help with computer

[loukirkham]

shall I do the old timer scan now?

[flashh4]

Yep Louk, see all the junk/crap we removed with it !

OK great job so far, now this one will take while & it will be a long log, you will have to break it into to post it ! It will take me a couple hours to read threw it. If you have the time tonight to run it & then post i will read it tonight !

Just let it run & do it's thing !

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

+++++++++++++++++

Download OldTimer to your desk top !

If you already have a copy of OTL delete it and use this version.

(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.

* Check the following.

o Scan all users.

o Standard Output.

o Lop check.

o Purity check.

* Under Extra Registry section, select Use SafeList

* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).

* When finished it will produce two logs.

o OTL.txt (open on your desktop).

o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

*This may have to be broken into more than one post !

Thanks

Chuck

[loukirkham]

on: 4/30/2013 9:22:30 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 61.45% Memory free

7.48 Gb Paging File | 5.79 Gb Available in Paging File | 77.36% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 686.92 Gb Total Space | 586.74 Gb Free Space | 85.42% Space Free | Partition Type: NTFS

Drive D: | 11.48 Gb Total Space | 1.40 Gb Free Space | 12.20% Space Free | Partition Type: NTFS

Computer Name: HP | User Name: Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

========== Processes (SafeList) ==========

PRC - [2013/04/30 20:41:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.exe

PRC - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/04/02 18:02:04 | 000,305,448 | ---- | M] (Smilebox, Inc.) -- C:\Users\Admin\AppData\Roaming\Smilebox\SmileboxTray.exe

PRC - [2013/01/13 14:04:15 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/12/08 20:15:05 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2011/05/27 16:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

PRC - [2011/05/27 16:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

PRC - [2011/05/27 16:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2010/05/20 15:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe

PRC - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/05/27 16:57:32 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll

MOD - [2011/05/27 16:08:56 | 000,660,480 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll

MOD - [2010/08/22 22:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll

MOD - [2010/08/22 22:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll

MOD - [2010/08/22 22:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll

MOD - [2010/08/22 22:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll

MOD - [2010/08/22 21:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll

MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll

MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll

MOD - [2010/01/18 11:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

========== Services (SafeList) ==========

SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/03/13 11:49:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/05/27 16:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)

SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{ACFE2730-35DD-44CD-ADE0-4DC040AC32C4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig'>http://www.google.com/ig

IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\URLSearchHook: - No CLSID value found

IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS394

IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes\{ACFE2730-35DD-44CD-ADE0-4DC040AC32C4}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/08 20:15:21 | 000,000,000 | ---D | M]

[2012/10/07 21:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)

CHR - default_search_provider: search_url = http://mystart.smilebox.com/?loc=SB_CH_DS&search={searchTerms}&a=6R8rirCRFt

CHR - default_search_provider: suggest_url =

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll

CHR - plugin: Fun Web Products Plugin Stub (Enabled) = C:\Program Files (x86)\FunWebProducts\Installr\8.bin\NPFunWeb.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google Search = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Skype Click to Call = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\

CHR - Extension: Installation Assistant = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.21.62_0\crossrider

CHR - Extension: Installation Assistant = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.21.62_0\

CHR - Extension: Gmail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/08/25 05:56:21 | 000,416,916 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 14387 more lines...

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [b2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe File not found

O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4107407181-1778811561-918822078-1000..\Run: [smileboxTray] C:\Users\Admin\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Suite X 3.3.lnk = File not found

O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.11.2)

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.11.2)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C91E3383-1977-490F-BDE2-6A9AD44E9417}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 180 Days ==========

[2013/04/30 08:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013/04/30 07:48:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/04/30 07:48:00 | 000,000,000 | ---D | C] -- C:\JRT

[2013/04/29 19:04:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes

[2013/04/29 19:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/04/29 19:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/04/29 19:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/04/29 19:04:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs

[2013/04/19 10:29:44 | 000,225,280 | ---- | C] (Leader Technologies) -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

[2013/04/19 10:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames Interactive

[2013/04/14 18:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Scholastic's Clifford

[2013/04/14 18:05:29 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe

[2013/04/10 21:17:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/04/10 21:17:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/04/10 21:17:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/04/10 21:17:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/04/10 21:17:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/04/10 21:17:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/04/10 12:48:11 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013/04/10 12:48:10 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll

[2013/04/10 12:48:10 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll

[2013/04/10 12:48:01 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/04/10 12:48:01 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/04/10 12:48:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2013/03/23 15:39:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Clifford Phonics

[2013/03/23 15:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scholastic's Clifford

[2013/03/23 15:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Scholastic

[2013/03/21 17:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2013/03/04 09:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2013/02/27 22:15:20 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll

[2013/02/27 22:15:20 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

[2013/02/27 22:15:14 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/02/27 22:15:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/02/27 22:15:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/02/27 22:15:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/02/27 22:15:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/02/27 22:15:07 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/02/27 22:15:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/02/27 22:15:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/02/27 22:15:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/02/27 22:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

[2013/02/27 22:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/02/27 22:15:06 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/02/27 22:15:05 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013/02/24 17:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013/02/24 17:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2013/02/24 17:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013/02/19 19:41:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\James Docs

