabpmbbanaopgkbaondabkkepjfaf:{blacklist:true},hbmlheccjkodhfejcmblndjodllmnlnl:{blacklist:true},hcapokajkngndbglnfglpfdpoeidmpha:{blacklist:true},hcpndbchnlgojmnijaldkicigmihmdca:{blacklist:true},hdijkiondgomjpehfhopomicjbiodmcm:{blacklist:true},hdnbmmfjbblajkjkcaeofolgfnljpnim:{blacklist:true},hecijapnccjhonbmacmkmffooodfokoo:{blacklist:true},hefmoncdemhjembgbnkgglhlookbipdc:{blacklist:true},hfcgbiofoebieldldghfocjfnnajmpej:{blacklist:true},hfjpjodbolkmheaehcnmfhjakjileoof:{blacklist:true},hfpfbhnmbbigpmoodjemilggabklpopj:{blacklist:true},hgbaomphocgmdpmiohjclchaaljpaelp:{blacklist:true},hgboiaecclcbjphldpbgfgggcbihmnai:{blacklist:true},hgjgaeknhmidehalnmokomhpfhbfmpcm:{blacklist:true},hhbihfbjoifhhebcnchglobmkmapgjkm:{blacklist:true},hhfffemhgkginfafaoapljdllodppana:{blacklist:true},hhfiljkpjapjjphcocclhhaldpfkkjbi:{blacklist:true},hhjmkijkgojfifipdgmiemghfikbohcm:{blacklist:true},hhlgbfcfbkhlmajakkcjippgpcmejkko:{blacklist:true},hilncbjbdpnfepdidfchmdclhpnlegpj:{blacklist:true},hjkhligcnpfjhjlapmejaiaiigibofif:{blacklist:true},hjnigaibahdeadcdnpnommdehajodlhc:{blacklist:true},hkbgccpdcpbdckohbknjlamamelcnlki:{blacklist:true},hkjcejgfmaanpncnpoidgbhoikcaeepd:{blacklist:true},hkjfdgjkgpbbdmadbglcgljjjddkcdha:{blacklist:true},hmmoglffhpmacaacfbbmbbkcbdkjphnc:{blacklist:true},hnbcdmfeoldeppcbnnjmjkdofohaljbn:{blacklist:true},hncomkjbbkchfjelocejkbbflmjhlhfp:{blacklist:true},hnipgljcblpgnnojcfldehpeknhakbgj:{blacklist:true},hnkcpoijaeegompjgbjjhkdmljldaccg:{blacklist:true},hnnebfeppcbhhbhiifeaajgcjnkljlld:{blacklist:true},hnonhhpgjnjcjfbkjdpfbkfpaodcmncb:{blacklist:true},hpcdoodjfcmpcpkeendjnjkeinimhkih:{blacklist:true},hpibmhghjndideebpackbdlpncgkcppp:{blacklist:true},iablioliielnhdianpbiijaoncbmfend:{blacklist:true},iccblehkchfmjgfafjcpjlkjcponhdhl:{blacklist:true},icihfeaofpcfehanhbnjigdlpfahjlee:{blacklist:true},idbdlnkdnaodonmgnimcfelpngbmcpjk:{blacklist:true},iedogbkombgmapifenoojnmpcnjighfm:{blacklist:true},iemfpgbdjfoihicbocpbjppipdbfimeh:{blacklist:true},ifbkndkaolfbjjhnnhfmkbkoclpdkpli:{blacklist:true},ifeijfpkjckedpclgncedmgdiaoeahmk:{blacklist:true},igaajdmlejbjcbmpmnigopikfdaccdcm:{blacklist:true},igbaoknfddliiaoimhehfbkfekpmmfll:{blacklist:true},igghanohiioehififjoalfkdoicafjof:{blacklist:true},iggjepemmdkieakihpomccndhdfcljdp:{blacklist:true},igkdgkdiiolilocklmiolkpoohacojop:{blacklist:true},ihnembcpodnfgkafmiojebccomjekopm:{blacklist:true},iiiinekimabooeihccihfopoadcaaphn:{blacklist:true},ijecjbcgpblkacpijljpaienknanaloa:{blacklist:true},ijenlpgidnapbndonoinbkhekgjonojg:{blacklist:true},ijjmbbddenkbenbcfldgghhjgjmcnioo:{blacklist:true},ilhjicgcglhjigdehkcehjdokmkahbjl:{blacklist:true},iljfgjkppapinhcgonhjnipfppfmfedh:{blacklist:true},ilmknaabackgdbnkgbihgpgiopnlkjek:{blacklist:true},imfbomjbodpfgfhfahlgkkcllmhbelhk:{blacklist:true},imkffpjpdngdkpgadcmnlkhhmhdocijn:{blacklist:true},indfhnliadamglhalanplbajgenpjdml:{blacklist:true},iobnpmeeecphddicmhhmdjbnlbdhjlne:{blacklist:true},iomejadoamfilglofmeaffghddcgapmf:{blacklist:true},jabpdgllijbnknhkgjideeajfofafckp:{blacklist:true},jaejgaoiipdjjlbnapngknalafalbkej:{blacklist:true},jafnimahlamccccjbkhjjpeiipiedpik:{blacklist:true},janhdpmhnighonkkbkdpnljcoenpfkbh:{blacklist:true},jbfebbkjjmkcoldeaeelhpconkmgjhbg:{blacklist:true},jbmbiepnidbnhbbfdbgioomdkgnbcacj:{blacklist:true},jbnafcjbcfgejacaanogofkkehcomamp:{blacklist:true},jcmipejepoimfflnoapdmkdephgjinck:{blacklist:true},jddbdddmbfencninofcgnodekclofpaj:{blacklist:true},jdiakcmbpmcnniggjcmcjknnklpdlogc:{blacklist:true},jeehjhnmgohgpfpjneglogiholalkeip:{blacklist:true},jfalnphfjdoalcdhlnhdpekbmmopkgkj:{blacklist:true},jfhmafmjfdblceidmfdmoihamolaaeco:{blacklist:true},jfjagidcpadkoaonbogmbgfimmnefeie:{blacklist:true},jgdkappiifgomhgikcjbanhnmlekpeje:{blacklist:true},jgmpapdckakiohhebmeoemejibommimi:{blacklist:true},jgoljhcbgajhbhnchplgjdkknendhjnn:{blacklist:true},jhhabiomopkibeecgngiggmopkeofacl:{blacklist:true},jindbcpkhnnnjgcjgmkjedbibibiojjf:{blacklist:true},jiofcofpcbijcnlpekdkpmgjdppajbjb:{blacklist:true},jjnkfllhcgkgnfbekpnmoikpfihpjfli:{blacklist:true},jkihmglffmfjedfbpbpdbbimcodjbmdh:{blacklist:true},jkmhalpofmlfeglboejbchpoijnkmcgh:{blacklist:true},jljfnkmkkdkppfndippkedacgfkafped:{blacklist:true},jmbkhogpjgjpfjhpdikloblkbkljkgao:{blacklist:true},jmeanodbelbflfmnkfdjgpikmldgjjko:{blacklist:true},jmifipgdcllamghkhdplfjffkciekbgo:{blacklist:true},jpehgolpfgnknboibogccapmdcadjkbd:{blacklist:true},jpeijjbllejgmokmahkeommcodahoobm:{blacklist:true},jpgidahfcgiajlcbleeiaibpmmblcmnb:{blacklist:true},jpkdlckejfjidmplieobnhijmoiecbhl:{blacklist:true},kbipembkfhbdmkkkfbigmohilmknjnof:{blacklist:true},kcanfkmhccbaheheaackijegkclkaeic:{blacklist:true},kcfnnanmpghdnoompcfclakpacapnfbn:{blacklist:true},kcgplbmkmfcpngilmhjmebdgkkpbdemp:{blacklist:true},kdchmeaiapjkejkcbeclgjklemecieeg:{blacklist:true},kdcnnmifdmlmjffdgeieikcokcogpbej:{blacklist:true},kdfahjokahcbmecgaandpobmgiiknagf:{blacklist:true},kdjhalklkkcmodeicjiaekcgifkcepaf:{blacklist:true},kelcbonmemlciepjdmfcifnhloeammhj:{blacklist:true},kelljdoinjlkmkncffgadbebgpmlcang:{blacklist:true},kffhenjbibjnbnjhlkcdlmpeccpaohio:{blacklist:true},kgbkdabomfdpfoibliicpmibceaoohgh:{blacklist:true},kgdhnhadbnpeibkghaebmhmngobdafag:{blacklist:true},kgdkcodealpfjolmiagcogfbgmaamegh:{blacklist:true},kgdmldjagfciieddcnlhampgkajkpanc:{blacklist:true},kibgmcdcfmcglajcfbecilngejnfppjp:{blacklist:true},kiipngoehgkgkackngaidmhmnchfbmio:{blacklist:true},kikjpgpbpnapbimplfcbcbakjacpgceb:{granted_permissions:{api:[tabs,cookies,notifications,contextMenus,webNavigation,webRequest,webRequestBlocking,unlimitedStorage,storage,proxy,webRequestInternal],explicit_host:[http://*/*,https://*...criptable_host:[http://*/*,https://*...ontent_scripts:[{all_frames:true,js:[js/lib/consts.js,js/lib/logging.js,js/lib/reports.js,js/lib/xhr.js,js/api/cookie.js,js/api/message.js,js/api/pageAction.js,js/lib/installer.js,js/lib/app_api.js],matches:[http://*/*,https://*/*],run_at:document_start}],content_security_policy:script-src 'self' 'unsafe-eval'; object-src 'self',description:Enhance your search results with direct download links and information for apps and games.,icons:{128:icons/icon128.png,16:icons/icon16.png,48:icons/icon48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCu8GEww/SpmxxDWtUIoK+qf7gcvMs9g2pbGq356uPGhNudUe1FfwbhK89mzTMusLcZY/bgjcC5z/NV5019ehcBC9Ss8CfVUB1F/f9ElNm4r3DA6OMpIY0n3LLjeoRWK55QZR53N1sQKE5xWAZl1Hx4vrLnnvS0aTkg10BGFHGIJQIDAQAB,manifest_version:2,name:weDownload Manager Pro,page_action:{default_icon:icons/actions/1.png,default_title:weDownload Manager Pro},permissions:[http://*/*,https://*...ible_resources:[crossriderManifest.json]},path:kikjpgpbpnapbimplfcbcbakjacpgceb\\1.25.32_0,state:1},kincjchfokkeneeofpeefomkikfkiedl:{blacklist:true},kinhljbhjmcmoddhdoodekeklmjapjff:{blacklist:true},kkhomejdleoonmbdhcigkhkjcghngncf:{blacklist:true},kleaapgdkahaekcocmkbgfainbhihccj:{blacklist:true},kljhmdlkclaglodecegamnpioaflmage:{blacklist:true},kmlebjoghkhpapfhbdikannggmmffnco:{blacklist:true},kojkdbedffnppdoalcfkkeelbhbklhgp:{blacklist:true},kolbbghckjilleabphhgeggcgpfidofi:{blacklist:true},lambangeielkjcnmioccboaphdfcffib:{blacklist:true},lbaddolhebpnhdcdkicpcflhnfamcemn:{blacklist:true},lbficnmfealeidppcbgdcbemgfjodbkg:{blacklist:true},lceaiepehinnomgijphkmjccbigkljkj:{blacklist:true},lcfkojlnjnedeoepfemhdgkhiabkeadc:{blacklist:true},lcmpleboacinanffcdgenhhbkboclkjb:{blacklist:true},ldgfapfmnplpaohbbadnecegcpfkfall:{blacklist:true},ldmoahefokhfelhpbgfjpelcdbahdofk:{blacklist:true},leccghfplhenabeogpibljliijgapfgb:{blacklist:true},lfggokjjaanlfikbbapgnfemifmddalf:{blacklist:true},lgalokbapphhklmilicdefmgbjkcmldf:{blacklist:true},lgcnahanhlfpceencjmlehpfklokhojk:{blacklist:true},lhajoamjgchgljkdjigcgmmcehjkagan:{blacklist:true},likifpgnijjfbdegfepoalpamlgnfofi:{blacklist:true},liomofjeffddiiccaolcnllbhnipbkhe:{blacklist:true},ljcicfibknpmlcmcecddjlbgkejehhpa:{blacklist:true},ljeihpebkahejeacdalhkhmckmggppif:{blacklist:true},ljmjoloiepllcndinchenhomcdcgbgef:{blacklist:true},lkdimamelhbiijkiljlnedmhnnkkmlbl:{blacklist:true},lkfdchejjogilmloogbbjlnlpbhgjfab:{blacklist:true},lkhcbijhgfchgdmklonlobkfbcadbokg:{blacklist:true},lljnngafekbnkpdfophmcdlbfebcbcld:{blacklist:true},lnahlgmhpghkhmafjppdidhcoaomipfg:{blacklist:true},lnbeebaenahmkbffnimghceldeeihfak:{blacklist:true},lncjcfkpannmofmpgdfoonkniofdnaba:{blacklist:true},lndempehphjoeimfchjflohpmhamiamf:{blacklist:true},lnjgjionmhobdfdegbciceafphgemjnc:{blacklist:true},lnlaeblencbjjjeaanegaldcjfekeled:{blacklist:true},lodollblmkailkkdiijmoccefdfjohgk:{blacklist:true},loggadfheaoeabmkgolecncpfdfioefa:{blacklist:true},lojppnndedobolgfepahepphhloediji:{blacklist:true},loldehkdjdncebfnncknlkdchjclifbn:{blacklist:true},lookpbabilcplifjdeifacodednpacmk:{blacklist:true},lpgiafapdmlapiokjnmpbbfkomiceoml:{blacklist:true},lplmcpcnhpbffpcfiaddbeaplhhbengd:{blacklist:true},maakimnachffhlgdhfomaejeeaikgjap:{blacklist:true},magllcifjcllaafcdplnajmobccbcdlo:{blacklist:true},mamfageekafifnickhgkibkofcclfefe:{blacklist:true},mandondadnlimicalgkbkaohmeopdojj:{blacklist:true},mbmdaiddhfoljplpdhohimgieioblfif:{blacklist:true},mcbkimglepddodbiongpohpeidioafgk:{blacklist:true},mcknnlhkkdbcppajgefagceglahcafjd:{blacklist:true},mdiehnlecbjlppbpaaipmlnhhjgepfcg:{blacklist:true},mdngbiejioalifclonjepjjfppmbgned:{blacklist:true},megkcfpbmemnpkgadkoompnoajcolpni:{blacklist:true},mfffdpnblflpobcnekhekiahepofaane:{blacklist:true},mfhfkclojmdocagbmecgcnlofppebebd:{blacklist:true},mfncimdpmknolnnnccdmkpnpkaofonkc:{blacklist:true},mfooalpniplhaaealemjpchkchmmgdko:{blacklist:true},mgdgiplcofghdmpekdeeceolepakodcb:{blacklist:true},mhbffdldpckobeihgebaamjalehefnia:{blacklist:true},mjalegijammcloleihdmooifidcjggjp:{blacklist:true},mjgobkikdipfikmaoakdcdbicpioljgg:{blacklist:true},mjhlngjakabhonjagnlimeicooahajpl:{blacklist:true},mjolnadmlahbpepjaemohnkhpjkbhmef:{blacklist:true},mknjbohhleiicbpagpgmhoaigbblmnic:{blacklist:true},mkobblpffgbncfhijabakfafmkjdmmnm:{blacklist:true},mlmegahemifabfmdnndafagnncfbnahn:{blacklist:true},mlmmbepkgelpbenpobinockmiehdahai:{blacklist:true},mlnoedbhndgbjcbeadjfnmjloejlgojk:{blacklist:true},mmjodihhmnpkldljaifiajmlnpflfhpm:{blacklist:true},mndoohjdoechinpkfbkolflbonciahfo:{blacklist:true},mnhcgaghminpdabllkbkecahjfkdiabk:{blacklist:true},mnichagcickblneeijmfnmoiakigmmhf:{blacklist:true},mnllienogacopjnkmhgnniopjpgjpopp:{blacklist:true},mogepbcllienegdibkfpmombhefhcoic:{blacklist:true},mpgehpkneknbopplhmmkfijfiniddipf:{blacklist:true},mplhbhmkccidaokcelbcbcmhhedebcng:{blacklist:true},mplpabdbfbloeiboikmdbnggfnjbjmlh:{blacklist:true},naopgnjebjeeedbbhcadkhkmeefmloho:{blacklist:true},nbieffehfdniifkgdckbndjhojohbfjj:{blacklist:true},nckmikohoilfkcoahbjpbgbpegcjgngm:{blacklist:true},ncpdanjmicnihdlijomcggnnekloephc:{blacklist:true},ndhkiimgbjnendpcfbiadlifmangejoa:{blacklist:true},ndiogongcmocdgjciemhagfhpjamehpe:{blacklist:true},negkalblfongjbphdcbbhddlickhlamd:{blacklist:true},nepfiodmbijheamafkiglonfkjebdjmf:{blacklist:true},nfecfkjnlkbphobjbcnphimihniieehc:{blacklist:true},nhbfbnmmdjkjahhfdeklgphihfodfgnb:{blacklist:true},nhboiakpmibkbkbeehchlfkggmhphpnk:{blacklist:true},nhkmojkfnknbbmhbnacjdlodokeophkl:{blacklist:true},nhooocacdhkpbmoocdclodjlddcebfoe:{blacklist:true},nibohffepnilngkecenfdgnokfhmnkod:{blacklist:true},nidmbljkkcbdfklgdkklgjgmhejmbojn:{blacklist:true},nidodbfomffkfabciljelkbdiabkeehe:{blacklist:true},nifbebeekindefklojhchehidpikbjfc:{blacklist:true},nihhbeikpchdddoillfdcdinnnnllmna:{blacklist:true},nlgapikcofpablcmfgaoodlhiejiehhh:{blacklist:true},nloaaepkhcnmoakooihnefhhggbmemed:{blacklist:true},nmgpbidjnaebdlbdbpjggenmbaolmfoi:{blacklist:true},nmmnodocfckpoddcgihiihcdinaonckb:{blacklist:true},nmphbnbmgfccfhcmibikmhcgajjpelpf:{blacklist:true},nnioepmjbjjlflmdgjanlcmbjahljeeo:{blacklist:true},nochkknnbahbhmmknnmdhagelcnfagom:{blacklist:true},noefghcilkpcabnhhilojimkkjplhcnd:{blacklist:true},npadaghbcdejfngcjpbnoikajdnongca:{blacklist:true},npolaghondefgiomhkbiiompikfjneep:{blacklist:true},oakhllhnbcpgagdafgbninlpjdemdmjk:{blacklist:true},oanjogmonneelfpnfmdlalfddkeckdej:{blacklist:true},obfnipbbnnhkbafmdbbfpgfgbjmmkgpm:{blacklist:true},obgljnmbldahelaakfdbjkplokjoneip:{blacklist:true},ocmhjnhildbnglmlfimkjnnfgddelacb:{blacklist:true},ocnlnkjmfnolmbclblfhfhcakldceiec:{blacklist:true},odeckaficnaplobiiaomegfbokokehhb:{blacklist:true},odnamglmogfldajnhkfodmloofeokcmm:{blacklist:true},oghphhcagopecifjblgdcfihjnlcbcfc:{blacklist:true},ogjbodghhojomghbdfnlkppdagkfjede:{blacklist:true},oidjdpbndkjhmhmgdoggibcjnippkcgo:{blacklist:true},oilfokmpgejhjhecdjjpikloibggpenf:{blacklist:true},ojglppmhgfohhfeinlhklglifnbfebak:{blacklist:true},ojmdhklabgbnnkkilmkcfcemdhognifc:{blacklist:true},omceiakkomngangmllpgbjcoeloglald:{blacklist:true},omnicnmbagoinlpamknknbcgopadcoci:{blacklist:true},onfbaaifbbahonepmednhkjbhdgogkbl:{blacklist:true},onjaecbdddgibdijafoemfiachlbcgkj:{blacklist:true},onpnpccdagncipgnoofbhchlbajcjnkd:{blacklist:true},oocfbmollajebjjpkahmlnclfhkjijea:{blacklist:true},ookcgejbfhcmcanfkfmmmpahflnlajbl:{blacklist:true},oomelpjfeldbopnleifpjibbpekflhlg:{blacklist:true},opnnngnphijodjhemhdafpnnpdjggofe:{blacklist:true},pajgiddgjidlcajihkjoacjbplimkgfe:{blacklist:true},pbdgmppmccanplobanhfkjndjkmmabgk:{blacklist:true},pbekednmpdekknlffkiopooofokfmkla:{blacklist:true},pbglijbamgmlcpnnpbfjkbdeheejjloj:{blacklist:true},pcaedgdgamlfffkfblocmakhgieggoak:{blacklist:true},peahabnpipmmfiajjjhgfggbeigbmbgp:{blacklist:true},peiijdmlgbelnnmnkighhkpeihmmamio:{blacklist:true},pfaooklcbjnkgconjjepimkohgcjmdji:{blacklist:true},pfcelnbmkeoaeicedjomcjkcammlkdbk:{blacklist:true},pfgmgcnbngcnhjddppmnloflcidemopc:{blacklist:true},pfhlnanelpgjbhndafjamnpfhkjadoip:{blacklist:true},pfoiaildicnbcjojocjlpcibenphhbln:{blacklist:true},pfonklmafadkmcedjlodommcoipgbcde:{blacklist:true},pgelifedkjaohmjehecojkfldinjlamn:{blacklist:true},pgjpnfpidejcmjibaaohcmehfohacckf:{blacklist:true},pgldfhecfiofkhnbgcncepnkjkeoahlk:{blacklist:true},phkpgooenaonkpnabopdbjjfmphclela:{blacklist:true},pihcfdffalbcnmbghijdfcaanagapelf:{blacklist:true},pjdhkkcnlbfebiokpeghfffajaabahfo:{blacklist:true},pjgbfgdpkbfimabdalhjmmeeelbmkcac:{blacklist:true},pjkljhegncpnkpknbcohdijeoejaedia:{ack_external:true,active_permissions:{api:[notifications]},app_launcher_ordinal:t,creation_flags:137,exclude_from_sideload_wipeout:true,from_bookmark:false,from_webstore:true,granted_permissions:{api:[notifications]},install_time:13004233702208898,lastpingday:13004611207975370,location:1,manifest:{app:{launch:{container:tab,web_url:https://mail.google.com/mail/ca},urls:[*://mail.google.com/mail/ca]},current_locale:en_US,default_locale:en,description:Fast, searchable email with less spam.,icons:{128:128.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB,name:Gmail,options_page:https://mail.google.com/mail/ca/#settings,permissions:[notifications],update_url:http://clients2.google.com/service/update2/crx,version:7},page_ordinal:n,path:pjkljhegncpnkpknbcohdijeoejaedia\\7_0,state:1,was_installed_by_default:true},pjloefkigphblpjminnlpbhjchjafcfc:{blacklist:true},pkbbbncikcipejaiiiioboongndhmjgl:{blacklist:true},pkbkgagehkkoajkpgnmjegibihpalfdk:{blacklist:true},pkbkkendemaimikinaefldfljliecapm:{blacklist:true},pkcbihpffghlanbclfmkegjmbijcpobj:{blacklist:true},pkdlpbfmpolnhligegklimbccminkioc:{blacklist:true},pkhidkonipdjidjglnkfcfhnkfnlefbk:{blacklist:true},plfijddblbcdcnammpdmfccchkbdekmm:{blacklist:true},pnaiiipilbpcceggeanphcpkkihnojan:{blacklist:true},pndadpldhngimdmhnajebjldbmcbpjol:{blacklist:true},pnnbdjcjeiobikdfikegpclkcimgafpp:{blacklist:true},pnpfkfanlgljpkpilhgiimfadggfmhcd:{blacklist:true},pnpgiaejfbdapllkchhgchjpdbcpiooa:{blacklist:true},pobponmhkpmphbnfhpjdagklbkmjhked:{blacklist:true},ppmfajacidhcjbddpgmcmigffpppcadd:{blacklist:true}}},first_run_tabs:[http://www.google.com/,http://welcome_page],homepage:http://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1085628055&ir=,homepage_is_newtabpage:false,net:{http_server_properties:{servers:{accounts.google.co.uk:443:{settings:{4:100,5:10},supports_spdy:true},accounts.google.com:443:{settings:{4:100,5:10},supports_spdy:true},accounts.youtube.com:443:{settings:{4:100,5:10},supports_spdy:true},ad.doubleclick.net:443:{settings:{4:100},supports_spdy:true},apis.google.com:443:{settings:{4:100,5:19,6:0},supports_spdy:true},chatenabled.mail.google.com:443:{settings:{4:10,5:10},supports_spdy:true},clients1.google.com:443:{settings:{4:100,5:10},supports_spdy:true},clients2.google.com:443:{settings:{4:100,5:10,6:0},supports_spdy:true},csi.gstatic.com:443:{settings:{4:100},supports_spdy:true},en-gb.facebook.com:443:{settings:{4:100,7:16384},supports_spdy:true},encrypted-tbn2.gstatic.com:443:{settings:{4:100,5:32,6:0},supports_spdy:true},fonts.googleapis.com:443:{settings:{4:100,5:32,6:0},supports_spdy:true},googleads.g.doubleclick.net:443:{settings:{4:100,5:32,6:0},supports_spdy:true},lh5.googleusercontent.com:443:{settings:{4:100,5:32,6:0},supports_spdy:true},mail-attachment.googleusercontent.com:443:{settings:{4:10,5:10},supports_spdy:true},mail.google.com:443:{settings:{4:10,5:10},supports_spdy:true},p5-r7vtrelvon364-ukvi6pj2scxwypxm-135974-i1-v6exp3-ds.metric.gstatic.com:443:{settings:{4:100},supports_spdy:true},pagead2.googleadservices.com:443:{settings:{4:100,5:10},supports_spdy:true},r.twimg.com:443:{supports_spdy:true},ssl.google-analytics.com:443:{settings:{4:100,5:10},supports_spdy:true},ssl.gstatic.com:443:{settings:{4:100,5:10},supports_spdy:true},themes.googleusercontent.com:443:{settings:{4:100,5:9,6:0},supports_spdy:true},www.facebook.com:443:{settings:{4:100,5:16,7:16384},supports_spdy:true},www.google.com:443:{settings:{4:100,5:10,6:0},supports_spdy:true},www.gstatic.com:443:{settings:{4:100,5:32,6:0},supports_spdy:true}},version:1}},ntp:{promo_resource_cache_update:1360254313.256233},plugins:{enabled_internal_pdf3:true,enabled_nacl:true,last_internal_directory:C:\\Program Files (x86)\\Google\\Chrome\\Application\\24.0.1312.57,migrated_to_pepper_flash:true,plugins_list:[{enabled:true,name:Shockwave Flash,path:C:\\Program Files (x86)\\Google\\Chrome\\Application\\24.0.1312.57\\PepperFlash\\pepflashplayer.dll,version:11.5.31.137},{enabled:true,name:Chrome Remote Desktop Viewer,path:internal-remoting-viewer,version:},{enabled:true,name:Native Client,path:C:\\Program Files (x86)\\Google\\Chrome\\Application\\24.0.1312.57\\ppGoogleNaClPluginChrome.dll,version:},{enabled:true,name:Chrome PDF Viewer,path:C:\\Program Files (x86)\\Google\\Chrome\\Application\\24.0.1312.57\\pdf.dll,version:},{enabled:true,name:Adobe Acrobat,path:C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Browser\\nppdf32.dll,version:9.5.2.295},{enabled:true,name:Java Deployment Toolkit 6.0.170.4,path:C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npdeploytk.dll,version:6.0.170.4},{enabled:true,name:Java™ Platform SE 6 U17,path:C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npjp2.dll,version:6.0.170.4},{enabled:true,name:Microsoft Office 2010,path:C:\\PROGRA~2\\MICROS~4\\Office14\\NPSPWRAP.DLL,version:14.0.4761.1000},{enabled:true,name:Google Update,path:C:\\Program Files (x86)\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll,version:1.3.21.123},{enabled:true,name:Silverlight Plug-In,path:C:\\Program Files (x86)\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll,version:4.1.10329.0},{enabled:true,name:Windows LiveÂ® Photo Gallery,path:C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll,version:14.0.8081.0709_ship.wlx.w3m3 (ship)},{enabled:true,name:npFFApi,path:C:\\Program Files\\CheckPoint\\ZAForceField\\WOW64\\TrustChecker\\bin\\npFFApi.dll,version:1, 0, 0, 1},{enabled:true,name:Shockwave for Director,path:C:\\Windows\\SysWOW64\\Adobe\\Director\\np32dsw_1168638.dll,version:11.6.8r638},{enabled:true,name:Shockwave Flash,path:C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_5_502_110.dll,version:11,5,502,110},{enabled:true,name:Adobe Flash Player},{enabled:false,name:Adobe Reader},{enabled:true,name:Adobe Shockwave Player},{enabled:true,name:Chrome PDF Viewer},{enabled:true,name:Chrome Remote Desktop Viewer},{enabled:true,name:Google Update},{enabled:true,name:Java™},{enabled:true,name:Microsoft Office},{enabled:true,name:Native Client},{enabled:true,name:Silverlight},{enabled:true,name:Windows LiveÂ® Photo Gallery},{enabled:true,name:npFFApi}]},profile:{avatar_index:0,content_settings:{clear_on_exit_migrated:true,pref_version:1},exit_type:Normal,exited_cleanly:true,name:First user},promo:{ntp_bubble_promo:[{closed:false,end:1361231940.0,gplus_required:false,group:0,increment:1,increment_frequency:0,increment_max:1,max_views:1,num_groups:1,segment:1,start:1352332800.0,text:Chrome has been auto-updated.<br/>\n    You're now on the latest, greatest version.,views:0}]},session:{startup_urls: [ http://start.mysearc...=1085628055&ir= ]
CHR - Extension: No name found = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\crossrider
CHR - Extension: No name found = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\
CHR - Extension: No name found = C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (FindRight) - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files (x86)\FindRight\FindRightBHO.dll (FindRight)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (MySearchDial)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (MySearchDial)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKLM..\RunOnce: [Del21469107] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Del21980962] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Del21469107] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Del21980962] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/03/02 15:24:28 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Local\CUSTPDF Writer
[2014/03/02 15:12:40 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Local\CutePDF Writer
[2014/03/02 15:00:50 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2014/03/02 15:00:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FindRight
[2014/03/02 14:52:04 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B
[2014/03/02 14:51:11 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2014/03/02 14:51:11 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Roaming\mysearchdial
[2014/03/02 14:51:09 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Roaming\systweak
[2014/03/02 14:51:09 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Roaming\DigitalSites
[2014/03/02 14:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
[2014/03/02 14:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mysearchdial
[2014/03/02 14:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2014/03/02 14:47:11 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Roaming\Opera Software
[2014/03/02 14:47:11 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Local\Opera Software
[2014/03/02 14:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2014/03/02 14:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2014/03/02 14:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2014/03/02 14:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2014/02/25 09:17:57 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/17 20:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/17 20:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/02/17 20:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/17 20:44:47 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/17 20:44:34 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/17 20:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/14 16:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/12 09:27:19 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 09:26:32 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 09:26:31 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 09:26:31 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 09:26:31 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 09:26:30 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 09:26:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 09:26:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 09:26:29 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 09:26:29 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 09:26:29 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 09:26:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 09:26:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 09:26:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 09:26:28 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 09:26:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 09:26:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 09:26:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 09:26:27 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 09:26:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 09:26:26 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 09:26:25 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 09:26:25 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 09:26:22 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/12 09:13:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 09:13:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/12 09:13:08 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 09:13:07 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 09:13:07 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 09:13:07 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 09:13:07 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 09:13:07 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 09:13:07 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 09:13:07 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 09:13:07 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 09:13:07 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 09:13:07 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 09:13:07 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 09:13:07 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 09:13:07 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 09:13:07 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 09:13:07 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/12 09:13:06 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 09:13:00 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 09:13:00 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/11 22:06:04 | 000,000,000 | ---D | C] -- C:\Users\steve\Desktop\RD_Record000_data
[2014/02/08 23:22:41 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Roaming\Audacity
[2014/02/08 23:22:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2014/02/08 23:22:15 | 000,000,000 | ---D | C] -- C:\Users\steve\AppData\Local\Programs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/02 15:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/02 15:24:30 | 000,187,522 | ---- | M] () -- C:\Users\steve\Documents\Golden Anniversary.pdf
[2014/03/02 15:13:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/02 15:12:42 | 000,187,522 | ---- | M] () -- C:\Users\steve\Desktop\Golden Anniversary.pdf
[2014/03/02 15:00:37 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/03/02 15:00:31 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/03/02 14:59:46 | 000,000,046 | ---- | M] () -- C:\Users\steve\AppData\Roaming\WB.CFG
[2014/03/02 13:33:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/02 11:45:32 | 000,002,318 | ---- | M] () -- C:\Windows\tasks\weDownload Manager Pro-firefoxinstaller.job
[2014/03/02 11:40:33 | 000,002,042 | ---- | M] () -- C:\Windows\tasks\weDownload Manager Pro-chromeinstaller.job
[2014/03/02 11:40:32 | 000,001,312 | ---- | M] () -- C:\Windows\tasks\weDownload Manager Pro-codedownloader.job
[2014/03/02 09:01:14 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/02 09:01:14 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/02 08:54:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/02 08:53:48 | 2312,085,504 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/01 12:21:07 | 001,641,922 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/01 12:21:07 | 000,621,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/01 12:21:07 | 000,006,450 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/22 12:35:17 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/22 12:35:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/17 20:44:23 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/02/17 20:44:22 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/02/17 20:44:22 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/02/17 20:44:22 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/02/10 18:39:25 | 012,520,148 | ---- | M] () -- C:\Users\steve\Desktop\ableton_live_8_manual_en.pdf
[2014/02/08 23:22:37 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/02/08 19:13:27 | 000,172,147 | ---- | M] () -- C:\Users\steve\Desktop\cv_-_Steve_Higgins.pdf
[2014/02/06 11:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 11:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 11:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 10:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 10:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 10:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 10:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 10:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 10:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 10:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 10:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 10:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 10:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 09:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 09:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 09:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 09:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 09:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 09:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 09:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 09:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 08:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 08:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/02 15:24:35 | 000,187,522 | ---- | C] () -- C:\Users\steve\Documents\Golden Anniversary.pdf
[2014/03/02 15:12:57 | 000,187,522 | ---- | C] () -- C:\Users\steve\Desktop\Golden Anniversary.pdf
[2014/03/02 14:59:46 | 000,000,046 | ---- | C] () -- C:\Users\steve\AppData\Roaming\WB.CFG
[2014/03/02 14:59:41 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\MySearchDial.job
[2014/03/02 14:51:11 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\Digital Sites.job
[2014/03/02 14:51:05 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\custmon64i.dll
[2014/03/02 14:46:36 | 000,087,600 | ---- | C] () -- C:\Windows\SysNative\cpwmon64.dll
[2014/02/10 18:39:11 | 012,520,148 | ---- | C] () -- C:\Users\steve\Desktop\ableton_live_8_manual_en.pdf
[2014/02/08 23:22:37 | 000,000,986 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2014/02/08 23:22:37 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/02/08 19:13:25 | 000,172,147 | ---- | C] () -- C:\Users\steve\Desktop\cv_-_Steve_Higgins.pdf
[2013/07/28 15:55:45 | 000,000,979 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2013/06/09 12:55:34 | 000,003,584 | ---- | C] () -- C:\Users\steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/07 07:07:03 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/01/22 21:39:16 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat
[2013/01/22 21:39:16 | 000,000,128 | ---- | C] () -- C:\Windows\SysWow64\pdfl.dat
[2013/01/22 21:39:16 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\ibfl.dat
[2013/01/13 21:47:52 | 000,000,123 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/04 16:57:24 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/31 21:36:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/03/02 14:52:04 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B
[2014/03/02 15:00:50 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2014/02/22 16:25:59 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Ableton
[2014/02/11 22:06:05 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Audacity
[2013/01/22 21:40:31 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\CheckPoint
[2014/03/02 14:51:09 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\DigitalSites
[2014/03/02 08:54:53 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Dropbox
[2013/10/30 07:29:10 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\MailFrontier
[2014/03/02 14:59:41 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\mysearchdial
[2014/03/02 14:59:14 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Nokia
[2014/03/02 14:59:14 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Nokia Suite
[2014/03/02 14:47:11 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Opera Software
[2014/01/01 18:11:27 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\PC Suite
[2014/03/01 08:42:52 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\SoftGrid Client
[2014/03/02 15:03:18 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\systweak
[2013/01/07 22:23:29 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\TFP
[2012/11/04 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\Toshiba
[2012/11/04 16:58:14 | 000,000,000 | ---D | M] -- C:\Users\steve\AppData\Roaming\TP

