Sign in to follow this  
Lou74

computer start up isn't right...virus?

Recommended Posts

I switch my computer on and it cycles through the start up process, sometimes successfully, other times just scrolling through the screens and then kind of goes into a sleep mode, which I can sometimes get back to the start up process if I press the start button again. I am wondering if it is the computer or if it is a virus. The computer is a few years old now :(

Share this post


Link to post
Share on other sites

Howdy Lou and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================

 

 

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit) >>> http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Farbar Recovery Scan Tool (32 bit) >>> http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 

 

 

 

NEXT
 

 

 

AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!



Post those logs as you get them, then continue with the next in line !

 

Post

1. Farbar log

2. AdwCleaner log

3. Junkware Removal Tool

 

Thanks

Chuck


 

Share this post


Link to post
Share on other sites

Only 1 will run on your system, so you have to try each till you download that one that works !

 

I can't see your system to start that's why we have those instructions posted like that !

 

 

Chuck

Share this post


Link to post
Share on other sites

first scary warning... the programs are not commonly downloaded and could harm your computer apparently! Did I remember that you previously asked me to disable my computer protection last time?

Share this post


Link to post
Share on other sites

Sorry was outside ! Ok , you will get that warning from some computers or their antivirus, you can click allow or what ever option you get to continue !

We will need to disable your virus protection also !

 

Chuck

Share this post


Link to post
Share on other sites

Hi Lou  we been having problems with posting so make sure you click 3 or 4 times to get the paste option !! You are clicking mouse into "Reply to this topic" box ??

 

Chuck

Share this post


Link to post
Share on other sites

tried and it still won't let me. looks like we won't be able to do this. I am sorry it has taken me so long in between messages... I have so little time unfortunately :(

Share this post


Link to post
Share on other sites

We can still do this if you want ! See if you can send the logs in a message to me here, just click my avitar (jackalope) and then click send a message & post it there. I can then post it for you !!

 

Chuck

Share this post


Link to post
Share on other sites

Lou i moved then deleted your mother-n-law's logs over to her topic so we can keep them separate !!

 

Chuck

Share this post


Link to post
Share on other sites

Thanks Chuck. I don't know what is happening now on mine. I disabled my firewall and before, it allowed me to download the first program and get the logs, but it wouldn't let me cut and paste onto this reply box. Now, it won't even download the program. Do I need to disable Microsoft security essentials? I went in to try but I can't see how to do it.

Share this post


Link to post
Share on other sites

Lou, no that wouldn't stop you from downloading any program !

But you might try disabling it ! We will need to disable it later anyway !

 

Find yours here & disable !

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 

 

See if that helps you with downloading !!

 

Chuck

Share this post


Link to post
Share on other sites

I got the Farbar log but not the AdwCleaner log !

 

Posting this log for Lou74

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by Admin (administrator) on HP on 24-08-2014 21:20:16
Running from C:\Users\Admin\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Admin\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [193880 2010-11-19] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [b2C_AGENT] => C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [instaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [2015136 2011-05-27] (Affinegy, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1957784 2014-08-05] (APN)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-21-4107407181-1778811561-918822078-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-24] (Google Inc.)
HKU\S-1-5-21-4107407181-1778811561-918822078-1000\...\Run: [Amazon Music] => C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk
ShortcutTarget: Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...client&ie=UTF-8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5E772DF8-7359-481C-AAD2-81FC14F249DB} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {C3A23B68-A216-43F7-8407-0FDC14E5F127} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {34675275-04C9-4E97-8373-52EBA399F1B0} URL = http://websearch.ask...RJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=43DF1F4C-D5AB-48E2-A571-F77E29575BB0&apn_sauid=C5F124D4-EF49-44B9-8B8B-112766F3BCFB
SearchScopes: HKCU - {5E772DF8-7359-481C-AAD2-81FC14F249DB} URL =
SearchScopes: HKCU - {ACFE2730-35DD-44CD-ADE0-4DC040AC32C4} URL =
SearchScopes: HKCU - {C3A23B68-A216-43F7-8407-0FDC14E5F127} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Javaâ„¢ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Shopping Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll (APN LLC.)
BHO-x32: Javaâ„¢ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-gb.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