[2013/02/17 17:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2013/02/17 17:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2013/02/13 07:14:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/02/13 07:14:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/02/13 07:14:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/02/13 07:14:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/02/13 07:14:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/01/25 19:10:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013/01/25 19:10:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013/01/25 19:10:25 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/01/25 19:09:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2013/01/09 16:33:38 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/01/09 16:33:16 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2013/01/09 16:33:16 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs

[2013/01/09 16:33:16 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs

[2013/01/09 16:33:16 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs

[2013/01/09 16:33:16 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs

[2013/01/09 16:33:16 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs

[2013/01/09 16:33:16 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs

[2013/01/09 16:33:16 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs

[2013/01/09 16:33:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs

[2013/01/09 16:33:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs

[2013/01/09 16:33:16 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs

[2013/01/09 16:33:15 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll

[2013/01/09 16:33:15 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

[2013/01/09 16:33:14 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs

[2013/01/09 16:33:14 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs

[2013/01/09 16:33:14 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs

[2013/01/09 16:32:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/01/09 16:32:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/09 16:32:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/01/09 16:32:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/01/09 16:32:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/09 16:32:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/09 16:32:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/01/09 16:32:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/09 16:32:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/09 16:32:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/01/09 16:32:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/01/09 16:32:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/09 16:32:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/01/09 16:32:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/12/21 13:43:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012/12/21 13:43:35 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/12/12 15:03:16 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

[2012/11/16 08:39:24 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll

[2012/11/16 08:39:20 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll

[2012/11/16 08:39:20 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll

[2012/11/16 08:39:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll

[2012/11/16 08:39:01 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 180 Days ==========

[2013/04/30 21:08:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/30 20:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/04/30 20:33:08 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Admin.job

[2013/04/30 20:33:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/30 20:32:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/30 20:32:41 | 3013,521,408 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/30 11:56:41 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

[2013/04/30 07:50:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Admin.job

[2013/04/29 19:04:27 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/29 18:54:45 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Documents\MBR.dat

[2013/04/29 05:33:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Admin.job

[2013/04/25 07:29:45 | 000,011,776 | ---- | M] () -- C:\Users\Admin\Documents\letter for Kate re kids.wps

[2013/04/25 07:29:45 | 000,009,092 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat

[2013/04/24 17:45:18 | 001,417,216 | ---- | M] () -- C:\Users\Admin\Documents\land poster.wps

[2013/04/21 16:34:48 | 000,000,516 | ---- | M] () -- C:\Windows\hegames.ini

[2013/04/21 15:23:00 | 000,014,848 | ---- | M] () -- C:\Users\Admin\Documents\Deacon Meeting Notes.wps

[2013/04/19 10:29:44 | 000,225,280 | ---- | M] (Leader Technologies) -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

[2013/04/19 10:29:35 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\PuttTTT.lnk

[2013/04/19 10:29:35 | 000,000,000 | ---- | M] () -- C:\Windows\PowerReg.dat

[2013/04/14 18:26:40 | 000,001,331 | ---- | M] () -- C:\Users\Public\Desktop\Clifford Learning Activities.lnk

[2013/04/14 18:15:05 | 000,000,030 | ---- | M] () -- C:\Windows\RESULT.QTW

[2013/04/14 18:12:41 | 000,000,832 | ---- | M] () -- C:\Windows\QT$INST$.~32

[2013/04/14 18:11:59 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2013/04/14 18:05:27 | 000,000,000 | ---- | M] () -- C:\Windows\setup32.INI

[2013/04/11 07:08:36 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/03/23 15:38:47 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Clifford Phonics.lnk

[2013/03/21 17:09:30 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/03/18 23:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/03/18 23:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/03/18 22:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2013/03/13 11:49:28 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/03/13 11:49:28 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/03/04 09:41:44 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2013/03/03 21:00:35 | 000,011,776 | ---- | M] () -- C:\Users\Admin\Documents\nicene creed.wps

[2013/02/24 17:12:47 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013/02/21 21:37:50 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/02/21 21:36:35 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/02/21 21:34:18 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/02/21 21:34:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/02/21 21:31:55 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/02/21 21:28:48 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/02/14 22:37:10 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013/02/14 22:34:10 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll

[2013/02/14 21:25:51 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll

[2013/02/13 23:18:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/02/11 22:26:22 | 000,012,800 | ---- | M] () -- C:\Users\Admin\Documents\question for the team.wps

[2013/01/28 19:17:27 | 000,042,496 | ---- | M] () -- C:\Users\Admin\Documents\final version to Heather.wps

[2013/01/28 17:44:30 | 000,018,432 | ---- | M] () -- C:\Users\Admin\Documents\Alison letter response to reports.wps

[2013/01/28 09:16:22 | 000,025,088 | ---- | M] () -- C:\Users\Admin\Documents\thoughts.wps

[2013/01/27 21:58:16 | 000,028,160 | ---- | M] () -- C:\Users\Admin\Documents\reply to Heather.wps

[2013/01/13 15:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/01/13 15:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/01/13 15:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/01/13 15:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/01/13 15:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/01/13 15:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/01/13 15:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/01/13 15:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

[2013/01/13 15:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/01/13 14:08:35 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/01/13 13:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

[2013/01/13 13:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/01/13 12:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/01/13 11:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013/01/13 08:26:35 | 000,002,241 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/01/12 04:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/01/12 04:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013/01/12 04:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013/01/11 22:59:08 | 000,001,994 | -H-- | M] () -- C:\Users\Admin\Documents\Default.rdp