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2009/07/14 02:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 20:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 06:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 06:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 06:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 06:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/14 02:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 02:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/14 02:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/14 02:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2014/02/26 16:10:54 | 000,184,682 | ---- | M] () MD5=367214F85F10C925ECD5FF640FA9963C -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: IEXPLORE.EXE >
[2013/01/09 01:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2013/12/16 08:29:13 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2013/05/17 02:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
[2012/11/14 02:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2013/07/26 06:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
[2013/08/10 06:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
[2012/11/01 09:50:21 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2012/10/08 08:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2013/03/29 16:48:18 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=2859EBC065D2E1CCC94161CE28BAC085 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_20e4a040529a2792\iexplore.exe
[2013/02/25 00:58:09 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=28F93BAFB3EB407E99A7ED3D9DBDE04C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_ffb93ba237e760ce\iexplore.exe
[2013/06/12 04:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[2009/07/14 01:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2012/11/01 09:50:17 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2013/04/05 05:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_0a122b746c443b42\iexplore.exe
[2013/06/12 00:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[2013/08/10 06:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/08/10 04:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013/05/17 01:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
[2013/10/12 21:42:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=39D0074C59F6D1A62731942C7FA8B60B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_167ae4781e4936f5\iexplore.exe
[2013/10/12 09:49:48 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=3C8C00380462B1023C9F8EA2A9A7A137 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_ffa340aa37f7ff34\iexplore.exe
[2014/02/06 22:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=4263F6C131E513CEA1AE82B5B81A4E1A -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2014/02/06 22:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=4263F6C131E513CEA1AE82B5B81A4E1A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_85564983f73dbe0f\iexplore.exe
[2013/08/10 05:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[2012/10/08 12:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2012/08/24 17:15:32 | 000,672,872 | ---- | M] (Microsoft Corporation) MD5=4ADB84297505A1627DEEA18529BF4B16 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17115_none_1a05d46a72a0e4af\iexplore.exe
[2013/02/21 12:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_16920d4a1e377ea4\iexplore.exe
[2013/03/29 16:48:03 | 000,775,184 | ---- | M] (Microsoft Corporation) MD5=681B380492ACB571ED6CCC1F37F53343 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_168ff5ee1e396597\iexplore.exe
[2013/01/08 22:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2013/07/26 03:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[2013/02/02 08:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe
[2012/08/24 18:10:19 | 000,696,424 | ---- | M] (Microsoft Corporation) MD5=85275D3D81C23C8A8D3C915888D11C66 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17115_none_0fb12a183e4022b4\iexplore.exe
[2010/11/20 13:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/10/25 04:45:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8AA8CFAF04E518C81E0C515585CD6AE4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20861_none_ffa5e0b637f57e7b\iexplore.exe
[2013/07/26 05:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
[2013/10/25 07:41:14 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8E6225096C44271A88FD201C7188BDFC -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_167d6dbc1e46cfdd\iexplore.exe
[2013/05/17 03:02:08 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8F00471CA24ADF8D2AFAACF856EB70A4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_ffaaf8f037f2b0df\iexplore.exe
[2013/06/12 02:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
[2013/10/12 07:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_09f7eafc6c58c12f\iexplore.exe
[2013/10/25 05:22:15 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9ED469260687108F5F8FD544D56ABC54 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_20d2180e52a791d8\iexplore.exe
[2013/02/24 23:52:40 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=A11C5E3E288256C540B7ED8BE3A04B01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_0a0de5f46c4822c9\iexplore.exe
[2013/02/02 04:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[2013/10/25 01:16:38 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=A8130AEDCC06FBDEBEC8E34732C01A16 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20861_none_09fa8b086c564076\iexplore.exe
[2013/02/02 07:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe
[2013/04/05 06:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
[2012/11/16 03:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2010/11/20 12:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2014/02/06 22:55:10 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=C6E1178294BDEAB1CACF50427688DF05 -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/02/06 22:55:10 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=C6E1178294BDEAB1CACF50427688DF05 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_7b019f31c2dcfc14\iexplore.exe
[2012/08/24 17:10:38 | 000,672,872 | ---- | M] (Microsoft Corporation) MD5=C6E8F6DB0FD7B28924D1CBC8AE03ECEE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21313_none_1a8d72878bc04ef2\iexplore.exe
[2013/12/16 08:29:15 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[2013/06/12 07:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe
[2013/04/05 07:53:33 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_169485781e35646f\iexplore.exe
[2012/10/08 08:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2013/09/22 23:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013/10/12 07:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_20cf8eca52a9f8f0\iexplore.exe
[2013/09/23 00:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/02/02 04:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[2013/04/05 07:23:03 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=DE751E18F8DBF7BCCE46989CBA4A9828 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_ffbd812237e37947\iexplore.exe
[2012/08/24 18:24:56 | 000,696,424 | ---- | M] (Microsoft Corporation) MD5=E3C361C85ADECFF3A485E4FE17859E0F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21313_none_1038c835575f8cf7\iexplore.exe
[2013/02/21 11:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_20e6b79c5298409f\iexplore.exe
[2013/07/26 05:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[2013/09/23 01:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2013/05/17 03:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=EDC77CF787FA015205936C9A3228486E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_1683e1601e42b514\iexplore.exe
[2013/01/09 00:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013/01/08 21:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2009/07/14 01:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2012/10/08 11:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012/11/14 02:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2013/09/23 01:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
[2012/11/14 07:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2013/12/16 08:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/12/16 08:29:13 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/12/16 08:29:13 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui
[2013/12/16 08:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui
[2012/11/01 09:50:17 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2012/11/01 09:50:21 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/03/29 16:48:07 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/03/29 16:48:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/14 02:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/14 02:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 02:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/14 02:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: SERVICES >
[2009/06/10 21:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 02:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 02:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 02:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 02:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: WINLOGON.ADML >
[2009/07/14 02:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 21:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 07:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 13:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 13:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/14 02:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2009/07/14 02:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/14 02:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2014/03/02 08:53:48 | 2312,085,504 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/02 08:53:52 | 3082,780,672 | -HS- | M] () -- C:\pagefile.sys
[2010/06/17 09:57:20 | 000,000,123 | -H-- | M] () -- C:\SWSTAMP.TXT