Chrome:
=======



CHR DefaultSearchKeyword: websearch.ask.com
CHR DefaultSearchProvider: Ask
CHR DefaultSearchURL: http://websearch.ask...d=OSJ000YYUS&q={searchTerms}
CHR DefaultSuggestURL: http://ss.websearch....stype=prefix&q={searchTerms}

Share this post


Link to post
Share on other sites

Lou, if you are having trouble with the AdwCleaner don't worry about it. Go ahead and run the Junkware program and here is a few more i need you to run.

 

1. Run Junkware program

 

 

NEXT



    Download Malwarebytes' Anti-Malware (save it to your desktop).  >>>   http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14079554978349&key=bf4adfcbb328b51c165afd7f95bfc060&libId=42688bc4-849b-499e-80b4-6ff4c3b395d8&loc=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D128466&v=1&out=http%3A%2F%2Fwww.malwarebytes.org%2Fmbam-download.php&ref=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fs%3De77133f793c31b8c04786ca55ed0fbe6%26showforum%3D27&title=Windows%208%20very%20slow%20and%20drops%20wi-fi%20%5BSolved%5D%20-%20Virus%2C%20Spyware%20%26%20Malware%20Removal&txt=%3Cspan%20style%3D%22color%3A%230000FF%3B%22%3E%3Cstrong%3EMalwarebytes%27%20Anti-Malware%3C%2Fstrong%3E%3C%2Fspan%3E

      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      *  Select Scan tab.

Malwarebytes.png

* Select type of scan to perform:

MBAMScanTab_zps2c5e74bd.gif
   
  * Threat Scan < --- Select this type of scan
  * Custom Scan
  * Hyper Scan

Next click the Scan button.

When the scan is complete, if no malicious items are found you can close the program.

If malicious items are found be sure that everything is checked, and click Quarantine .

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
 
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.



NEXT
 

 

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   

 

 

 

NEXT

 

 

 

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.





Post Next:

1. Junkware log

2. Malwarebytes log

3. OTL log

4. SecurityCheck log

 

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

Hi Chuck, I think I have posted everything I need to. I still haven't got back over to mother-in-law's...trying to find time!!!!

Share this post


Link to post
Share on other sites

Lou, thanks i got the OTL in your PM. So we will do it this way if we have to. Seems like theybeen having a lot of problems with people not being able to paste. But keep trying to paste other logs.

 

 

OTL Extras logfile created on: 8/27/2014 8:15:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 54.56% Memory free
7.48 Gb Paging File | 5.69 Gb Available in Paging File | 76.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.92 Gb Total Space | 572.44 Gb Free Space | 83.33% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 1.40 Gb Free Space | 12.20% Space Free | Partition Type: NTFS