[2013/01/11 21:19:44 | 000,035,840 | ---- | M] () -- C:\Users\Admin\Documents\letter to Alsion.wps

[2013/01/10 14:55:20 | 000,014,848 | ---- | M] () -- C:\Users\Admin\Documents\jason avery story.wps

[2013/01/09 23:38:27 | 000,772,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/01/07 20:04:12 | 000,014,336 | ---- | M] () -- C:\Users\Admin\Documents\G CODES.wps

[2013/01/07 18:29:13 | 000,380,928 | ---- | M] () -- C:\Users\Admin\Documents\severitycomplexity modifier.wps

[2013/01/07 10:05:37 | 005,492,884 | ---- | M] () -- C:\Users\Admin\Documents\Functional_Limitation_Reporting_Webinar.pdf

[2013/01/04 00:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll

[2013/01/03 22:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/01/03 20:47:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/01/03 20:47:34 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/01/03 20:47:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/01/03 20:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012/12/28 19:28:11 | 000,015,872 | ---- | M] () -- C:\Users\Admin\Documents\sunday lyrics.wps

[2012/12/18 09:26:00 | 000,014,848 | ---- | M] () -- C:\Users\Admin\Documents\Christmas card list.wps

[2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012/12/15 08:37:26 | 000,001,830 | ---- | M] () -- C:\Users\Admin\Desktop\Smilebox.lnk

[2012/12/15 08:37:26 | 000,001,810 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Smilebox.lnk

[2012/12/14 13:17:28 | 000,012,800 | ---- | M] () -- C:\Users\Admin\Documents\alleluia, He is Coming.wps

[2012/12/12 19:08:39 | 000,043,008 | ---- | M] () -- C:\Users\Admin\Documents\witnessing.wps

[2012/12/10 20:51:47 | 000,036,352 | ---- | M] () -- C:\Users\Admin\Documents\letter alison.wps

[2012/12/07 12:45:30 | 000,010,240 | ---- | M] () -- C:\Users\Admin\Documents\be unto your name.wps

[2012/12/07 12:41:20 | 000,011,264 | ---- | M] () -- C:\Users\Admin\Documents\rjoice lyrics.wps

[2012/12/07 06:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll

[2012/12/07 06:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2012/12/07 04:46:42 | 000,043,520 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\csrr.rs

[2012/12/07 04:46:42 | 000,030,720 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\usk.rs

[2012/12/07 04:46:41 | 000,045,568 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs

[2012/12/07 04:46:41 | 000,044,544 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs

[2012/12/07 04:46:41 | 000,023,552 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc.rs

[2012/12/07 04:46:41 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs

[2012/12/07 04:46:40 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs

[2012/12/07 04:46:39 | 000,046,592 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\fpb.rs

[2012/12/07 04:46:39 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi.rs

[2012/12/07 04:46:38 | 000,021,504 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\grb.rs

[2012/12/07 04:46:37 | 000,040,960 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs

[2012/12/07 04:46:37 | 000,015,360 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\djctq.rs

[2012/12/07 04:46:36 | 000,055,296 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cero.rs

[2012/12/07 04:46:36 | 000,051,712 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

[2012/11/29 22:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012/11/29 22:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012/11/29 22:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012/11/29 22:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012/11/29 22:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/11/29 22:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012/11/29 22:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012/11/29 22:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012/11/29 22:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/11/29 20:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012/11/29 20:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012/11/29 20:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012/11/29 20:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012/11/29 13:37:45 | 000,010,752 | ---- | M] () -- C:\Users\Admin\Documents\Sunday music.wps

[2012/11/26 20:55:00 | 000,011,776 | ---- | M] () -- C:\Users\Admin\Documents\prayer for lost child.wps

[2012/11/24 09:41:25 | 000,017,920 | ---- | M] () -- C:\Users\Admin\Documents\Jaime letter 112412.wps

[2012/11/23 19:46:36 | 000,011,776 | ---- | M] () -- C:\Users\Admin\Documents\Sunday 25th November, 2012.wps

[2012/11/15 21:10:40 | 000,016,896 | ---- | M] () -- C:\Users\Admin\Documents\thank you lord.wps

[2012/11/15 13:34:17 | 000,011,776 | ---- | M] () -- C:\Users\Admin\Documents\labor of love.wps

[2012/11/12 10:26:19 | 000,921,624 | ---- | M] () -- C:\img2-001.raw

[2012/11/08 22:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2012/11/03 08:26:25 | 000,018,944 | ---- | M] () -- C:\Users\Admin\Documents\lyrics our God, Jehovah Jireh, One thing remains.wps

[2012/11/01 23:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/29 19:04:27 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/29 18:54:45 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Documents\MBR.dat

[2013/04/25 07:29:45 | 000,011,776 | ---- | C] () -- C:\Users\Admin\Documents\letter for Kate re kids.wps

[2013/04/24 17:45:18 | 001,417,216 | ---- | C] () -- C:\Users\Admin\Documents\land poster.wps

[2013/04/21 14:46:04 | 000,014,848 | ---- | C] () -- C:\Users\Admin\Documents\Deacon Meeting Notes.wps

[2013/04/19 10:29:35 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\PuttTTT.lnk