< %systemroot%\Fonts\*.com >
[2009/07/14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 11:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is WINDOWS
Volume Serial Number is 1C66-D1D2
Directory of C:\
14/07/2009 05:08    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
Directory of C:\ProgramData
14/07/2009 05:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009 05:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009 05:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009 05:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009 05:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users
14/07/2009 05:08    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009 05:08    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
Directory of C:\Users\All Users
14/07/2009 05:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009 05:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009 05:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009 05:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009 05:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default
14/07/2009 05:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 05:08    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 05:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 05:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009 05:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 05:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 05:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 05:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 05:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 05:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 05:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009 05:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 05:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 05:08    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009 05:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009 05:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 05:08    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009 05:08    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009 05:08    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\steve
31/10/2012 22:47    <JUNCTION>     Application Data [C:\Users\steve\AppData\Roaming]
31/10/2012 22:47    <JUNCTION>     Cookies [C:\Users\steve\AppData\Roaming\Microsoft\Windows\Cookies]
31/10/2012 22:47    <JUNCTION>     Local Settings [C:\Users\steve\AppData\Local]
31/10/2012 22:47    <JUNCTION>     My Documents [C:\Users\steve\Documents]
31/10/2012 22:47    <JUNCTION>     NetHood [C:\Users\steve\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
31/10/2012 22:47    <JUNCTION>     PrintHood [C:\Users\steve\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31/10/2012 22:47    <JUNCTION>     Recent [C:\Users\steve\AppData\Roaming\Microsoft\Windows\Recent]
31/10/2012 22:47    <JUNCTION>     SendTo [C:\Users\steve\AppData\Roaming\Microsoft\Windows\SendTo]
31/10/2012 22:47    <JUNCTION>     Start Menu [C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu]
31/10/2012 22:47    <JUNCTION>     Templates [C:\Users\steve\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\steve\AppData\Local
31/10/2012 22:47    <JUNCTION>     Application Data [C:\Users\steve\AppData\Local]
31/10/2012 22:47    <JUNCTION>     History [C:\Users\steve\AppData\Local\Microsoft\Windows\History]
31/10/2012 22:47    <JUNCTION>     Temporary Internet Files [C:\Users\steve\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\steve\Documents
31/10/2012 22:47    <JUNCTION>     My Music [C:\Users\steve\Music]
31/10/2012 22:47    <JUNCTION>     My Pictures [C:\Users\steve\Pictures]
31/10/2012 22:47    <JUNCTION>     My Videos [C:\Users\steve\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              50 Dir(s) 76,516,683,776 bytes free