Computer Name: HP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-4107407181-1778811561-918822078-1000\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065B1876-F26A-48A7-9E51-A3DC98923EDC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{11E8136D-8660-40EC-B8D7-B732E209A1E9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{14E51F28-D14D-41B7-9605-A8B0E0F5CD1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2373EAC8-7382-41E6-B188-EC0F2B92D928}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C27F521-3D42-4659-9F3E-C4F1BC476B9A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{46CB63DB-3F64-4F34-AE31-A43C0956619B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4A0409C1-B489-4BE9-89A9-194E7C6CBD07}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4B3061E4-8DF5-4CE8-974B-3D9C744B9823}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{661FCF05-D512-4CA8-A7D0-039F6C15D1CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{674960A5-A7DD-4685-B59C-27BBDD31ED5C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{730F60BD-2B91-41DB-BE27-06D958482E73}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F52DEC9-4F1F-4C6B-95A9-2DF69DEBE8E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9C8F8484-6730-4280-BA39-62367AC63F24}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A08544C1-C3FE-4256-8932-DD30FEE4146F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4857351-9088-413B-8E47-21AAACA3B3FC}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B9C16A18-FC3D-4460-BCA6-D6035D6C00EC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C4ED2A7C-F764-485A-9F23-71200581396F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE053AA8-67DC-48EC-AE50-EA0E899166FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC32A436-8539-4580-8037-5B25EDE6D9D2}" = rport=2869 | protocol=6 | dir=out | app=system |
"{DEBD162E-2D45-4E47-917F-76C397623650}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0A1FD26-538B-47C7-AC1E-BCBBB0F27E80}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FB57BB04-CBBD-4999-B369-8537C03DBB0C}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03484D99-2599-46D4-B3EC-9A837914F9F2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{07233C21-9F8C-4E64-A9FA-03422C5D5C05}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{097FEB6F-0062-4079-9125-05EB363B5A57}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0DE2D76D-32C3-4DB9-B33E-7EB7B7C0308C}" = protocol=58 | dir=in | [email protected],-148 |
"{103753BA-0415-4A71-8DCE-7389FE4D15F0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{10A3D774-D874-4E53-8989-914D956387D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{11DC3D4D-D3F7-4989-883A-CD9F5FB337E9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{14DA37B0-2A44-4261-A440-2B24CC0F569B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{166BBC20-EF5C-4C15-8E0D-7E27DECCF063}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F173A61-D2CA-4091-BCC2-AF91EE58319B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{20D5D955-1B55-4A7F-929E-5E090F4C62A6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{283E0D80-DC64-4212-90F2-B533365A3EB8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{2F09A171-8940-4833-B750-078F173CA8F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FF6D5F0-824E-429C-92F8-4BFBF7ECE2B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{312B4A6A-3FED-4EC3-A0DF-F5752D183ACE}" = protocol=17 | dir=in | app=c:\program files (x86)\shop to win 31\troubleshooter.exe |
"{31989424-138B-498D-AE12-FA531007A429}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{44690FB7-A059-45BE-B8C7-7CE3B37B81B8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4F5C7D92-0D8F-402C-9F4E-D6483E2B2049}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{502BBE84-9AA2-48D0-88B3-5705B445233B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{509FBB99-8E58-4A83-8CEC-004143346D29}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{5464FB74-B9CE-40A1-835D-796BFD876662}" = protocol=6 | dir=in | app=c:\program files (x86)\shop to win 31\troubleshooter.exe |
"{56C6E50C-855A-4B1E-8246-FF10CC28D8B3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{592406DF-7E1C-4843-BD6B-BBE06E0BCCFE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5EE25CE9-CA43-4824-A14E-4E3D8BDEBF96}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6477AE02-9D26-43FC-980A-AF5CB6E8515B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{6E9A591F-A476-4EDD-83E2-46DBA5298152}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{7EC7D1D7-FC19-4DC8-9667-E8F103880C8E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{880EA41D-2A25-41F7-B446-1BA6D2D8A012}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{8ADE48DD-FFC2-4876-938D-90E9A8BBED85}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{906C7746-06ED-42CD-B998-E8A1348EEA13}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{919CB284-11A5-4401-971B-97EA7E5527E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93A9BFE4-4232-40AD-A3EC-D24448AF26CA}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{9F641C6C-9AE3-4201-AA90-D99FB97C33CD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{A42B8031-CA7F-40B9-833C-B490833080F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ADD72863-E3AD-4B3E-BD6A-8D6420FBED7A}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{B6FAB42D-AF40-418A-B870-1D2A9DACBE8B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B8C20025-E75D-4CA6-8844-91A8B9424CC2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{BA581DD0-CDBC-4B1E-BAEA-CA8F65C4B4DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAC2C2A7-F983-49BA-A005-0B37EA86BD1C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{BBA119FE-769B-4B32-9BD7-E4551C271753}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD42E2DF-C803-4B75-A237-3366E6D46361}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{BE0CA4D6-E76C-4509-A700-7E87A95D8B8D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BEA4B3C8-6F97-4E44-8ED1-A6C80DF54D35}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{C33FB50B-0F74-4167-A605-5DB0EE5FBBFB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{CC20C6F3-9691-424B-81E0-14E76BC2087F}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{D520FF5C-7134-4084-AB10-2DE1155F8B96}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{E27E7F6A-18BD-4486-BB2C-431DE396BC1F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{E5A896BB-0CC9-4436-B5CB-803D0737B8E1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{E8154A4D-F1EC-4C4F-8933-6DB94827D403}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{F2B41B08-0FAB-491D-94CB-D57B7C327C9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4AD625C-8047-4551-8C32-479DF07EC468}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{F8D1EC0D-0545-4540-AB90-1A4D1E4DA506}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{F9AD783D-7B0C-4447-8F2A-233A9886A92B}" = protocol=6 | dir=out | app=system |