[2013/04/19 10:29:35 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat

[2013/04/19 10:28:54 | 000,000,516 | ---- | C] () -- C:\Windows\hegames.ini

[2013/04/14 18:26:40 | 000,001,331 | ---- | C] () -- C:\Users\Public\Desktop\Clifford Learning Activities.lnk

[2013/04/14 18:05:55 | 000,000,832 | ---- | C] () -- C:\Windows\QT$INST$.~32

[2013/04/14 18:05:55 | 000,000,030 | ---- | C] () -- C:\Windows\RESULT.QTW

[2013/04/14 18:05:27 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI

[2013/03/27 07:26:16 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Admin.job

[2013/03/27 07:25:37 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Admin.job

[2013/03/27 07:25:35 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Admin.job

[2013/03/23 15:38:47 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Clifford Phonics.lnk

[2013/03/21 17:09:30 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/03/03 21:00:12 | 000,011,776 | ---- | C] () -- C:\Users\Admin\Documents\nicene creed.wps

[2013/02/24 17:12:47 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013/02/17 17:35:52 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2013/02/11 22:26:22 | 000,012,800 | ---- | C] () -- C:\Users\Admin\Documents\question for the team.wps

[2013/01/28 08:53:06 | 000,042,496 | ---- | C] () -- C:\Users\Admin\Documents\final version to Heather.wps

[2013/01/27 20:20:06 | 000,025,088 | ---- | C] () -- C:\Users\Admin\Documents\thoughts.wps

[2013/01/26 18:42:53 | 000,028,160 | ---- | C] () -- C:\Users\Admin\Documents\reply to Heather.wps

[2013/01/19 22:29:06 | 000,018,432 | ---- | C] () -- C:\Users\Admin\Documents\Alison letter response to reports.wps

[2013/01/11 09:22:23 | 000,035,840 | ---- | C] () -- C:\Users\Admin\Documents\letter to Alsion.wps

[2013/01/10 08:14:54 | 000,014,848 | ---- | C] () -- C:\Users\Admin\Documents\jason avery story.wps

[2013/01/07 20:02:49 | 000,014,336 | ---- | C] () -- C:\Users\Admin\Documents\G CODES.wps

[2013/01/07 18:29:10 | 000,380,928 | ---- | C] () -- C:\Users\Admin\Documents\severitycomplexity modifier.wps

[2013/01/07 10:05:37 | 005,492,884 | ---- | C] () -- C:\Users\Admin\Documents\Functional_Limitation_Reporting_Webinar.pdf

[2012/12/28 19:28:11 | 000,015,872 | ---- | C] () -- C:\Users\Admin\Documents\sunday lyrics.wps

[2012/12/15 08:37:26 | 000,001,830 | ---- | C] () -- C:\Users\Admin\Desktop\Smilebox.lnk

[2012/12/15 08:37:26 | 000,001,816 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smilebox.lnk

[2012/12/15 08:37:26 | 000,001,810 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Smilebox.lnk

[2012/12/14 13:17:28 | 000,012,800 | ---- | C] () -- C:\Users\Admin\Documents\alleluia, He is Coming.wps

[2012/12/10 09:53:35 | 000,036,352 | ---- | C] () -- C:\Users\Admin\Documents\letter alison.wps

[2012/12/07 12:45:30 | 000,010,240 | ---- | C] () -- C:\Users\Admin\Documents\be unto your name.wps

[2012/12/07 12:41:20 | 000,011,264 | ---- | C] () -- C:\Users\Admin\Documents\rjoice lyrics.wps

[2012/11/29 13:36:02 | 000,010,752 | ---- | C] () -- C:\Users\Admin\Documents\Sunday music.wps

[2012/11/24 17:58:29 | 000,043,008 | ---- | C] () -- C:\Users\Admin\Documents\witnessing.wps

[2012/11/24 09:41:25 | 000,017,920 | ---- | C] () -- C:\Users\Admin\Documents\Jaime letter 112412.wps

[2012/11/23 19:46:36 | 000,011,776 | ---- | C] () -- C:\Users\Admin\Documents\Sunday 25th November, 2012.wps

[2012/11/23 10:24:06 | 000,014,848 | ---- | C] () -- C:\Users\Admin\Documents\Christmas card list.wps

[2012/11/15 13:26:31 | 000,016,896 | ---- | C] () -- C:\Users\Admin\Documents\thank you lord.wps

[2012/11/14 23:12:43 | 000,011,776 | ---- | C] () -- C:\Users\Admin\Documents\labor of love.wps

[2012/11/03 08:26:25 | 000,018,944 | ---- | C] () -- C:\Users\Admin\Documents\lyrics our God, Jehovah Jireh, One thing remains.wps

[2012/01/28 22:07:59 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{ACB8D88A-54F1-4DDC-AFF8-049A6ED809A7}

[2011/10/21 22:42:04 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{95842444-C6FE-45A4-9F05-D0DC849F8F95}

[2011/10/11 21:45:36 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{650EA41C-2FA1-4289-A888-D6290E9FC358}

[2011/09/25 21:40:43 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{F2EBCA02-4A98-466C-9207-11AF069041DE}

[2011/07/07 12:09:01 | 000,000,600 | ---- | C] () -- C:\Users\Admin\PUTTY.RND

[2011/05/16 19:38:50 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll

[2011/05/16 19:38:50 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini

[2010/08/24 20:25:20 | 000,009,092 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/06/02 22:31:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon