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/11/03 19:20:19 | 000,000,221 | -HS- | M] () -- C:\Users\steve\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
OTL Extras logfile created on: 3/2/2014 3:43:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\steve\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 49.46% Memory free
5.74 Gb Paging File | 3.92 Gb Available in Paging File | 68.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.81 Gb Total Space | 71.50 Gb Free Space | 48.04% Space Free | Partition Type: NTFS
Drive D: | 148.88 Gb Total Space | 141.97 Gb Free Space | 95.35% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 465.76 Gb Total Space | 282.89 Gb Free Space | 60.74% Space Free | Partition Type: NTFS

Computer Name: STEVE-TOSH | User Name: steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FF0276-8261-402C-B691-B3617B0FDAFD}" = rport=137 | protocol=17 | dir=out | app=system |
"{048F408D-07EB-4C40-970E-811237835045}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{10620B1A-4185-44CB-B1A3-98F8E7C0CFB4}" = lport=138 | protocol=17 | dir=in | app=system |
"{13384408-5990-4E39-A171-557D154D2D79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{254398A7-09CE-4E34-A584-9AD062CA9E3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F2086A5-5001-4B6C-AA80-80BD53C0E2C3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{413382D5-7388-4DB8-B6DC-E57617DCB583}" = rport=445 | protocol=6 | dir=out | app=system |
"{433C6C0A-E861-4DDF-9708-4D4397D73C35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4902F6C9-B7E8-475A-A1AB-E08EA1D2D274}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59C41332-BF2E-4258-A1BB-8BAD57BF8B17}" = rport=10243 | protocol=6 | dir=out | app=system |
"{748137F6-13DA-43C4-8FF5-C3FA8FC672FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7873FE08-257C-44DC-8A95-B2CF89BB7701}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{789D6A61-9C8E-403F-868E-B7E18926BDF4}" = rport=138 | protocol=17 | dir=out | app=system |
"{7AB5D13A-858B-4608-B5D9-26EEE39F7FB7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8198CB21-19AD-40BD-81EE-4D14B7833637}" = rport=139 | protocol=6 | dir=out | app=system |
"{9115B157-9B6F-4FBD-9984-9E32CD6E400B}" = lport=139 | protocol=6 | dir=in | app=system |
"{978C6ACA-AA56-4F29-8C0D-CED546D97A00}" = lport=445 | protocol=6 | dir=in | app=system |
"{9BF805EB-9F77-4908-ACEF-21A1BF6B0746}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A06FC6E5-B28F-41F8-AD58-BED3B6173B75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3BB5BAF-1CC6-4FE4-934D-C9E969BD14F6}" = lport=137 | protocol=17 | dir=in | app=system |
"{B64E86A3-6C20-47A0-9351-E1092A5739A9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E75C037D-1265-4A52-8BC8-99679FD166FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E898692B-15A6-4966-BBF1-A6F8B4B4DF98}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2A7303-ACEC-4A87-AEEB-BAC74EE0101F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{13573273-0E8A-4277-B0F9-3325DB3F9993}" = protocol=6 | dir=in | app=c:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe |
"{14BEF376-D63D-4B4C-AD91-C5BCE3E005A3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1804021B-2E5B-4C7D-A730-C80BD3403932}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1C2C1462-AED4-4911-BAA1-C62CC0084BA7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1F83545E-6623-47B8-921D-F98C0556AF47}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1FD2B639-15E2-4BC2-980A-28B90D0A3245}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2410EF5A-7109-46A7-A24F-909D0E934A10}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{41ED4FDC-3C59-4995-9212-D1175AA3FFF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47931246-B71D-4603-82A0-A1B22B7A5E91}" = protocol=17 | dir=in | app=c:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe |
"{513FFE01-C6D7-4ACA-AC91-713F30016465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F1EE493-420A-43EB-B514-49952615FE62}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6E857345-7334-41C4-89AF-89C8362B06C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{754645A7-C615-4ECE-ADE3-928A2ACDF14E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{793C7B9F-EC17-41F8-A56D-223E1F6E588E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{863D6F12-2D69-4B43-8CB3-8AFD4B4352CB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{94068A4F-E25E-4704-9AD5-B0924A7552DE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{97083930-798F-408B-BD71-87B52F8E0E6B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C35BF8C-D165-436F-B949-D4F78777490C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A41F9A9B-5D8E-4A0F-BBFA-14A982F195F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC2C7BBA-5A36-4245-A6A9-A82590A0B536}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B0C462DA-9340-46BE-B06F-05BA49DAECA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C067361E-02DA-4D77-BE96-A0AE21891E83}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CBE99C52-D14A-42D2-B788-18954116CAF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD5DC78D-FE71-4EF9-AC05-390528C2F4E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E40462E8-74EE-44FD-B55B-8390E12B6BAE}" = protocol=6 | dir=out | app=system |
"{E5A761EF-D6A6-4976-9E72-9C79CD9A06EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EB4DE7AC-EE6A-4BD4-9D88-754310DAA3E1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EB6B320D-DAA9-49F4-B35C-133A442F44E9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{26128CCD-6536-46D8-9F6F-86924E506CDD}C:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FF61FABF-046D-4120-87F8-178D087E8F50}C:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CutePDF Writer Installation" = CutePDF Writer 3.0
"FindRight" = FindRight
"PDF Creator" = PDF Creator
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DF0C0EB1-6940-4B18-A3AB-014F28A5028C}" = Ableton Live 8
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.5
"Google Chrome" = Google Chrome
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mysearchdial" = Mysearchdial
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"weDownload Manager Pro" = weDownload Manager Pro
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Digital Sites" = Update for PDF Creator
"Dropbox" = Dropbox
"PDF Creator Packages" = PDF Creator Packages
"PDF Creator Packages 95" = PDF Creator Packages 95

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/2/2014 5:43:36 AM | Computer Name = steve-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/2/2014 5:43:36 AM | Computer Name = steve-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9282

Error - 3/2/2014 5:43:36 AM | Computer Name = steve-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9282

Error - 3/2/2014 8:36:30 AM | Computer Name = steve-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/2/2014 8:36:30 AM | Computer Name = steve-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1202

Error - 3/2/2014 8:36:30 AM | Computer Name = steve-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1202

Error - 3/2/2014 9:33:00 AM | Computer Name = steve-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/2/2014 9:33:00 AM | Computer Name = steve-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3391025

Error - 3/2/2014 9:33:00 AM | Computer Name = steve-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3391025

Error - 3/2/2014 11:00:46 AM | Computer Name = steve-TOSH | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 27.0.1.5156,
time stamp: 0x52fc0fcf Faulting module name: mozalloc.dll, version: 27.0.1.5156,
time stamp: 0x52fbe972 Exception code: 0x80000003 Fault offset: 0x0000119c Faulting
process id: 0x1b68 Faulting application start time: 0x01cf36282f92a4a9 Faulting application
path: C:\PROGRA~2\MOZILL~1\plugin-container.exe Faulting module path: C:\PROGRA~2\MOZILL~1\mozalloc.dll
Report
Id: 6ec0a0e3-a21b-11e3-a0ed-00266c7c64f6

[ System Events ]
Error - 2/17/2014 2:08:39 PM | Computer Name = steve-TOSH | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
user steve-TOSH\steve (60) is equal to or greater than the job limit (60) specified
through group policy. To correct the problem, complete or cancel the BITS jobs
that haven't made progress by looking at the error, and restart the BITS service.
If this error recurs, contact your system administrator and increate the per-user
and per-computer Group Policy job limits.

Error - 2/17/2014 3:42:03 PM | Computer Name = steve-TOSH | Source = DCOM | ID = 10010
Description =

Error - 2/17/2014 4:40:34 PM | Computer Name = steve-TOSH | Source = DCOM | ID = 10010
Description =

Error - 2/17/2014 4:40:36 PM | Computer Name = steve-TOSH | Source = DCOM | ID = 10010
Description =

Error - 2/17/2014 4:40:58 PM | Computer Name = steve-TOSH | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
user steve-TOSH\steve (60) is equal to or greater than the job limit (60) specified
through group policy. To correct the problem, complete or cancel the BITS jobs
that haven't made progress by looking at the error, and restart the BITS service.
If this error recurs, contact your system administrator and increate the per-user
and per-computer Group Policy job limits.

Error - 2/22/2014 5:39:45 AM | Computer Name = steve-TOSH | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/22/2014 5:39:46 AM | Computer Name = steve-TOSH | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/22/2014 5:39:46 AM | Computer Name = steve-TOSH | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/25/2014 5:16:37 AM | Computer Name = steve-TOSH | Source = DCOM | ID = 10010
Description =

Error - 3/2/2014 10:57:44 AM | Computer Name = steve-TOSH | Source = Service Control Manager | ID = 7031
Description = The Update FindRight service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

< End of report >

-----------------------------------------------------------------------------------------------

Hijack this report

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:18:19, on 02/03/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Users\steve\Downloads\HiJackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mozilla%20firefox/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1085628055&ir=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FindRight - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files (x86)\FindRight\FindRightbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\PROGRA~2\MYSEAR~1\1821~1.0\bh\mysearchdial.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\PROGRA~2\MYSEAR~1\1821~1.0\mysearchdialTlbr.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Del21469107] cmd.exe /Q /D /c del "C:\Users\steve\AppData\Local\Temp\0.del"
O4 - HKLM\..\RunOnce: [Del21980962] cmd.exe /Q /D /c del "C:\Users\steve\AppData\Local\Temp\0.del"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\RunOnce: [Del21469107] cmd.exe /Q /D /c del "C:\Users\steve\AppData\Local\Temp\0.del"
O4 - HKCU\..\RunOnce: [Del21980962] cmd.exe /Q /D /c del "C:\Users\steve\AppData\Local\Temp\0.del"
O4 - Startup: Dropbox.lnk = steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O20 - AppInit_DLLs: c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update FindRight - Unknown owner - C:\Program Files (x86)\FindRight\updateFindRight.exe
O23 - Service: Util FindRight - Unknown owner - C:\Program Files (x86)\FindRight\bin\utilFindRight.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9132 bytes

---------------------------------------------------------------------------------------------
DDS reports