"{FF4EF6D6-3499-499D-A7DD-243011AC63E0}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"TCP Query User{6B160961-47D3-4CE3-977A-13A2FFA701EB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{B58BF00F-A779-4EE5-B236-EFA961F12B86}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{0F523977-469C-4D5B-8162-B874F204DBCD}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{6531FDE6-DB03-4357-9502-EB9DCF863314}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series" = Canon MG2100 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{77DE5105-D05E-448C-96CB-7FA381903753}" = iTunes
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{948B1FD6-9F98-47EE-AABF-8697F2FD44B0}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E50A5077-1654-BEAE-986B-7B7133DA7C48}" = ATI Catalyst Install Manager
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy
"{08548558-3EC9-BD0B-3D09-632500268F59}" = CCC Help Portuguese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{137B2CE7-30A2-4836-0830-707F1010F517}" = CCC Help English
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25F2A86D-E2E2-C2AD-8173-86C18632F214}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{2842077A-7895-5310-4F0C-42C83501E770}" = CCC Help Thai
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2ACAB850-69A5-8090-08B7-D27CC6D8652C}" = CCC Help German
"{2BAD00A4-7FD1-61C5-10C3-8275723943AD}" = CCC Help Danish
"{2BF943D5-1468-589A-50E3-DD0ED6596022}" = Catalyst Control Center Graphics Full New
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34DB1D69-9FFC-7899-6F4D-22C4C15ADD54}" = CCC Help Polish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{3F310D8D-AC3B-5478-5AEA-D2EF5D7437E7}" = CCC Help Swedish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4F524A00-6A76-A76A-76A7-A758B70C0F05}" = Ask Shopping Toolbar
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595007B2-E139-535C-D723-4B0442FC40F5}" = CCC Help Italian
"{5A21C631-0494-7377-1E3B-99353E04F83B}" = CCC Help Japanese
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5C565EA7-370B-4CEE-8385-3516DEE5A758}_is1" = InstallAssist
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695C04CF-CF98-FAD6-9590-6C555B2E2E79}" = CCC Help Chinese Standard
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F277272-77D6-1E03-B8BB-B408B26C5140}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A994-0ED4-4841-AD3B-5E5F72850F67}" = Catalyst Control Center Graphics Previews Vista
"{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}" = Clifford Phonics
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skypeâ„¢ 6.16
"{7C66E480-E42D-3664-B207-5CE9A706BC1F}" = Catalyst Control Center Graphics Light
"{7CAAA7B2-D9EA-2416-9D63-DDBC8E669059}" = CCC Help French
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84B4C4F4-F244-6A7E-EDC6-ECD46ACAAE59}" = CCC Help Greek
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{AF4A82A7-F453-CE12-A942-E55FAC234387}" = ccc-core-static
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5B7E8FF-62F6-FA85-4C4A-83AAF816CE6E}" = CCC Help Spanish
"{B8089767-9A45-0E84-FCDE-15698650FF17}" = CCC Help Hungarian
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BB77DC4C-B818-4FD4-8D1D-5D3B617B78B4}" = LeapFrog My Pals Plugin
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9496C0E-BE4C-7800-900B-5E66B958AEC1}" = CCC Help Russian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB1A6595-613F-9654-E58E-0876F8B0E8F3}" = Catalyst Control Center Localization All
"{EDD1E22B-249A-5ED7-BA0A-C41BAA8256ED}" = CCC Help Korean
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F252C428-A4AE-C73E-031A-C451FDD660A9}" = CCC Help Norwegian
"{F67EA3C6-38B0-675A-E2F9-8C343DE1C826}" = Catalyst Control Center Graphics Full Existing
"{F686E613-03C4-085F-188A-9E5DC1455787}" = CCC Help Turkish
"{F7F7626C-4612-BF7B-38D5-07E247973A1A}" = Catalyst Control Center Core Implementation
"{F8CA8746-F561-61D7-A496-8D4C4E1F8A57}" = CCC Help Dutch
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDDC9D3-5524-9AD1-651C-467910CC1903}" = CCC Help Finnish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CameraUserGuide-PSELPH130ISand120IS_IXUS140and135" = Canon PowerShot ELPH 130 IS and 120 IS_IXUS 140 and 135 Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC 8
"Clifford Learning Activities" = Clifford Learning Activities
"Google Chrome" = Google Chrome
"iLuminaPremiumStarter" = iLumina Gold Premium Starter
"ImageBrowser EX" = Canon Utilities ImageBrowser EX
"Installation Assistant" = Installation Assistant
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"PhotoStitch" = Canon Utilities PhotoStitch
"Putt-Putt Travels Through Time" = Putt-Putt Travels Through Time
"SSC Service Utility_is1" = SSC Service Utility v4.30
"UPCShell" = LeapFrog Connect
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4107407181-1778811561-918822078-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Amazon Music" = Amazon Music
"Amazon Kindle" = Amazon Kindle
"Smilebox" = Smilebox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/24/2014 11:26:09 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17239,
time stamp: 0x53d22ad9 Faulting module name: WOT.dll_unloaded, version: 0.0.0.0,
time stamp: 0x501a98d4 Exception code: 0xc000041d Fault offset: 0x00000000068f2388
Faulting
process id: 0x193c Faulting application start time: 0x01cfc014468a9ff4 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: WOT.dll
Report
Id: 8dc60a71-2c07-11e4-ba47-1cc1de6399df