[2012/10/07 22:06:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OfficeSuiteX

[2012/10/29 22:44:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org

[2010/08/25 05:30:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PictureMover

[2013/04/15 09:37:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Smilebox

[2010/08/24 20:25:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template

[2011/07/07 11:55:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinBatch

[2011/01/21 10:14:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

[loukirkham]

OTL Extras logfile created on: 4/30/2013 9:22:30 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 61.45% Memory free

7.48 Gb Paging File | 5.79 Gb Available in Paging File | 77.36% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 686.92 Gb Total Space | 586.74 Gb Free Space | 85.42% Space Free | Partition Type: NTFS

Drive D: | 11.48 Gb Total Space | 1.40 Gb Free Space | 12.20% Space Free | Partition Type: NTFS

Computer Name: HP | User Name: Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-4107407181-1778811561-918822078-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{065B1876-F26A-48A7-9E51-A3DC98923EDC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{46CB63DB-3F64-4F34-AE31-A43C0956619B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{4A0409C1-B489-4BE9-89A9-194E7C6CBD07}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{661FCF05-D512-4CA8-A7D0-039F6C15D1CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{674960A5-A7DD-4685-B59C-27BBDD31ED5C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{7F52DEC9-4F1F-4C6B-95A9-2DF69DEBE8E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{A4857351-9088-413B-8E47-21AAACA3B3FC}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{C4ED2A7C-F764-485A-9F23-71200581396F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{DC32A436-8539-4580-8037-5B25EDE6D9D2}" = rport=2869 | protocol=6 | dir=out | app=system |

"{DEBD162E-2D45-4E47-917F-76C397623650}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E0A1FD26-538B-47C7-AC1E-BCBBB0F27E80}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{FB57BB04-CBBD-4999-B369-8537C03DBB0C}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03484D99-2599-46D4-B3EC-9A837914F9F2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{07233C21-9F8C-4E64-A9FA-03422C5D5C05}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{097FEB6F-0062-4079-9125-05EB363B5A57}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{0DE2D76D-32C3-4DB9-B33E-7EB7B7C0308C}" = protocol=58 | dir=in | [email protected],-148 |

"{103753BA-0415-4A71-8DCE-7389FE4D15F0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |

"{10A3D774-D874-4E53-8989-914D956387D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{14DA37B0-2A44-4261-A440-2B24CC0F569B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{1F173A61-D2CA-4091-BCC2-AF91EE58319B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{20D5D955-1B55-4A7F-929E-5E090F4C62A6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{283E0D80-DC64-4212-90F2-B533365A3EB8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{312B4A6A-3FED-4EC3-A0DF-F5752D183ACE}" = protocol=17 | dir=in | app=c:\program files (x86)\shop to win 31\troubleshooter.exe |

"{44690FB7-A059-45BE-B8C7-7CE3B37B81B8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{4F5C7D92-0D8F-402C-9F4E-D6483E2B2049}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{509FBB99-8E58-4A83-8CEC-004143346D29}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |

"{517711C3-80B2-47E1-B954-824BE65CC0FA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{5464FB74-B9CE-40A1-835D-796BFD876662}" = protocol=6 | dir=in | app=c:\program files (x86)\shop to win 31\troubleshooter.exe |

"{56C6E50C-855A-4B1E-8246-FF10CC28D8B3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{5EE25CE9-CA43-4824-A14E-4E3D8BDEBF96}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{6477AE02-9D26-43FC-980A-AF5CB6E8515B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |

"{6E9A591F-A476-4EDD-83E2-46DBA5298152}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{880EA41D-2A25-41F7-B446-1BA6D2D8A012}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{8ADE48DD-FFC2-4876-938D-90E9A8BBED85}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{93A9BFE4-4232-40AD-A3EC-D24448AF26CA}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{94CA9744-888D-459F-9AA4-B2A17644D339}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{9F641C6C-9AE3-4201-AA90-D99FB97C33CD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |

"{ADD72863-E3AD-4B3E-BD6A-8D6420FBED7A}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |

"{B6FAB42D-AF40-418A-B870-1D2A9DACBE8B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B8C20025-E75D-4CA6-8844-91A8B9424CC2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{BAC2C2A7-F983-49BA-A005-0B37EA86BD1C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |

"{BD42E2DF-C803-4B75-A237-3366E6D46361}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |

"{BEA4B3C8-6F97-4E44-8ED1-A6C80DF54D35}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{C33FB50B-0F74-4167-A605-5DB0EE5FBBFB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{CC20C6F3-9691-424B-81E0-14E76BC2087F}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |

"{D520FF5C-7134-4084-AB10-2DE1155F8B96}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{E27E7F6A-18BD-4486-BB2C-431DE396BC1F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |

"{E5A896BB-0CC9-4436-B5CB-803D0737B8E1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{E8154A4D-F1EC-4C4F-8933-6DB94827D403}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |

"{F4AD625C-8047-4551-8C32-479DF07EC468}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |

"{F8D1EC0D-0545-4540-AB90-1A4D1E4DA506}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |

"{FF4EF6D6-3499-499D-A7DD-243011AC63E0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"TCP Query User{6B160961-47D3-4CE3-977A-13A2FFA701EB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"TCP Query User{B58BF00F-A779-4EE5-B236-EFA961F12B86}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{0F523977-469C-4D5B-8162-B874F204DBCD}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"UDP Query User{6531FDE6-DB03-4357-9502-EB9DCF863314}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy