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by steve at 16:21:36 on 2014-03-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2940.1094 [GMT 0:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\FindRight\updateFindRight.exe
C:\Program Files (x86)\FindRight\FindRight.FirstRun.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Program Files (x86)\FindRight\bin\utilFindRight.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mozilla%20firefox/
uSearch Bar = Preserve
uSearch Page = hxxp://feed.snap.do/?publisher=SnapDoForPartners&dpid=SnapDoForPartners&co=GB&userid=ee5ad2e2-b383-4d7f-85ba-ea61324fe079&searchtype=ds&q={searchTerms}
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1085628055&ir=
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapDoForPartners&dpid=SnapDoForPartners&co=GB&userid=ee5ad2e2-b383-4d7f-85ba-ea61324fe079&searchtype=ds&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FindRight: {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files (x86)\FindRight\FindRightbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: mysearchdial Helper Object: {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: mysearchdial Toolbar: {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRunOnce: [Del21469107] cmd.exe /Q /D /c del "C:\Users\steve\AppData\Local\Temp\0.del"
uRunOnce: [Del21980962] cmd.exe /Q /D /c del "C:\Users\steve\AppData\Local\Temp\0.del"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Del21469107] cmd.exe /Q /D /c del "C:\Users\steve\AppData\Local\Temp\0.del"
mRunOnce: [Del21980962] cmd.exe /Q /D /c del "C:\Users\steve\AppData\Local\Temp\0.del"
StartupFolder: C:\Users\steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F} : DHCPNameServer = 194.168.4.100 194.168.8.100
AppInit_DLLs= c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1085628055&ir=
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1085628055&ir=
FF - prefs.js: keyword.URL -
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
---- FIREFOX POLICIES ----
.
.
.
.
.
.
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1085628055&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dsites0301&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1085628055&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dsites0301&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1085628055&ir=&q=
FF - user.js: extensions.mysearchdial.id - 1C659D1CEBFFD1D2
FF - user.js: extensions.mysearchdial.instlDay - 16131
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.015:0:27
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dsites0301
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1085628055
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - dsites0301
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1085628055
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Update FindRight;Update FindRight;C:\Program Files (x86)\FindRight\updateFindRight.exe [2014-2-26 111904]
R2 Util FindRight;Util FindRight;C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [2014-3-2 111904]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-4-8 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-8 232992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-2 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-1 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-03-02 15:24:28   --------   d-----w-   C:\Users\steve\AppData\Local\CUSTPDF Writer
2014-03-02 15:12:40   --------   d-----w-   C:\Users\steve\AppData\Local\CutePDF Writer
2014-03-02 15:00:50   --------   d-----w-   C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-03-02 15:00:37   --------   d-----w-   C:\Program Files (x86)\FindRight
2014-03-02 14:56:57   75888   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5D1A2D9B-70A2-4E9B-82C2-42570A876A61}\offreg.dll
2014-03-02 14:52:04   --------   d-----w-   C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B
2014-03-02 14:51:11   20312   ----a-w-   C:\Windows\System32\roboot64.exe
2014-03-02 14:51:11   --------   d-----w-   C:\Users\steve\AppData\Roaming\mysearchdial
2014-03-02 14:51:09   --------   d-----w-   C:\Users\steve\AppData\Roaming\systweak
2014-03-02 14:51:09   --------   d-----w-   C:\Users\steve\AppData\Roaming\DigitalSites
2014-03-02 14:51:06   --------   d-----w-   C:\Program Files (x86)\Mysearchdial
2014-03-02 14:51:05   87552   ----a-w-   C:\Windows\System32\custmon64i.dll
2014-03-02 14:51:05   --------   d-----w-   C:\Program Files\PDFCreator
2014-03-02 14:47:11   --------   d-----w-   C:\Users\steve\AppData\Roaming\Opera Software
2014-03-02 14:47:11   --------   d-----w-   C:\Users\steve\AppData\Local\Opera Software
2014-03-02 14:46:52   --------   d-----w-   C:\Program Files (x86)\GPLGS
2014-03-02 14:46:36   87600   ----a-w-   C:\Windows\System32\cpwmon64.dll
2014-03-02 14:46:35   --------   d-----w-   C:\Program Files (x86)\Acro Software
2014-02-28 07:45:13   10536864   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5D1A2D9B-70A2-4E9B-82C2-42570A876A61}\mpengine.dll
2014-02-25 09:17:57   --------   d-----w-   C:\Windows\Migration
2014-02-17 20:45:00   --------   d-----w-   C:\ProgramData\Oracle
2014-02-17 20:44:34   96168   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-12 09:27:19   548864   ----a-w-   C:\Windows\System32\vbscript.dll
2014-02-12 09:27:19   454656   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-02-12 09:13:16   2048   ----a-w-   C:\Windows\SysWow64\msxml3r.dll
2014-02-08 23:22:29   --------   d-----w-   C:\Program Files (x86)\Audacity
2014-02-08 23:22:15   --------   d-----w-   C:\Users\steve\AppData\Local\Programs
.
==================== Find3M ====================
.
2014-02-22 12:35:17   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-22 12:35:17   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11   708608   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37   5768704   ----a-w-   C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32   2041856   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27   553472   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36   4244480   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52   2334208   ----a-w-   C:\Windows\System32\wininet.dll
2014-02-06 09:09:30   1964032   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35   1820160   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-12-24 23:09:41   1987584   ----a-w-   C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32   2565120   ----a-w-   C:\Windows\System32\d3d10warp.dll
2013-12-18 06:13:56   270496   ------w-   C:\Windows\System32\MpSigStub.exe
2013-12-06 02:30:08   2048   ----a-w-   C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08   1882112   ----a-w-   C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08   1237504   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33   485888   ----a-w-   C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33   123392   ----a-w-   C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33   123392   ----a-w-   C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16   488448   ----a-w-   C:\Windows\System32\secproc.dll
2013-12-04 02:26:32   528384   ----a-w-   C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51   658432   ----a-w-   C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51   626176   ----a-w-   C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50   552960   ----a-w-   C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48   553984   ----a-w-   C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20   87040   ----a-w-   C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20   87040   ----a-w-   C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20   423936   ----a-w-   C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08   428032   ----a-w-   C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06   390144   ----a-w-   C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14   510976   ----a-w-   C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10   594944   ----a-w-   C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09   572416   ----a-w-   C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06   508928   ----a-w-   C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH: 16:21:56.03 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 31/10/2012 22:47:16
System Uptime: 02/03/2014 08:53:42 (8 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium® Dual-Core CPU       T4500 @ 2.30GHz | CPU | 2300/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 71.264 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 141.968 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 466 GiB total, 282.894 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP169: 22/02/2014 09:39:17 - Windows Update
RP170: 25/02/2014 09:16:13 - Windows Update
RP171: 26/02/2014 10:05:21 - Windows Update
RP172: 02/03/2014 15:01:07 - Removed Nokia Connectivity Cable Driver
RP173: 02/03/2014 15:02:39 - Removed PC Connectivity Solution
RP174: 02/03/2014 15:45:42 - OTL Restore Point - 3/2/2014 3:45:42 PM
.
==== Installed Programs ======================
.
Ableton Live 8
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader 9.5.2
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Audacity 2.0.5
Bonjour
Conexant HD Audio
CutePDF Writer 3.0
Dropbox
FindRight
Google Chrome
Google Drive
Google Update Helper
ImagXpress
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java 7 Update 51
Java Auto Updater
Java™ 6 Update 17
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mysearchdial
neroxml
PDF Creator
PDF Creator Packages
PDF Creator Packages 95
PlayReady PC Runtime amd64
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
swMSM
Synaptics Pointing Device Driver
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TRORMCLauncher
Update for PDF Creator
VC 9.0 Runtime
weDownload Manager Pro
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Upload Tool
.
==== Event Viewer Messages From Past Week ========
.
02/03/2014 14:57:44, Error: Service Control Manager [7031] - The Update FindRight service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================

Stephen.M.Higgins

Advertisements

Register to Remove

#2 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 03 March 2014 - 01:05 PM

Run OTL.
Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:

Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1085628055&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...=1085628055&ir=
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearc...=1085628055&ir=
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine: "Mysearchdial"
FF - prefs.js..browser.startup.homepage: "http://start.mysearc...1085628055&ir="
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mysearchdial.com:1.6.0
2014/03/02 15:00:37 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2014/03/02 15:00:38 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\ffxtlbr@mysearchdial.com
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (MySearchDial)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
:Files
C:\Users\steve\AppData\Roaming\mysearchdial
C:\Program Files (x86)\Mysearchdial
C:\Windows\tasks\MySearchDial.job

:commands
[CREATERESTOREPOINT]
[EMPTYFLASH]
[resethosts]
[emptytemp]
[Reboot]

Click Run Fix.
Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
If requested to reboot, please do so. The log file will open after restart.
Enable back your security softwares as soon as you completed the OTL fix steps.
-------------------

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 h1gg1

Authentic Member

Authentic Member
123 posts

Posted 03 March 2014 - 03:23 PM

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "Mysearchdial" removed from browser.search.defaultenginename
Prefs.js: "Mysearchdial" removed from browser.search.order.1
Prefs.js: "Mysearchdial" removed from browser.search.selectedEngine
Prefs.js: "http://start.mysearc....1085628055&ir=" removed from browser.startup.homepage
Prefs.js: ffxtlbr%40mysearchdial.com:1.6.0 removed from extensions.enabledAddons
C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\ffxtlbr@mysearchdial.com\META-INF folder moved successfully.
C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs folder moved successfully.
C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\ffxtlbr@mysearchdial.com\content\imgs folder moved successfully.
C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\ffxtlbr@mysearchdial.com\content folder moved successfully.
C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\ffxtlbr@mysearchdial.com\components folder moved successfully.
C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\extensions\ffxtlbr@mysearchdial.com folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3004627E-F8E9-4E8B-909D-316753CBA923} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}\ deleted successfully.
C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
========== FILES ==========
C:\Users\steve\AppData\Roaming\mysearchdial\UpdateProc folder moved successfully.
C:\Users\steve\AppData\Roaming\mysearchdial\icons_2.2.15.1631 folder moved successfully.
C:\Users\steve\AppData\Roaming\mysearchdial folder moved successfully.
C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh folder moved successfully.
C:\Program Files (x86)\Mysearchdial\1.8.21.0 folder moved successfully.
C:\Program Files (x86)\Mysearchdial folder moved successfully.
C:\Windows\tasks\MySearchDial.job moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: steve
->Flash cache emptied: 24731 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: steve
->Temp folder emptied: 16900742676 bytes
->Temporary Internet Files folder emptied: 223475542 bytes
->Java cache emptied: 3083363 bytes
->FireFox cache emptied: 20907890 bytes
->Google Chrome cache emptied: 58261526 bytes
->Flash cache emptied: 956 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1700340948 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46444488 bytes
RecycleBin emptied: 122261374 bytes

Total Files Cleaned = 18,192.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03032014_205217

Files\Folders moved on Reboot...
C:\Users\steve\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

-----------------------------------------------------

FYI - My search dial is still hijacking my browser!

Stephen.M.Higgins

#4 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 03 March 2014 - 03:29 PM

FYI - My search dial is still hijacking my browser!

Good grief!!
It's my aim to get that bugger!

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr
rkill.pif
WiNlOgOn.exe
uSeRiNiT.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Farbar Recovery Scan Tool

(use correct version for your system.....Which system am I using?)

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#5 h1gg1

Authentic Member

Authentic Member
123 posts

Posted 03 March 2014 - 03:57 PM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 03/03/2014 09:51:27 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t

: : 1 l o c a l h o s t

Program finished at: 03/03/2014 09:53:33 PM
Execution time: 0 hours(s), 2 minute(s), and 5 seconds(s)

---------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-03-2014 01
Ran by steve (administrator) on STEVE-TOSH on 03-03-2014 21:55:27
Running from C:\Users\steve\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\FindRight\updateFindRight.exe
() C:\Program Files (x86)\FindRight\bin\utilFindRight.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-02-12] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-841644085-1882052296-2822029357-1001\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
AppInit_DLLs-x32: c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll" File Not Found
Startup: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mozilla%20firefox/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1085628055&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: FindRight - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files (x86)\FindRight\FindRightbho.dll (FindRight)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\PROGRA~2\MYSEAR~1\1821~1.0\bh\mysearchdial.dll No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661
FF user.js: detected! => C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\user.js
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1085628055&ir=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\searchplugins\Mysearchdial.xml
FF Extension: weDownload Manager Pro - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com [2014-02-09]
FF Extension: MySearchDial NewTab - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-03-02]
FF Extension: AudioTube - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\Extensions\firefox@org.audiotube.xpi [2014-02-08]
FF Extension: FindRight - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchProvider: "name": "Mysearchdial"
CHR Plugin: ( "name": "Mysearchdial") - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll","version":"11,5,502,110"},{"enabled":true,"name":"Adobe Flash Player"},{"enabled":false,"name":"Adobe Reader"},{"enabled":true,"name":"Adobe Shockwave Player"},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Chrome Remote Desktop Viewer"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Java™"},{"enabled":true,"name":"Microsoft Office"},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Windows Live® Photo Gallery"},{"enabled":true,"name":"npFFApi"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"name":"First user"},"promo":{"ntp_bubble_promo":[{"closed":false,"end":1361231940.0,"gplus_required":false,"group":0,"increment":1,"increment_frequency":0,"increment_max":1,"max_views":1,"num_groups":1,"segment":1,"start":1352332800.0,"text":"Chrome has been auto-updated.<br/>\n You're now on the latest, greatest version."views":0}]},"session":{"startup_urls": [ "http://start.mysearc...=1085628055&ir=" ], No File
CHR Extension: (YouTube) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-01]
CHR Extension: (Google Search) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-01]
CHR Extension: (weDownload Manager Pro) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2014-01-01]
CHR Extension: (Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-01]
CHR HKCU\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\steve\AppData\Local\Smartbar/Application\1Extension.crx [2013-02-01]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\steve\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]

==================== Services (Whitelisted) =================

R2 Update FindRight; C:\Program Files (x86)\FindRight\updateFindRight.exe [111904 2014-02-26] ()
R2 Util FindRight; C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [111904 2014-03-02] ()