Error - 8/24/2014 11:26:10 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17239,
time stamp: 0x53d22ad9 Faulting module name: WOT.dll_unloaded, version: 0.0.0.0,
time stamp: 0x501a98d4 Exception code: 0xc0000005 Fault offset: 0x0000000005462388
Faulting
process id: 0x2b58 Faulting application start time: 0x01cfc0143c0371db Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: WOT.dll
Report
Id: 8eb6756d-2c07-11e4-ba47-1cc1de6399df

Error - 8/24/2014 11:26:17 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17239,
time stamp: 0x53d22ad9 Faulting module name: WOT.dll_unloaded, version: 0.0.0.0,
time stamp: 0x501a98d4 Exception code: 0xc000041d Fault offset: 0x0000000005462388
Faulting
process id: 0x2b58 Faulting application start time: 0x01cfc0143c0371db Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: WOT.dll
Report
Id: 92a2fa1f-2c07-11e4-ba47-1cc1de6399df

Error - 8/24/2014 11:26:19 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17239,
time stamp: 0x53d22946 Faulting module name: WOT.dll_unloaded, version: 0.0.0.0,
time stamp: 0x501a9905 Exception code: 0xc0000005 Fault offset: 0x6ce47e4a Faulting
process id: 0x2e20 Faulting application start time: 0x01cfc014468a9ff4 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
WOT.dll Report Id: 940f2ca9-2c07-11e4-ba47-1cc1de6399df