"{08548558-3EC9-BD0B-3D09-632500268F59}" = CCC Help Portuguese

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{137B2CE7-30A2-4836-0830-707F1010F517}" = CCC Help English

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{25F2A86D-E2E2-C2AD-8173-86C18632F214}" = CCC Help Chinese Traditional

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11

"{2842077A-7895-5310-4F0C-42C83501E770}" = CCC Help Thai

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2ACAB850-69A5-8090-08B7-D27CC6D8652C}" = CCC Help German

"{2BAD00A4-7FD1-61C5-10C3-8275723943AD}" = CCC Help Danish

"{2BF943D5-1468-589A-50E3-DD0ED6596022}" = Catalyst Control Center Graphics Full New

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34DB1D69-9FFC-7899-6F4D-22C4C15ADD54}" = CCC Help Polish

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix

"{3F310D8D-AC3B-5478-5AEA-D2EF5D7437E7}" = CCC Help Swedish

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.3

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{595007B2-E139-535C-D723-4B0442FC40F5}" = CCC Help Italian

"{5A21C631-0494-7377-1E3B-99353E04F83B}" = CCC Help Japanese

"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver

"{5C565EA7-370B-4CEE-8385-3516DEE5A758}_is1" = InstallAssist

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{695C04CF-CF98-FAD6-9590-6C555B2E2E79}" = CCC Help Chinese Standard

"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"{6F277272-77D6-1E03-B8BB-B408B26C5140}" = CCC Help Czech

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7240A994-0ED4-4841-AD3B-5E5F72850F67}" = Catalyst Control Center Graphics Previews Vista

"{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}" = Clifford Phonics

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7C66E480-E42D-3664-B207-5CE9A706BC1F}" = Catalyst Control Center Graphics Light

"{7CAAA7B2-D9EA-2416-9D63-DDBC8E669059}" = CCC Help French

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84B4C4F4-F244-6A7E-EDC6-ECD46ACAAE59}" = CCC Help Greek

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card

"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{AF4A82A7-F453-CE12-A942-E55FAC234387}" = ccc-core-static

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B5B7E8FF-62F6-FA85-4C4A-83AAF816CE6E}" = CCC Help Spanish

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B8089767-9A45-0E84-FCDE-15698650FF17}" = CCC Help Hungarian

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information

"{BB77DC4C-B818-4FD4-8D1D-5D3B617B78B4}" = LeapFrog My Pals Plugin

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C9496C0E-BE4C-7800-900B-5E66B958AEC1}" = CCC Help Russian

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EB1A6595-613F-9654-E58E-0876F8B0E8F3}" = Catalyst Control Center Localization All

"{EDD1E22B-249A-5ED7-BA0A-C41BAA8256ED}" = CCC Help Korean

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F252C428-A4AE-C73E-031A-C451FDD660A9}" = CCC Help Norwegian

"{F67EA3C6-38B0-675A-E2F9-8C343DE1C826}" = Catalyst Control Center Graphics Full Existing

"{F686E613-03C4-085F-188A-9E5DC1455787}" = CCC Help Turkish

"{F7F7626C-4612-BF7B-38D5-07E247973A1A}" = Catalyst Control Center Core Implementation

"{F8CA8746-F561-61D7-A496-8D4C4E1F8A57}" = CCC Help Dutch

"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FCDDC9D3-5524-9AD1-651C-467910CC1903}" = CCC Help Finnish

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17

"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor

"Clifford Learning Activities" = Clifford Learning Activities

"Google Chrome" = Google Chrome

"iLuminaPremiumStarter" = iLumina Gold Premium Starter

"Installation Assistant" = Installation Assistant

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)

"Putt-Putt Travels Through Time" = Putt-Putt Travels Through Time

"RealPlayer 15.0" = RealPlayer

"SSC Service Utility_is1" = SSC Service Utility v4.30

"UPCShell" = LeapFrog Connect

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4107407181-1778811561-918822078-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Smilebox" = Smilebox

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 4/30/2013 12:45:33 PM | Computer Name = HP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]

Error - 4/30/2013 9:40:07 PM | Computer Name = HP | Source = ipnathlp | ID = 34001

Description =

Error - 4/30/2013 10:13:56 PM | Computer Name = HP | Source = ipnathlp | ID = 31004

Description =

Error - 4/30/2013 10:16:43 PM | Computer Name = HP | Source = ipnathlp | ID = 31004

Description =

Error - 4/30/2013 10:17:50 PM | Computer Name = HP | Source = ipnathlp | ID = 34001

Description =

Error - 4/30/2013 10:29:57 PM | Computer Name = HP | Source = ipnathlp | ID = 34001

Description =

Error - 4/30/2013 10:35:04 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000

Description = The HP Health Check Service service failed to start due to the following

error: %%2

Error - 4/30/2013 10:35:07 PM | Computer Name = HP | Source = ipnathlp | ID = 34001

Description =

Error - 4/30/2013 10:36:03 PM | Computer Name = HP | Source = ipnathlp | ID = 31004

Description =

Error - 4/30/2013 10:46:26 PM | Computer Name = HP | Source = ipnathlp | ID = 31004

Description =

Error - 4/30/2013 10:47:14 PM | Computer Name = HP | Source = ipnathlp | ID = 34001

Description =

< End of report >

[loukirkham]

ok, I think that's all of it...please don't stay up all night reading this stuff!