==================== Drivers (Whitelisted) ====================

S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-03 21:55 - 2014-03-03 21:55 - 00012840 _____ () C:\Users\steve\Downloads\FRST.txt
2014-03-03 21:55 - 2014-03-03 21:55 - 00000000 ____D () C:\FRST
2014-03-03 21:54 - 2014-03-03 21:54 - 02156544 _____ (Farbar) C:\Users\steve\Downloads\FRST64.exe
2014-03-03 21:54 - 2014-03-03 21:54 - 01145344 _____ (Farbar) C:\Users\steve\Downloads\FRST.exe
2014-03-03 21:51 - 2014-03-03 21:53 - 00002278 _____ () C:\Users\steve\Desktop\Rkill.txt
2014-03-03 21:51 - 2014-03-03 21:51 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\steve\Downloads\rkill.exe
2014-03-03 20:52 - 2014-03-03 20:52 - 00000000 ____D () C:\_OTL
2014-03-02 16:21 - 2014-03-02 16:21 - 00688992 ____R (Swearware) C:\Users\steve\Downloads\dds(1).scr
2014-03-02 16:18 - 2014-03-02 16:18 - 00009133 _____ () C:\Users\steve\Downloads\hijackthis.log
2014-03-02 16:14 - 2014-03-02 16:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\steve\Downloads\HiJackThis(1).exe
2014-03-02 15:56 - 2014-03-02 15:56 - 00047866 _____ () C:\Users\steve\Downloads\Extras.Txt
2014-03-02 15:55 - 2014-03-02 15:55 - 00277436 _____ () C:\Users\steve\Downloads\OTL.Txt
2014-03-02 15:45 - 2014-03-02 15:45 - 00388608 _____ (Trend Micro Inc.) C:\Users\steve\Desktop\HiJackThis.exe
2014-03-02 15:42 - 2014-03-02 15:42 - 00602112 _____ (OldTimer Tools) C:\Users\steve\Desktop\OTL.exe
2014-03-02 15:29 - 2014-03-02 15:29 - 00688992 _____ (Swearware) C:\Users\steve\Downloads\dds.scr
2014-03-02 15:24 - 2014-03-02 15:24 - 00000000 ____D () C:\Users\steve\AppData\Local\CUSTPDF Writer
2014-03-02 15:12 - 2014-03-02 15:12 - 00000000 ____D () C:\Users\steve\AppData\Local\CutePDF Writer
2014-03-02 15:00 - 2014-03-03 07:31 - 00000000 ____D () C:\Program Files (x86)\FindRight
2014-03-02 15:00 - 2014-03-02 15:00 - 01298104 _____ ( ) C:\Users\steve\Downloads\PDFCreatorSetup(1).exe
2014-03-02 15:00 - 2014-03-02 15:00 - 00000000 ____D () C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-03-02 14:59 - 2014-03-03 21:00 - 00000084 _____ () C:\Users\steve\AppData\Roaming\WB.CFG
2014-03-02 14:59 - 2014-03-03 20:00 - 00003236 _____ () C:\Windows\System32\Tasks\MySearchDial
2014-03-02 14:52 - 2014-03-02 14:52 - 00000000 ____D () C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B
2014-03-02 14:51 - 2014-03-03 21:00 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-02 14:51 - 2014-03-02 15:03 - 00000000 ____D () C:\Users\steve\AppData\Roaming\systweak
2014-03-02 14:51 - 2014-03-02 15:00 - 00003236 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-03-02 14:51 - 2014-03-02 14:51 - 00000000 ____D () C:\Users\steve\AppData\Roaming\DigitalSites
2014-03-02 14:51 - 2014-03-02 14:51 - 00000000 ____D () C:\Program Files\PDFCreator
2014-03-02 14:51 - 2014-01-21 17:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-03-02 14:51 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\system32\custmon64i.dll
2014-03-02 14:50 - 2014-03-02 14:50 - 01298104 _____ ( ) C:\Users\steve\Downloads\PDFCreatorSetup (1).exe
2014-03-02 14:47 - 2014-03-02 14:47 - 01298000 _____ ( ) C:\Users\steve\Downloads\PDFCreatorSetup.exe
2014-03-02 14:47 - 2014-03-02 14:47 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Opera Software
2014-03-02 14:47 - 2014-03-02 14:47 - 00000000 ____D () C:\Users\steve\AppData\Local\Opera Software
2014-03-02 14:46 - 2014-03-02 15:00 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-02 14:46 - 2014-03-02 14:46 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-03-02 14:46 - 2014-03-02 14:46 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-03-02 14:46 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\system32\cpwmon64.dll
2014-03-02 14:45 - 2014-03-02 14:45 - 02003672 _____ (Acro Software Inc. ) C:\Users\steve\Downloads\CuteWriter.exe
2014-02-17 20:45 - 2014-02-17 20:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-17 20:44 - 2014-02-17 20:44 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-17 20:44 - 2014-02-17 20:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-17 20:44 - 2014-02-17 20:44 - 00000000 ____D () C:\ProgramData\Sun
2014-02-17 20:42 - 2014-02-17 20:42 - 00921000 _____ (Oracle Corporation) C:\Users\steve\Downloads\jxpiinstall.exe
2014-02-14 16:38 - 2014-02-14 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 09:27 - 2013-12-21 09:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 09:27 - 2013-12-21 08:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 09:26 - 2014-02-06 12:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 09:26 - 2014-02-06 11:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 09:26 - 2014-02-06 11:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 09:26 - 2014-02-06 11:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 09:26 - 2014-02-06 11:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 09:26 - 2014-02-06 11:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 09:26 - 2014-02-06 10:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 09:26 - 2014-02-06 10:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 09:26 - 2014-02-06 10:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 09:26 - 2014-02-06 10:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 09:26 - 2014-02-06 10:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 09:26 - 2014-02-06 10:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 09:26 - 2014-02-06 10:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 09:26 - 2014-02-06 10:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 09:26 - 2014-02-06 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 09:26 - 2014-02-06 10:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 09:26 - 2014-02-06 10:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 09:26 - 2014-02-06 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 09:26 - 2014-02-06 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 09:26 - 2014-02-06 09:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 09:26 - 2014-02-06 09:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 09:26 - 2014-02-06 09:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 09:26 - 2014-02-06 09:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 09:26 - 2014-02-06 09:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 09:26 - 2014-02-06 09:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 09:26 - 2014-02-06 09:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 09:26 - 2014-02-06 09:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 09:26 - 2014-02-06 09:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 09:26 - 2014-02-06 09:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 09:26 - 2014-02-06 09:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 09:26 - 2014-02-06 09:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 09:26 - 2014-02-06 09:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 09:26 - 2014-02-06 09:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 09:26 - 2014-02-06 09:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 09:26 - 2014-02-06 08:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 09:26 - 2014-02-06 08:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 09:26 - 2014-02-06 08:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 09:26 - 2014-02-06 08:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 09:26 - 2014-02-06 08:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 09:13 - 2013-12-31 23:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 09:13 - 2013-12-31 23:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 09:13 - 2013-12-24 23:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 09:13 - 2013-12-24 22:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 09:13 - 2013-12-06 02:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 09:13 - 2013-12-06 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 09:13 - 2013-12-06 02:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 09:13 - 2013-12-06 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 09:13 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 09:13 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 09:13 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 09:13 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 09:13 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 09:13 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 09:13 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 09:13 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 09:13 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 09:13 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 09:13 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 09:13 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 09:13 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 09:13 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 09:13 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 09:13 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 09:13 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 09:13 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 09:13 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 09:13 - 2013-11-22 22:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-08 23:28 - 2014-02-08 23:28 - 01071000 _____ (Solid State Networks) C:\Users\steve\Downloads\install_flashplayer12x32_mssd_aaa_aih(2).exe
2014-02-08 23:27 - 2014-02-08 23:27 - 01069920 _____ (Solid State Networks) C:\Users\steve\Downloads\install_reader11_en_mssd_aaa_aih(1).exe
2014-02-08 23:26 - 2014-02-08 23:26 - 01071000 _____ (Solid State Networks) C:\Users\steve\Downloads\install_flashplayer12x32_mssa_aaa_aih.exe
2014-02-08 23:22 - 2014-02-11 22:06 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Audacity
2014-02-08 23:22 - 2014-02-08 23:22 - 00000974 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-02-08 23:22 - 2014-02-08 23:22 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-02-08 23:21 - 2014-02-08 23:21 - 22180353 _____ (Audacity Team ) C:\Users\steve\Downloads\audacity-win-2.0.5.exe

==================== One Month Modified Files and Folders =======

2014-03-03 21:55 - 2014-03-03 21:55 - 00012840 _____ () C:\Users\steve\Downloads\FRST.txt
2014-03-03 21:55 - 2014-03-03 21:55 - 00000000 ____D () C:\FRST
2014-03-03 21:54 - 2014-03-03 21:54 - 02156544 _____ (Farbar) C:\Users\steve\Downloads\FRST64.exe
2014-03-03 21:54 - 2014-03-03 21:54 - 01145344 _____ (Farbar) C:\Users\steve\Downloads\FRST.exe
2014-03-03 21:53 - 2014-03-03 21:51 - 00002278 _____ () C:\Users\steve\Desktop\Rkill.txt
2014-03-03 21:51 - 2014-03-03 21:51 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\steve\Downloads\rkill.exe
2014-03-03 21:37 - 2009-07-14 05:13 - 00006450 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-03 21:35 - 2013-10-13 08:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-03 21:33 - 2012-10-31 21:36 - 01513534 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 21:25 - 2009-07-14 04:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 21:25 - 2009-07-14 04:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 21:19 - 2013-04-13 15:00 - 00000000 ___RD () C:\Users\steve\Dropbox
2014-03-03 21:19 - 2013-04-13 14:58 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Dropbox
2014-03-03 21:19 - 2013-02-11 11:25 - 00000000 ___RD () C:\Users\steve\Google Drive
2014-03-03 21:18 - 2014-01-01 17:26 - 00002318 _____ () C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
2014-03-03 21:18 - 2014-01-01 17:26 - 00001312 _____ () C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job
2014-03-03 21:18 - 2014-01-01 17:25 - 00002042 _____ () C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job
2014-03-03 21:18 - 2013-01-30 17:12 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 21:18 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-03 21:18 - 2009-07-14 04:51 - 00108372 _____ () C:\Windows\setupact.log
2014-03-03 21:13 - 2013-01-30 17:12 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-03 21:00 - 2014-03-02 14:59 - 00000084 _____ () C:\Users\steve\AppData\Roaming\WB.CFG
2014-03-03 21:00 - 2014-03-02 14:51 - 00000292 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-03 20:52 - 2014-03-03 20:52 - 00000000 ____D () C:\_OTL
2014-03-03 20:00 - 2014-03-02 14:59 - 00003236 _____ () C:\Windows\System32\Tasks\MySearchDial
2014-03-03 07:31 - 2014-03-02 15:00 - 00000000 ____D () C:\Program Files (x86)\FindRight
2014-03-03 07:31 - 2012-10-31 21:31 - 00153630 _____ () C:\Windows\PFRO.log
2014-03-02 20:51 - 2012-11-04 16:58 - 00000000 ____D () C:\Users\steve\AppData\Roaming\SoftGrid Client
2014-03-02 16:21 - 2014-03-02 16:21 - 00688992 ____R (Swearware) C:\Users\steve\Downloads\dds(1).scr
2014-03-02 16:18 - 2014-03-02 16:18 - 00009133 _____ () C:\Users\steve\Downloads\hijackthis.log
2014-03-02 16:18 - 2012-10-31 22:50 - 00000000 ____D () C:\Users\steve\AppData\Local\VirtualStore
2014-03-02 16:14 - 2014-03-02 16:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\steve\Downloads\HiJackThis(1).exe
2014-03-02 15:56 - 2014-03-02 15:56 - 00047866 _____ () C:\Users\steve\Downloads\Extras.Txt
2014-03-02 15:55 - 2014-03-02 15:55 - 00277436 _____ () C:\Users\steve\Downloads\OTL.Txt
2014-03-02 15:45 - 2014-03-02 15:45 - 00388608 _____ (Trend Micro Inc.) C:\Users\steve\Desktop\HiJackThis.exe
2014-03-02 15:42 - 2014-03-02 15:42 - 00602112 _____ (OldTimer Tools) C:\Users\steve\Desktop\OTL.exe
2014-03-02 15:29 - 2014-03-02 15:29 - 00688992 _____ (Swearware) C:\Users\steve\Downloads\dds.scr
2014-03-02 15:24 - 2014-03-02 15:24 - 00000000 ____D () C:\Users\steve\AppData\Local\CUSTPDF Writer
2014-03-02 15:12 - 2014-03-02 15:12 - 00000000 ____D () C:\Users\steve\AppData\Local\CutePDF Writer
2014-03-02 15:03 - 2014-03-02 14:51 - 00000000 ____D () C:\Users\steve\AppData\Roaming\systweak
2014-03-02 15:03 - 2010-04-08 08:27 - 00037334 _____ () C:\Windows\DPINST.LOG
2014-03-02 15:02 - 2014-01-01 17:26 - 00000000 ____D () C:\Program Files (x86)\Nokia
2014-03-02 15:00 - 2014-03-02 15:00 - 01298104 _____ ( ) C:\Users\steve\Downloads\PDFCreatorSetup(1).exe
2014-03-02 15:00 - 2014-03-02 15:00 - 00000000 ____D () C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-03-02 15:00 - 2014-03-02 14:51 - 00003236 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-03-02 15:00 - 2014-03-02 14:46 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-02 14:59 - 2014-01-01 18:14 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Nokia Suite
2014-03-02 14:59 - 2014-01-01 18:14 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Nokia
2014-03-02 14:59 - 2014-01-01 17:29 - 00000000 ____D () C:\ProgramData\Nokia
2014-03-02 14:52 - 2014-03-02 14:52 - 00000000 ____D () C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B
2014-03-02 14:51 - 2014-03-02 14:51 - 00000000 ____D () C:\Users\steve\AppData\Roaming\DigitalSites
2014-03-02 14:51 - 2014-03-02 14:51 - 00000000 ____D () C:\Program Files\PDFCreator
2014-03-02 14:51 - 2012-10-31 22:51 - 00058016 _____ () C:\Users\steve\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-02 14:50 - 2014-03-02 14:50 - 01298104 _____ ( ) C:\Users\steve\Downloads\PDFCreatorSetup (1).exe
2014-03-02 14:47 - 2014-03-02 14:47 - 01298000 _____ ( ) C:\Users\steve\Downloads\PDFCreatorSetup.exe
2014-03-02 14:47 - 2014-03-02 14:47 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Opera Software
2014-03-02 14:47 - 2014-03-02 14:47 - 00000000 ____D () C:\Users\steve\AppData\Local\Opera Software
2014-03-02 14:46 - 2014-03-02 14:46 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-03-02 14:46 - 2014-03-02 14:46 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-03-02 14:45 - 2014-03-02 14:45 - 02003672 _____ (Acro Software Inc. ) C:\Users\steve\Downloads\CuteWriter.exe
2014-03-01 09:14 - 2012-11-03 10:50 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-02-22 16:25 - 2013-01-21 22:02 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Ableton
2014-02-22 12:35 - 2013-10-13 08:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-22 12:35 - 2012-12-01 22:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-22 12:35 - 2012-12-01 22:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 20:45 - 2014-02-17 20:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-17 20:44 - 2014-02-17 20:44 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-17 20:44 - 2014-02-17 20:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-17 20:44 - 2014-02-17 20:44 - 00000000 ____D () C:\ProgramData\Sun
2014-02-17 20:44 - 2010-04-08 08:14 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-17 20:44 - 2010-04-08 08:14 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-17 20:44 - 2010-04-08 08:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-17 20:42 - 2014-02-17 20:42 - 00921000 _____ (Oracle Corporation) C:\Users\steve\Downloads\jxpiinstall.exe
2014-02-17 18:08 - 2013-01-30 17:12 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 18:08 - 2013-01-30 17:12 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 07:28 - 2013-08-21 18:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 07:21 - 2012-11-15 21:11 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 08:36 - 2013-01-22 21:39 - 00000000 ____D () C:\Program Files\CheckPoint
2014-02-15 08:36 - 2013-01-22 21:26 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-02-15 07:46 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-14 17:33 - 2012-12-01 22:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 16:38 - 2014-02-14 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 11:32 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-02-11 22:06 - 2014-02-08 23:22 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Audacity
2014-02-08 23:28 - 2014-02-08 23:28 - 01071000 _____ (Solid State Networks) C:\Users\steve\Downloads\install_flashplayer12x32_mssd_aaa_aih(2).exe
2014-02-08 23:27 - 2014-02-08 23:27 - 01069920 _____ (Solid State Networks) C:\Users\steve\Downloads\install_reader11_en_mssd_aaa_aih(1).exe
2014-02-08 23:26 - 2014-02-08 23:26 - 01071000 _____ (Solid State Networks) C:\Users\steve\Downloads\install_flashplayer12x32_mssa_aaa_aih.exe
2014-02-08 23:22 - 2014-02-08 23:22 - 00000974 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-02-08 23:22 - 2014-02-08 23:22 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-02-08 23:21 - 2014-02-08 23:21 - 22180353 _____ (Audacity Team ) C:\Users\steve\Downloads\audacity-win-2.0.5.exe
2014-02-06 12:16 - 2014-02-12 09:26 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 11:30 - 2014-02-12 09:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 11:30 - 2014-02-12 09:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 - 2014-02-12 09:26 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 11:07 - 2014-02-12 09:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 11:06 - 2014-02-12 09:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 09:26 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 10:56 - 2014-02-12 09:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 10:52 - 2014-02-12 09:26 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 10:49 - 2014-02-12 09:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 10:48 - 2014-02-12 09:26 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 10:48 - 2014-02-12 09:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 10:38 - 2014-02-12 09:26 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 10:32 - 2014-02-12 09:26 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 10:20 - 2014-02-12 09:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 10:17 - 2014-02-12 09:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 10:11 - 2014-02-12 09:26 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 10:01 - 2014-02-12 09:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 10:00 - 2014-02-12 09:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 09:57 - 2014-02-12 09:26 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 09:57 - 2014-02-12 09:26 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 09:52 - 2014-02-12 09:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 09:52 - 2014-02-12 09:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 09:50 - 2014-02-12 09:26 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 09:49 - 2014-02-12 09:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 09:47 - 2014-02-12 09:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 09:46 - 2014-02-12 09:26 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 09:25 - 2014-02-12 09:26 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 09:25 - 2014-02-12 09:26 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 09:24 - 2014-02-12 09:26 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 09:22 - 2014-02-12 09:26 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 09:13 - 2014-02-12 09:26 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 09:09 - 2014-02-12 09:26 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 09:03 - 2014-02-12 09:26 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 08:55 - 2014-02-12 09:26 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 08:41 - 2014-02-12 09:26 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 08:40 - 2014-02-12 09:26 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 08:36 - 2014-02-12 09:26 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 08:34 - 2014-02-12 09:26 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-28 09:36