Error - 8/24/2014 11:26:22 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17239,
time stamp: 0x53d22946 Faulting module name: WOT.dll_unloaded, version: 0.0.0.0,
time stamp: 0x501a9905 Exception code: 0xc000041d Fault offset: 0x6ce47e4a Faulting
process id: 0x2e20 Faulting application start time: 0x01cfc014468a9ff4 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
WOT.dll Report Id: 9571d9b1-2c07-11e4-ba47-1cc1de6399df

Error - 8/25/2014 12:50:13 PM | Computer Name = HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17239 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1034 Start
Time: 01cfc0835eef83ef Termination Time: 50 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 8/25/2014 10:59:15 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application name: WksWP.exe, version: 9.7.613.0, time stamp:
0x466fad27 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xed44 Faulting application
start time: 0x01cfc0d9b56aacda Faulting application path: C:\Program Files (x86)\Microsoft
Works\WksWP.exe Faulting module path: unknown Report Id: f63263b2-2ccc-11e4-a881-1cc1de6399df

Error - 8/26/2014 12:08:45 AM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17239,
time stamp: 0x53d22ad9 Faulting module name: WOT.dll_unloaded, version: 0.0.0.0,
time stamp: 0x501a98d4 Exception code: 0xc0000005 Fault offset: 0x0000000006762388
Faulting
process id: 0xfc20 Faulting application start time: 0x01cfc0e3608bc80d Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: WOT.dll
Report
Id: ab87ce59-2cd6-11e4-a881-1cc1de6399df

Error - 8/26/2014 12:08:47 AM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17239,
time stamp: 0x53d22ad9 Faulting module name: WOT.dll_unloaded, version: 0.0.0.0,
time stamp: 0x501a98d4 Exception code: 0xc000041d Fault offset: 0x0000000006762388
Faulting
process id: 0xfc20 Faulting application start time: 0x01cfc0e3608bc80d Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: WOT.dll
Report
Id: ad15af60-2cd6-11e4-a881-1cc1de6399df

Error - 8/26/2014 1:55:38 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17239,
time stamp: 0x53d22946 Faulting module name: WOT.dll, version: 12.8.2.0, time stamp:
0x501a9905 Exception code: 0xc0000005 Fault offset: 0x00015a35 Faulting process id:
0x2fe4 Faulting application start time: 0x01cfc156e9395526 Faulting application path:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path: C:\Program
Files (x86)\WOT\WOT.dll Report Id: 2fbf08a0-2d4a-11e4-a09b-1cc1de6399df

[ System Events ]
Error - 8/27/2014 9:42:01 AM | Computer Name = HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 1204.

Error - 8/27/2014 9:42:02 AM | Computer Name = HP | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 8/27/2014 9:42:02 AM | Computer Name = HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 1204.

Error - 8/27/2014 9:42:02 AM | Computer Name = HP | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 8/27/2014 9:42:02 AM | Computer Name = HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 1204.

Error - 8/27/2014 9:42:02 AM | Computer Name = HP | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 8/27/2014 9:42:02 AM | Computer Name = HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 1204.

Error - 8/27/2014 9:42:02 AM | Computer Name = HP | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 8/27/2014 9:42:02 AM | Computer Name = HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 1204.

Error - 8/27/2014 9:42:20 AM | Computer Name = HP | Source = ipnathlp | ID = 34001
Description =


< End of report >

Share this post


Link to post
Share on other sites

From Lou in a PM !

 

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 7 Update 67
Adobe Reader XI
Google Chrome 36.0.1985.143
Google Chrome 37.0.2062.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Lou there should of been another log from OTL, see if you have it in the OTL icon on your desk top !! I need it please !!

Share this post


Link to post
Share on other sites

Posted from Lou in a PM !! 