[flashh4]

Louk, that wasn't as bad as i expected but we removed a lot with the other tools/programs ! Just a little more to do !

Now we will clean the junk out of the OTL log !

* Double-click OTL.exe to start the program again.

* Copy and Paste the following code into the . Do not include the word Code

:OTL


IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{ACFE2730-35DD-44CD-ADE0-4DC040AC32C4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\URLSearchHook: - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Suite X 3.3.lnk = File not found
O13 - gopher Prefix: missing
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

ipconfig /flushdns 

:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

# Then click the Run Fix button at the top.

# Click

If a new log appears just disregard it, i won't need it !!!

Remember to enable your real time protection.

===================

Now we will see if we got everything !!

ESET online scannner >>> http://www.eset.com/onlinescan/

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

1. Firstly please Disable any Antivirus you have active , as shown in This topic.

2. Note: Don't forget to re-enable it after the scan.

3. Next please click on the following link to open a new window to ESET online scannnerhttp://www.eset.com/us/online-scanner/features

4. Then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

5. Select the option YES, I accept the Terms of Use then click on:

6. When prompted allow the Add-On/Active X to install.

7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.

8. Now click on Advanced Settings and select the following:

* Scan for potentially unwanted applications

* Scan for potentially unsafe applications

* Enable Anti-Stealth Technology

9. Now click on:

10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

11. When completed the Online Scan will begin automatically.

12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.

13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

14. Now click on:

15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

or may be ESETSmartInstaller@High as CAB hook log:

16. Copy and paste that log as a reply to this topic.

We will remove all the programs/tools in my next reply if the ESET log is clean or if there is something i need to remove in it !!

Thanks

Chuck

[loukirkham]

I did the 1st part on OTL...won't get to the 2nd part until tonight. Is microsoft security essentials what I need to disable?

[flashh4]

Louk, I have removed the comment about disabling Spybot it's usually the "resident" setting we have user disable, i'm thinking it won't interfere with this fix !! If it does i will see it & we will rerun.

But disable microsoft security essentials >>> http://forums.whatthetech.com/index.php?showtopic=96260

I will recommend a great antivirus free protection when we are done cleaning !! It's the one i use Avast !

Chuck

So run the OTL fix & the ESET scan for me !!

[loukirkham]

Do you actually want me to uninstall spybot? I have used it ocasionally in the past as a scanner. Is it not very good? Other than that I think microsoft security essentials is the only antivirus protectio we have. I'm not sure I know how to temp disable it! I will have to have a look. Sorry I haven't been here today...crazy day!

[flashh4]

Louk, So run the OTL fix & the ESET scan for me ! After re-reading my post above, i edited it a bit !!

Thanks

Chuck

[loukirkham]

I don't think I did it right...when I re-read your instructions I realised I didn't do the bit about advanced settings. The way I ran the scan did flag up the threat that I pasted below

C:\Users\Admin\AppData\Local\Temp\OptimizerPro-US.exe a variant of Win32/Adware.SpeedingUpMyPC.A application

Should I re-run doing the advanced setting bit?

[flashh4]

Louk, Yes lets run it again ! !!

*Open the main program window by clicking the ESET icon !!

*Make sure that the BOX Remove found threats is checked.

Then post that log if it gives you one.

================

Found these >>> Javaâ„¢ 6 Update 22 and Java 7 Update 11, see if they are in your control panel add/remove programs & remove them, they are out of date & can be exploited !!

================

Do this after i get the ESET log or if it does not give you one !!!

This is the clean-up procedure

Double click OTL.exe to launch the program.

Click on the CleanUp! button.

OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.

Select Yes. when the "Begin cleanup Process?" prompt appears.

If you are prompted to Reboot during the cleanup, select Yes.

When finished exit out of OTL

The tool will delete itself once it finishes, if not delete it by yourself. And any other tools/programs left over !

LET me know how it's running & if the problems still exist ???????

Thanks

Chuck

I will have one more post if you feel happy with it ! Looks real clean !

[loukirkham]

okay, so it won't let me uninstall those java updates...it says preparing to remove, then asks if i want to allow it to make changes, and when I say no, it just boots me out, and if I say yes, it the preapres to install something!

The other things is, when you firts asked me to run the ESet program, you said make sure "remove found threats" was UNCHECKED and when you said run it again, you said make sure it is CHECKED. Which one shall I do?

[flashh4]

Louk, make sure is says Remove found threats is checked.

This will remove the old Java >>> http://www.java.com/en/download/uninstall.jsp

Be careful of the installer, if it wants you to install any tool bars, uncheck the box if it appears !!

LET me know how it's running & if the problems still exist ???????

Chuck

[loukirkham]

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IIMHDGXG\stubinst_pkg_en-us[1].cab Win32/OpenCandy application deleted - quarantined

C:\Users\Admin\AppData\Local\Temp\APNStub.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Users\Admin\AppData\Local\Temp\babylon-setup.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined

C:\Users\Admin\AppData\Local\Temp\OptimizerPro-US.exe a variant of Win32/Adware.SpeedingUpMyPC.A application cleaned by deleting - quarantined

C:\Users\Admin\AppData\Local\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

C:\Users\Admin\AppData\Local\Temp\softwareassist-setup.exe multiple threats cleaned by deleting - quarantined

C:\Users\Admin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application deleted - quarantined

the above was the result of the scan...took 1 hour 19 mins! Do I delete quarantined files?