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-03-2014 01
Ran by steve at 2014-03-03 21:56:01
Running from C:\Users\steve\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Ableton Live 8 (HKLM-x32\...\{DF0C0EB1-6940-4B18-A3AB-014F28A5028C}) (Version: 8.0.0.0 - Ableton)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.64 - Conexant)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
FindRight (HKLM\...\FindRight) (Version: 2014.02.26.051729 - FindRight) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mysearchdial (HKLM-x32\...\mysearchdial) (Version: - Mysearchdial) <==== ATTENTION
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
PDF Creator (HKLM\...\PDF Creator) (Version: - )
PDF Creator Packages (HKCU\...\PDF Creator Packages) (Version: - ) <==== ATTENTION
PDF Creator Packages 95 (HKCU\...\PDF Creator Packages 95) (Version: - ) <==== ATTENTION
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
Update for PDF Creator (HKCU\...\Digital Sites) (Version: - Update for PDF Creator) <==== ATTENTION
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
weDownload Manager Pro (HKLM-x32\...\weDownload Manager Pro) (Version: 1.31.153.0 - weDownload) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Restore Points =========================

22-02-2014 09:39:17 Windows Update
25-02-2014 09:16:13 Windows Update
26-02-2014 10:05:21 Windows Update
02-03-2014 15:01:07 Removed Nokia Connectivity Cable Driver
02-03-2014 15:02:39 Removed PC Connectivity Solution
02-03-2014 15:45:42 OTL Restore Point - 3/2/2014 3:45:42 PM
03-03-2014 20:52:33 OTL Restore Point - 3/3/2014 8:52:30 PM

==================== Hosts content: ==========================

2009-07-14 02:34 - 2014-03-03 20:52 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0A1E41C3-AC17-417A-A3DC-753CF2B0AD96} - System32\Tasks\steve Local Autobackup => C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe
Task: {1CA61FE7-755A-4045-9B67-8163B6DCAD34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-30] (Google Inc.)
Task: {2CB2C898-0685-49B3-A8DC-336FDC2C93D6} - System32\Tasks\weDownload Manager Pro-firefoxinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe [2014-01-01] (weDownload) <==== ATTENTION
Task: {369A1117-5E68-463E-BACA-65378F25E2C8} - System32\Tasks\{2F85A1A9-FF9F-4214-A618-310078343588} => E:\Ableton Live 8.0.4\Setup.exe
Task: {4C006C5E-EB90-4809-AE3F-C1773F2C45AA} - System32\Tasks\MySearchDial => C:\Users\steve\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {5273CB74-0288-42FD-895B-4945196AD7DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-22] (Adobe Systems Incorporated)
Task: {5BD1008B-B10A-4F6C-AF60-611C7B408649} - System32\Tasks\{15B2F29B-B86D-4625-B5AC-32F84B77E457} => E:\Ableton Live 8.0.4\Setup.exe
Task: {6969A5C0-A822-4B0C-B2DA-610987F9AF1D} - System32\Tasks\weDownload Manager Pro-chromeinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe [2014-01-01] (weDownload) <==== ATTENTION
Task: {97146958-EF9B-48BA-AEE7-007F3F487BCD} - System32\Tasks\{C8B69739-43B7-4236-9F2C-A70BD6374B1A} => E:\Ableton Live 8.0.4\Setup.exe
Task: {A88FE090-4643-4BFD-97D8-A4039F049464} - System32\Tasks\{6C91A556-ED0D-4953-AB2C-648AC45F63A1} => E:\Ableton Live 8.0.4\Setup.exe
Task: {B25B5D83-3EC9-4B16-9CA7-CC5715DD41A1} - System32\Tasks\weDownload Manager Pro-codedownloader => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe [2014-01-01] (weDownload) <==== ATTENTION
Task: {B5582603-C903-4480-A9BD-4A83263D5772} - System32\Tasks\Digital Sites => C:\Users\steve\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {D71F9914-5F0D-4BE6-AD1C-5361BD108F21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-30] (Google Inc.)
Task: {FF237B27-96CB-4244-8B08-E2CDCFB1F900} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\steve\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-03-02 14:51 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2014-03-02 14:46 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2011-06-22 06:48 - 2011-06-22 06:48 - 00034304 _____ () C:\Windows\System32\ssp7ml6.dll
2014-02-26 05:19 - 2014-02-26 05:19 - 00111904 _____ () C:\Program Files (x86)\FindRight\updateFindRight.exe
2014-03-02 16:00 - 2014-03-02 16:00 - 00111904 _____ () C:\Program Files (x86)\FindRight\bin\utilFindRight.exe
2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-18 23:55 - 2013-10-18 23:55 - 25100288 _____ () C:\Users\steve\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-03 21:19 - 2014-03-03 21:19 - 00098816 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\win32api.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00110080 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\pywintypes27.dll
2014-03-03 21:19 - 2014-03-03 21:19 - 00364544 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\pythoncom27.dll
2014-03-03 21:19 - 2014-03-03 21:19 - 00044032 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\_socket.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 01157120 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\_ssl.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00320512 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\win32com.shell.shell.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00712192 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\_hashlib.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 01175040 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\wx._core_.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00805888 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\wx._gdi_.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00811008 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\wx._windows_.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 01062400 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\wx._controls_.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00735232 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\wx._misc_.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00128512 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\_elementtree.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00127488 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\pyexpat.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00557056 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\pysqlite2._sqlite.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00087040 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\_ctypes.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00119808 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\win32file.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00108544 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\win32security.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00018432 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\win32event.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00038912 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\win32inet.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00122368 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\wx._wizard.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00070656 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\wx._html2.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00026624 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\_multiprocessing.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00010240 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\select.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00024064 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\win32pipe.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00686080 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\unicodedata.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00025600 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\win32pdh.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00525640 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\windows._lib_cacheinvalidation.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00011264 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\win32crypt.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00035840 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\win32process.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00017408 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\win32profile.pyd
2014-03-03 21:19 - 2014-03-03 21:19 - 00022528 _____ () C:\Users\steve\AppData\Local\Temp\_MEI26042\win32ts.pyd
2014-02-14 16:38 - 2014-02-14 16:38 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-22 12:35 - 2014-02-22 12:35 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2014 09:37:17 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/03/2014 09:37:17 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/03/2014 08:53:31 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/03/2014 08:53:31 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/03/2014 08:50:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2836457

Error: (03/03/2014 08:50:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2836457

Error: (03/03/2014 08:50:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/03/2014 07:34:55 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/03/2014 07:34:55 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/02/2014 03:00:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 27.0.1.5156, time stamp: 0x52fc0fcf
Faulting module name: mozalloc.dll, version: 27.0.1.5156, time stamp: 0x52fbe972
Exception code: 0x80000003
Fault offset: 0x0000119c
Faulting process id: 0x1b68
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

System errors:
=============
Error: (03/03/2014 08:52:18 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/02/2014 02:57:44 PM) (Source: Service Control Manager) (User: )
Description: The Update FindRight service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (02/25/2014 09:16:37 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/22/2014 09:39:46 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/22/2014 09:39:46 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/22/2014 09:39:45 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (02/17/2014 08:40:58 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user steve-TOSH\steve (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (02/17/2014 08:40:36 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/17/2014 08:40:34 PM) (Source: DCOM) (User: )
Description: {C332C124-340D-4430-AA0D-C75602876FCC}

Error: (02/17/2014 07:42:03 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Microsoft Office Sessions:
=========================
Error: (03/03/2014 09:37:17 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/03/2014 09:37:17 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (03/03/2014 08:53:31 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/03/2014 08:53:31 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (03/03/2014 08:50:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2836457

Error: (03/03/2014 08:50:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2836457

Error: (03/03/2014 08:50:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/03/2014 07:34:55 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/03/2014 07:34:55 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (03/02/2014 03:00:46 PM) (Source: Application Error)(User: )
Description: plugin-container.exe27.0.1.515652fc0fcfmozalloc.dll27.0.1.515652fbe972800000030000119c1b6801cf36282f92a4a9C:\PROGRA~2\MOZILL~1\plugin-container.exeC:\PROGRA~2\MOZILL~1\mozalloc.dll6ec0a0e3-a21b-11e3-a0ed-00266c7c64f6

CodeIntegrity Errors:
===================================
Date: 2014-02-15 07:45:57.170
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\AK\icsak.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-15 07:45:56.832
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-15 07:34:26.756
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\AK\icsak.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-15 07:34:26.397
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-15 07:28:25.325
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\AK\icsak.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-15 07:28:24.862
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-14 17:49:02.779
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\AK\icsak.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-14 17:49:01.901
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-14 17:42:21.090
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\AK\icsak.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-02-14 17:42:20.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 69%
Total physical RAM: 2939.97 MB
Available physical RAM: 909 MB
Total Pagefile: 5878.12 MB
Available Pagefile: 3641.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:148.81 GB) (Free:88.42 GB) NTFS
Drive d: (Data) (Fixed) (Total:148.88 GB) (Free:141.97 GB) NTFS
Drive f: (MyBook) (Fixed) (Total:465.76 GB) (Free:282.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 420C2042)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 44FDFE06)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Stephen.M.Higgins

#6 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 03 March 2014 - 04:45 PM

Running from C:\Users\steve\Downloads
Locate FRST, right click and select copy, please go to desktop, right click and select paste.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
AppInit_DLLs-x32: c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll" File Not Found
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1085628055&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
BHO-x32: FindRight - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files (x86)\FindRight\FindRightbho.dll (FindRight)
BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\PROGRA~2\MYSEAR~1\1821~1.0\bh\mysearchdial.dll No File
FF user.js: detected! => C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\user.js
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1085628055&ir=
FF Plugin-x32: @checkpoint.com/FFApi- C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF SearchPlugin: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\searchplugins\Mysearchdial.xml
FF Extension: weDownload Manager Pro - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com [2014-02-09]
FF Extension: MySearchDial NewTab - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-03-02]
FF Extension: FindRight - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-26]
CHR DefaultSearchProvider: "name": "Mysearchdial"
CHR Plugin: ( "name": "Mysearchdial") - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.
"http://start.mysearc...=1085628055&ir=" ], No File
CHR Extension: (weDownload Manager Pro) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2014-01-01]
CHR HKCU\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\steve\AppData\Local\Smartbar/Application\1Extension.crx [2013-02-01]
R2 Update FindRight; C:\Program Files (x86)\FindRight\updateFindRight.exe [111904 2014-02-26] ()
R2 Util FindRight; C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [111904 2014-03-02] ()
R2 Update FindRight
R2 Util FindRight
C:\Program Files (x86)\FindRight
C:\Users\steve\AppData\Roaming\systweak
C:\Windows\System32\Tasks\MySearchDial
2014-03-02 14:51 - 2014-01-21 17:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
Mysearchdial (HKLM-x32\...\mysearchdial) (Version: - Mysearchdial) <==== ATTENTION
Task: {2CB2C898-0685-49B3-A8DC-336FDC2C93D6} - System32\Tasks\weDownload Manager Pro-firefoxinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe [2014-01-01] (weDownload) <==== ATTENTION
Task: {4C006C5E-EB90-4809-AE3F-C1773F2C45AA} - System32\Tasks\MySearchDial => C:\Users\steve\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6969A5C0-A822-4B0C-B2DA-610987F9AF1D} - System32\Tasks\weDownload Manager Pro-chromeinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe [2014-01-01] (weDownload) <==== ATTENTION
Task: {B25B5D83-3EC9-4B16-9CA7-CC5715DD41A1} - System32\Tasks\weDownload Manager Pro-codedownloader => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe [2014-01-01] (weDownload) <==== ATTENTION
Task: {B5582603-C903-4480-A9BD-4A83263D5772} - System32\Tasks\Digital Sites => C:\Users\steve\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\steve\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe <==== ATTENTION
2014-02-26 05:19 - 2014-02-26 05:19 - 00111904 _____ () C:\Program Files (x86)\FindRight\updateFindRight.exe
2014-03-02 16:00 - 2014-03-02 16:00 - 00111904 _____ () C:\Program Files (x86)\FindRight\bin\utilFindRight.exe
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Your computer should reboot after the following instructions, if not please reboot.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please post:
fixlist.txt
C:\AdwCleaner[S1].txt
JRT.txt

How's your computer now?