 

OTL logfile created on: 8/27/2014 8:15:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) -
Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17239) Locale: 00000409 | Country: United States | Language: ENU |
 Date Format: M/d/yyyy 3.74 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 54.56% Memory free 7.48 Gb Paging File |
 5.69 Gb Available in Paging File | 76.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
http://3.2.69.0/
3.2.69.0
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 686.92 Gb Total Space | 572.44 Gb Free Space | 83.33% Space Free | Partition Type: NTFS Drive D: | 11.48 Gb Total Space | 1.40 Gb Free Space | 12.20% Space Free |
Partition Type: NTFS Computer Name: HP | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off |
No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ==========

PRC - [2014/08/27 08:09:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.scr PRC - [2014/07/22 14:46:06 | 003,356,480 | ----
| M] () -- C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe PRC - [2014/07/14 18:21:46 | 001,390,176 | ----
| M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe PRC - [2014/07/14 18:21:06 | 001,767,520 | ----
| M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe PRC - [2014/05/12 07:24:34 | 006,970,168 | ----
| M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe PRC - [2014/05/08 07:48:38 | 000,065,432 | ----
| M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2014/03/30 20:49:47 | 000,309,704 | ----
| M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2013/10/03 11:42:30 | 000,069,120 | ----
| M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe PRC - [2011/05/27 16:57:30 | 000,562,592 | ----
| M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe PRC - [2011/05/27 16:57:28 | 002,015,136 | ----
| M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe PRC - [2011/05/27 16:57:26 | 007,025,568 | ----
| M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe PRC - [2011/03/28 12:21:16 | 000,249,648 | ----
| M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/11/19 14:38:08 | 000,193,880 | ----
| M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe PRC - [2010/11/19 14:29:00 | 004,916,568 | ----
| M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe PRC - [2010/05/20 15:26:30 | 000,762,736 | ----
| M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe PRC - [2010/03/23 14:19:32 | 001,528,616 | ----
| M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010/01/18 11:21:08 | 000,568,888 | ----
| M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2008/11/20 11:47:28 | 000,062,768 | ----
| M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ========== MOD - [2014/07/22 14:46:06 | 003,356,480 | ----
| M] () -- C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe MOD - [2014/05/14 22:40:14 | 000,805,376 | ----
| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll MOD - [2014/02/26 20:47:01 | 012,894,208 | ----
| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll MOD - [2014/02/26 20:46:54 | 001,644,544 | ----
| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll MOD - [2014/02/26 20:46:52 | 007,662,080 | ----
| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll MOD - [2014/02/26 20:46:49 | 000,976,384 | ----
| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll MOD - [2014/02/26 20:46:47 | 010,060,800 | ----
| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll MOD - [2014/02/26 20:46:42 | 016,953,856 | ----
| M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll MOD - [2014/01/20 14:17:04 | 000,073,544 | ----
| M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2014/01/20 14:16:38 | 001,044,808 | ----
| M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2013/10/03 11:42:30 | 000,112,128 | ----
| M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll MOD - [2013/10/03 11:42:30 | 000,069,120 | ----
| M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe MOD - [2011/05/27 16:57:32 | 000,022,944 | ----
| M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll MOD - [2011/05/27 16:08:56 | 000,660,480 | ----
| M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll MOD - [2010/08/22 22:01:36 | 007,187,456 | ----
| M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll MOD - [2010/08/22 22:01:08 | 000,325,632 | ----
| M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll MOD - [2010/08/22 22:01:06 | 001,954,304 | ----
| M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll MOD - [2010/08/22 22:01:06 | 000,847,360 | ----
| M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll MOD - [2010/08/22 21:32:34 | 000,119,808 | ----
| M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll MOD - [2010/01/31 23:52:12 | 008,347,648 | ----
| M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll MOD - [2010/01/31 23:52:12 | 002,244,608 | ----
| M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll MOD - [2010/01/18 11:21:08 | 000,568,888 | ----
| M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
========== Services (SafeList) ==========
SRV:64bit: - [2014/07/25 07:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] --
C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ----
| M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ----
| M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2013/09/06 11:32:06 | 000,288,776 | ----
| M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService) SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ----
| M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ----
| M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ----
| M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:64bit: - [2010/02/02 09:17:12 | 000,202,752 | ----
| M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2014/08/14 06:38:40 | 000,262,320 | ----