One of the java programs uninstalled but I still have Java 7 update 11 that the java clean up tool could not get rid of.

Also, we can't view You Tube vids at the moment. What do we install to be able to see them, without downloading a bunch of stuff we don't want!

Edited May 3, 2013 by louk

[flashh4]

Louk, sometimes these tools take longer for various reasons ! If you can't remove it by the Control Panel/ add/ remove then just leave it. It's not hurting anything !

Do I delete quarantined files?

Those in ESET scan are already deleted !!

we can't view You Tube vids at the moment.

I just go to You Tube where i have an account, then watch what you want !! You might try that !!

=======================

Summary:

If you ran the OTL Clean-up ! And deleted any tools/programs, files or folders that you see and there are no more problems, then you look good to go

as far as i can see !

I know you may have some of these installed, this is just my standard all clean speech !

Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

* From within Internet Explorer click on the Tools menu and then click on Options.

* Click once on the Security tab

* Click once on the Internet icon so it becomes highlighted.

* Click once on the Custom Level button.

* Change the Download signed ActiveX controls to Prompt

* Change the Download unsigned ActiveX controls to Disable

* Change the Initialize and script ActiveX controls not marked as safe to Disable

* Change the Installation of desktop items to Prompt

* Change the Launching programs and files in an IFRAME to Prompt

* Change the Navigate sub-frames across different domains to Prompt

* When all these settings have been made, click on the OK button.

* If it prompts you as to whether or not you want to save the settings, press the Yes button.

* Next press the Apply button and then the OK to exit the Internet Properties page.

2. Enable Protected Mode in Internet Explorer . This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

* Open Internet Explorer

* Click on Tools > Internet Options

* Press Security tab

* Select Internet zone then place check next to Enable Protected Mode if not already done

* Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply

* Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

NOTE: Fire Fox is a great browser also >>> http://www.mozilla.o...-US/firefox/fx/

I use & like FireFox !!

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:

Online Armor Free Online Armor Free

Agnitum Outpost Firewall Free Agnitum Outpost Firewall

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update Windows update

regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. Consider a custom hosts file such as MVPS HOSTS

This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002

Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

7. WOT (Web of Trust) WOT As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place

A must is a great Antivirus, i recommend you using AVAST its free >>> http://www.avast.com...ivirus-download

You are behind on some updates, please visit the Secunia Software Inspector >>>http://secunia.com/v...canning/online/

Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.

To insure better safety, these are a must have:

Rule #1 ........ Good Antivirus

Rule #2 ........ Good Firewall

Rule #3 ........ Good Router is Great ! (optional but best)

Happy surfing and Stay Clean

Chuck

If you have any more questions feel free to ask !!

[loukirkham]

So we have microsoft security virus protection, but do we have a firewall installed...not sure of the difference?

And is it safe to download adobe flash player?

So far Chuck.....................THANK YOU!!! (can you PM me on FB with your home address? I know you said you didn't want anything but a "thank you" but we would like to thank you properly for your time and help.... you have spent a lot of hours helping me!)

Edited May 3, 2013 by louk

[flashh4]

Hi Louk, I am glad we have your computer running good again & fast ! Most people get so paranoid of being ripped off or scamed when we offer the "Free Cleaning Help ". But i am used to it ! & some do not understand that free help takes away from our time with our family's. But this is the path we choose ! It's the thrill of the hunt for me for me, finding the bad things & removing them !!

So we have microsoft security virus protection, but do we have a firewall installed...not sure of the difference?

A firewall is a software component that regulates the internet use of programs already installed on your system. Most firewalls do only that. However, there is something called a 2 way firewall. A 2 way firewall is a firewall that scans files being downloaded to your computer and stops unauthorized programs from using your internet connection to visit websites.

Why is a 2 way firewall best. Well it helps to stop the potentially harmful code or malware as it usually called from infecting your computer. Anti virus software is programs that try to search for, find and remove or neutrilize a virus or stop them from entering your computer by blocking or warning you they are attempting to intrude !!

I use the Antivirus free Avast along with windows security essentials & windows firewall and have never had a conflict. But most Malware experts say more than one Antivirus will sometimes conflict with each other. And i am behind a router which in my opinion is the best protection !!! But the best protection is careful surfing !!

And is it safe to download adobe flash player?

Absolutely !

7. WOT (Web of Trust) <<< that i posted in my clean speech is a must have so download it. It will tell you when visiting a site (with a green circle beside your search, orange if it's questionable or RED means don't go there !!

I know you said you didn't want anything but a "thank you" but we would like to thank you properly for your time and help.... you have spent a lot of hours helping me!)

Sorry but "no" on the address, i did that once & a lady became to much to bear annoying me all the time ! As i told you when we started a "thank you" is my pay !

And just inform other people about us and our service !!

Happy Surfing & it's been a pleasure !!!!!!!!!!!!

[loukirkham]

God Bless you Chuck! I will definitely spread the word that you guys are trustworthy and I am thankful that sometimes.... there really are people out there that genuinely want to help...just for the love of it!!

[flashh4]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a admin or me with the address of the thread.

Everyone else please follow and start a New Topic!

Thanks

Chuck