#7 h1gg1

Authentic Member

Authentic Member
123 posts

Posted 05 March 2014 - 03:40 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014
Ran by steve at 2014-03-05 21:10:51 Run:1
Running from C:\Users\steve\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
AppInit_DLLs-x32: c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll" File Not Found
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1085628055&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
BHO-x32: FindRight - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files (x86)\FindRight\FindRightbho.dll (FindRight)
BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\PROGRA~2\MYSEAR~1\1821~1.0\bh\mysearchdial.dll No File
FF user.js: detected! => C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\user.js
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1085628055&ir=
FF Plugin-x32: @checkpoint.com/FFApi- C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF SearchPlugin: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\searchplugins\Mysearchdial.xml
FF Extension: weDownload Manager Pro - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com [2014-02-09]
FF Extension: MySearchDial NewTab - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-03-02]
FF Extension: FindRight - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-26]
CHR DefaultSearchProvider: "name": "Mysearchdial"
CHR Plugin: ( "name": "Mysearchdial") - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.
"http://start.mysearc...=1085628055&ir=" ], No File
CHR Extension: (weDownload Manager Pro) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2014-01-01]
CHR HKCU\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\steve\AppData\Local\Smartbar/Application\1Extension.crx [2013-02-01]
R2 Update FindRight; C:\Program Files (x86)\FindRight\updateFindRight.exe [111904 2014-02-26] ()
R2 Util FindRight; C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [111904 2014-03-02] ()
R2 Update FindRight
R2 Util FindRight
C:\Program Files (x86)\FindRight
C:\Users\steve\AppData\Roaming\systweak
C:\Windows\System32\Tasks\MySearchDial
2014-03-02 14:51 - 2014-01-21 17:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
Mysearchdial (HKLM-x32\...\mysearchdial) (Version: - Mysearchdial) <==== ATTENTION
Task: {2CB2C898-0685-49B3-A8DC-336FDC2C93D6} - System32\Tasks\weDownload Manager Pro-firefoxinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe [2014-01-01] (weDownload) <==== ATTENTION
Task: {4C006C5E-EB90-4809-AE3F-C1773F2C45AA} - System32\Tasks\MySearchDial => C:\Users\steve\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6969A5C0-A822-4B0C-B2DA-610987F9AF1D} - System32\Tasks\weDownload Manager Pro-chromeinstaller => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe [2014-01-01] (weDownload) <==== ATTENTION
Task: {B25B5D83-3EC9-4B16-9CA7-CC5715DD41A1} - System32\Tasks\weDownload Manager Pro-codedownloader => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe [2014-01-01] (weDownload) <==== ATTENTION
Task: {B5582603-C903-4480-A9BD-4A83263D5772} - System32\Tasks\Digital Sites => C:\Users\steve\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\steve\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job => C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe <==== ATTENTION
2014-02-26 05:19 - 2014-02-26 05:19 - 00111904 _____ () C:\Program Files (x86)\FindRight\updateFindRight.exe
2014-03-02 16:00 - 2014-03-02 16:00 - 00111904 _____ () C:\Program Files (x86)\FindRight\bin\utilFindRight.exe
Reboot:
end
*****************

"c:\\progra~3\\browse~1\\261040~1.25\\{c16c1~1\\browse~1.dll" => Value Data removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2c774641-5504-46a8-b63f-6715ae3fe376} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2c774641-5504-46a8-b63f-6715ae3fe376} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} => Key deleted successfully.
C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\user.js => Moved successfully.
Firefox homepage deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @checkpoint.com/FFApi- C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File => Key not found.
FF Plugin-x32: @checkpoint.com/FFApi- C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File not found.
C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\searchplugins\Mysearchdial.xml => Moved successfully.
C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com => Moved successfully.
C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} => Moved successfully.
C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi => Moved successfully.
CHR DefaultSearchProvider: "name": "Mysearchdial" ==> The Chrome "Settings" can be used to fix the entry.
CHR Plugin: ( "name": "Mysearchdial") - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110. not found.
C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl => Key deleted successfully.
"C:\Users\steve\AppData\Local\Smartbar/Application\1Extension.crx" => File/Directory not found.
Update FindRight => Unable to stop service
Update FindRight => Service deleted successfully.
Util FindRight => Unable to stop service
Util FindRight => Service deleted successfully.
C:\Program Files (x86)\FindRight => Moved successfully.
C:\Users\steve\AppData\Roaming\systweak => Moved successfully.
C:\Windows\System32\Tasks\MySearchDial => Moved successfully.
C:\Windows\system32\roboot64.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2CB2C898-0685-49B3-A8DC-336FDC2C93D6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CB2C898-0685-49B3-A8DC-336FDC2C93D6} => Key deleted successfully.
C:\Windows\System32\Tasks\weDownload Manager Pro-firefoxinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C006C5E-EB90-4809-AE3F-C1773F2C45AA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C006C5E-EB90-4809-AE3F-C1773F2C45AA} => Key deleted successfully.
C:\Windows\System32\Tasks\MySearchDial not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6969A5C0-A822-4B0C-B2DA-610987F9AF1D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6969A5C0-A822-4B0C-B2DA-610987F9AF1D} => Key deleted successfully.
C:\Windows\System32\Tasks\weDownload Manager Pro-chromeinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-chromeinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B25B5D83-3EC9-4B16-9CA7-CC5715DD41A1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B25B5D83-3EC9-4B16-9CA7-CC5715DD41A1} => Key deleted successfully.
C:\Windows\System32\Tasks\weDownload Manager Pro-codedownloader => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5582603-C903-4480-A9BD-4A83263D5772} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5582603-C903-4480-A9BD-4A83263D5772} => Key deleted successfully.
C:\Windows\System32\Tasks\Digital Sites => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites => Key deleted successfully.
C:\Windows\Tasks\Digital Sites.job => Moved successfully.
C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job => Moved successfully.
C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job => Moved successfully.
C:\Windows\Tasks\weDownload Manager Pro-firefoxinstaller.job => Moved successfully.
"C:\Program Files (x86)\FindRight\updateFindRight.exe" => File/Directory not found.
"C:\Program Files (x86)\FindRight\bin\utilFindRight.exe" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog ====

# AdwCleaner v3.020 - Report created 05/03/2014 at 21:19:22
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : steve - STEVE-TOSH
# Running from : C:\Users\steve\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Bcool
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Search Results Toolbar
Folder Deleted : C:\Program Files (x86)\weDownload Manager Pro
Folder Deleted : C:\Program Files (x86)\Bcool
Folder Deleted : C:\Users\steve\AppData\Local\torch
Folder Deleted : C:\Users\steve\AppData\Local\Wajam
Folder Deleted : C:\Users\steve\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\steve\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\steve\AppData\Roaming\DigitalSites
File Deleted : C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\invalidprefs.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKCU\Software\5a55d8dfe03db843
Key Deleted : HKLM\SOFTWARE\5a55d8dfe03db843
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\weDownload Manager Pro
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\weDownload Manager Pro
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\weDownload Manager Pro
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\xa5ui7qh.default-1388601918661\prefs.js ]

Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT+0000 (GMT Standard T[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app43628%22%3A%22app43[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.expiration", "Sun Mar 09 2014 09:00:23 GMT+0000 (GMT Standar[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.value", "%22GB%22");
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.expiration", "Thu Mar 06 2014 21:01:55 GMT+0000 (GMT Standard T[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22appName%22%3A%22weDownload[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.description", "Enhance your search results with direct download links and information for apps and[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A311159%2C%22ver%22%3A2%2[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
Line Deleted : user_pref("extensions.crossrider.bic", "14351b86d33e5ee71f7777e6cc7013b6");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites0301");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1085628055");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czut[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "1C659D1CEBFFD1D2");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16131");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0301&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Cz[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites0301&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0DtC0C0E0B0F0F0DtC0DtBtN0D0Tzu0SyBzytBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:0:27");

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup
Deleted : homepage

*************************

AdwCleaner[R0].txt - [12880 octets] - [05/03/2014 21:18:47]
AdwCleaner[S0].txt - [12082 octets] - [05/03/2014 21:19:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12143 octets] ##########

Could not run Junkware removal tool due to 'a temporary outage' ???

MOzilla Firefox is back - however within the search bar it reads Amazon.com in light grey text and any search i do directs me to a search of the Amazon website ??? Cant seem to get rid of this - is this another searchpage hijacker???

Stephen.M.Higgins

#8 h1gg1

Authentic Member

Authentic Member
123 posts

Posted 05 March 2014 - 03:48 PM

Ive Sorted the Amazon issue!!

Stephen.M.Higgins

#9 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 05 March 2014 - 03:56 PM

search dial is still hijacking my browser

Is this still happening?

Don't worry about Junkware removal tool.

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Go here to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

#10 h1gg1

Authentic Member

Authentic Member
123 posts

Posted 05 March 2014 - 04:09 PM

Managed to run JRT - here is log.

I will follow the latest instructions and post TXT docs.

Things are already much better - you can tell you've done this kindastuff before!!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by steve on 05/03/2014 at 21:51:22.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup(1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup(1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup(1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup(1)_RASMANCS

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\steve\AppData\Roaming\mozilla\firefox\profiles\xa5ui7qh.default-1388601918661\minidumps [47 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/03/2014 at 21:58:30.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Stephen.M.Higgins

Advertisements

Register to Remove

#11 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 05 March 2014 - 04:11 PM

Things are already much better - you can tell you've done this kindastuff before!!

ahhh, just a little bit.

anxious to see your logs.

#12 h1gg1

Authentic Member

Authentic Member
123 posts

Posted 06 March 2014 - 03:04 PM

Mysearchdial seems to have been remedied - back on Mozilla.

Esetscan as follows;

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bcool\sprotector.dll.vir   a variant of Win32/SProtector.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\43628.crx.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\43628.xpi.vir   JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\utils.exe.vir   Win32/Toolbar.CrossRider.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-buttonutil.exe.vir   probably a variant of Win32/Toolbar.CrossRider.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-buttonutil64.dll.vir   probably a variant of Win64/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-buttonutil64.exe.vir   a variant of Win64/Toolbar.Crossrider.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe.vir   a variant of Win32/Toolbar.CrossRider.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe.vir   a variant of Win32/Toolbar.CrossRider.T potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe.vir   a variant of Win32/Toolbar.CrossRider.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Bcool\50eb4883a864b.dll.vir   Win32/Adware.MultiPlug.G application
C:\AdwCleaner\Quarantine\C\Users\steve\AppData\Local\torch\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.9_0\BabylonChromeToolBar.dll.vir   a variant of Win32/Toolbar.Babylon.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\steve\AppData\Local\torch\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.9_0\BUSolution.dll.vir   a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\steve\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\PDF Creator Packages\uninstaller.exe.vir   Win32/InstallCore.AZ potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\102_dealply_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\103_intext_5_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\104_jollywallet_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\105_corticas_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\108_icm_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\117_coupons_intext_ads_5_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\119_similar_web_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\120_luck_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\123_intext_adv_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\124_superfish_no_search_no_coupons_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\125_arcadi2_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\126_revizer_ws_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\127_revizer_p_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\128_superfish_pricora_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\135_arcadi3_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\138_getdeal_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\141_corticas_ru_m.js.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\142_intext_fa_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\155_ibario_pops_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\158_50onred_ads_only_no_fb_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\159_cortica_rollover_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\171_arcadi2_sourceID_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\175_coolmirage_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\178_revizer_ws_dynamic_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\179_revizer_p_dynamic_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\180_bpo_serp_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\184_noproblemppc_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\189_active_sanity.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\190_pops_5_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\191_ciuvo_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\194_retargeting_bi_m.js.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\215_quicklizard_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\217_similar_products_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\223_imonomy_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\224_beacon_pops_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\91_monetizationLoader.js.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com05-03-2014_21-10-51\extensionData\plugins\93_superfish_no_coupons_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\FindRight05-03-2014_21-11-01\FindRightBHO.dll   a variant of Win32/BrowseFox.F potentially unwanted application
C:\FRST\Quarantine\FindRight05-03-2014_21-11-01\FindRightUninstall.exe   Win32/BrowseFox.C potentially unwanted application
C:\FRST\Quarantine\FindRight05-03-2014_21-11-01\updateFindRight.exe   a variant of Win32/BrowseFox.G potentially unwanted application
C:\FRST\Quarantine\FindRight05-03-2014_21-11-01\bin\FindRightBrowserFilter.exe   a variant of MSIL/BrowseFox.B potentially unwanted application
C:\FRST\Quarantine\FindRight05-03-2014_21-11-01\bin\utilFindRight.exe   a variant of Win32/BrowseFox.G potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\102_dealply_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\103_intext_5_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\104_jollywallet_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\105_corticas_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\108_icm_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\117_coupons_intext_ads_5_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\119_similar_web_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\120_luck_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\123_intext_adv_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\125_arcadi2_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\126_revizer_ws_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\127_revizer_p_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\128_superfish_pricora_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\135_arcadi3_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\138_getdeal_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\141_corticas_ru_m.js.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\142_intext_fa_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\155_ibario_pops_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\159_cortica_rollover_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\171_arcadi2_sourceID_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\175_coolmirage_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\178_revizer_ws_dynamic_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\179_revizer_p_dynamic_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\180_bpo_serp_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\184_noproblemppc_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\189_active_sanity.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\190_pops_5_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\191_ciuvo_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\194_retargeting_bi_m.js.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\91_monetizationLoader.js.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\kikjpgpbpnapbimplfcbcbakjacpgceb05-03-2014_21-10-51\1.25.32_0\extensionData\plugins\93_superfish_no_coupons_m.js   JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B\PDF Creator Packages\uninstaller.exe   Win32/InstallCore.AZ potentially unwanted application
C:\Users\steve\Downloads\CuteWriter.exe   a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\steve\Downloads\PDFCreatorSetup (1).exe   a variant of Win32/InstallCore.KT potentially unwanted application
C:\Users\steve\Downloads\PDFCreatorSetup(1).exe   a variant of Win32/InstallCore.KT potentially unwanted application
C:\Users\steve\Downloads\PDFCreatorSetup.exe   a variant of Win32/InstallCore.KT potentially unwanted application
C:\_OTL\MovedFiles\03032014_205217\C_Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialApp.dll   a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\_OTL\MovedFiles\03032014_205217\C_Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll   probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\_OTL\MovedFiles\03032014_205217\C_Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialsrv.exe   a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\_OTL\MovedFiles\03032014_205217\C_Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll   a variant of Win32/Toolbar.Montiera.F potentially unwanted application
C:\_OTL\MovedFiles\03032014_205217\C_Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll   a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\_OTL\MovedFiles\03032014_205217\C_Users\steve\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe   a variant of Win32/DealPly.O potentially unwanted application

Stephen.M.Higgins

#13 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 06 March 2014 - 03:13 PM

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B\PDF Creator Packages\uninstaller.exe
C:\Users\steve\Downloads\CuteWriter.exe
C:\Users\steve\Downloads\PDFCreatorSetup (1).exe
C:\Users\steve\Downloads\PDFCreatorSetup(1).exe
C:\Users\steve\Downloads\PDFCreatorSetup.exe
Reboot:
end

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

#14 h1gg1

Authentic Member

Authentic Member
123 posts

Posted 06 March 2014 - 04:48 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-03-2014
Ran by steve at 2014-03-06 22:34:58 Run:2
Running from C:\Users\steve\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B\PDF Creator Packages\uninstaller.exe
C:\Users\steve\Downloads\CuteWriter.exe
C:\Users\steve\Downloads\PDFCreatorSetup (1).exe
C:\Users\steve\Downloads\PDFCreatorSetup(1).exe
C:\Users\steve\Downloads\PDFCreatorSetup.exe
Reboot:
end
*****************

C:\Users\steve\AppData\Roaming\0D0S1L2Z1P1B\PDF Creator Packages\uninstaller.exe => Moved successfully.
C:\Users\steve\Downloads\CuteWriter.exe => Moved successfully.
C:\Users\steve\Downloads\PDFCreatorSetup (1).exe => Moved successfully.
C:\Users\steve\Downloads\PDFCreatorSetup(1).exe => Moved successfully.
C:\Users\steve\Downloads\PDFCreatorSetup.exe => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.06.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
steve :: STEVE-TOSH [administrator]

Protection: Enabled

06/03/2014 22:40:30
mbam-log-2014-03-06 (22-40-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213671
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Stephen.M.Higgins

#15 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 06 March 2014 - 05:53 PM

Mysearchdial seems to have been remedied - back on Mozilla.

still?

Body Background

skin color theme