| M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/07/14 18:21:46 | 001,390,176 | ----
| M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc) SRV - [2014/07/14 18:21:06 | 001,767,520 | ----
| M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc) SRV - [2014/05/08 07:48:38 | 000,065,432 | ----
| M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014/03/20 16:49:18 | 000,067,224 | ----
| M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013/10/23 09:15:08 | 000,172,192 | R---
| M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/09/11 22:21:54 | 000,105,144 | ----
| M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2011/05/27 16:57:30 | 000,562,592 | ----
| M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService) SRV - [2011/04/01 12:14:30 | 000,183,560 | ----
| M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/03/28 12:21:16 | 000,249,648 | ----
| M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/11/19 14:29:00 | 004,916,568 | ----
| M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service) SRV - [2010/03/23 14:19:32 | 001,528,616 | ----
| M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/08/27 07:44:50 | 000,122,584 | ----
| M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ----
| M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/02/14 02:42:36 | 000,028,160 | ----
| M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2011/02/14 02:42:30 | 000,034,816 | ----
| M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2011/02/14 02:42:28 | 000,017,920 | ----
| M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ----
| M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ----
| M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/05/20 15:26:30 | 002,060,144 | ----
| M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000) DRV:64bit: - [2010/03/23 14:29:46 | 000,304,784 | ----
| M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ----
| M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010/03/04 08:43:00 | 000,346,144 | ----
| M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/02/08 09:32:00 | 000,014,992 | ----
| M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2010/02/02 09:55:20 | 006,366,720 | ----
| M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/02/02 08:24:00 | 000,186,880 | ----
| M] (Advanced Micro Devices,DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ----
| M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror) DRV:64bit: - [2009/12/18 21:33:34 | 000,852,256 | ----
| M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009/10/19 15:45:54 | 000,039,480 | ----
| M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/10/07 18:13:34 | 000,070,200 | ----
| M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/10/07 18:13:34 | 000,028,728 | ----
| M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ----
| M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ----
| M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ----
| M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ----
| M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ----
| M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ----
| M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ----
| M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008/11/16 19:39:44 | 000,157,968 | ----
| M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009/07/13 19:19:10 | 000,019,008 | ----
| M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{5E772DF8-7359-481C-AAD2-81FC14F249DB}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{ACFE2730-35DD-44CD-ADE0-4DC040AC32C4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{ACFE2730-35DD-44CD-ADE0-4DC040AC32C4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox{searchTerms} - Bing
www.bing.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?sourceid=navclient&ie=UTF-8
IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes,DefaultScope = {C3A23B68-A216-43F7-8407-0FDC14E5F127}
IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes\{34675275-04C9-4E97-8373-52EBA399F1B0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=43DF1F4C-D5AB-48E2-A571-F77E29575BB0&apn_sauid=C5F124D4-EF49-44B9-8B8B-112766F3BCFB
IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS394
IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes\{C3A23B68-A216-43F7-8407-0FDC14E5F127}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes\D100148B46634932924051677D2AD1C9: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS394
IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
 FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)

[2012/10/07 21:52:08 | 000,000,000 | ---D
| M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: 56BBCA761AC4ACD6B1A1FE8D89A3C062EBF4AAF1492027303AFD6152B705F1A4 (Disabled) = default_plugin
CHR - plugin: Error reading preferences file
 CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: Google Wallet = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/08/25 05:56:21 | 000,416,916 | R---
| M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    
007guard.com O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 14387 more lines...
127.0.0.1
64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
 O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [b2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe File not found
O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4107407181-1778811561-918822078-1000..\Run: [Amazon Music] C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C91E3383-1977-490F-BDE2-6A9AD44E9417}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========
[2014/08/27 07:33:23 | 000,536,576 | ----
| C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll [2014/08/27 07:32:41 | 000,000,000 | ---D
| C] -- C:\AdwCleaner [2014/08/25 18:51:51 | 000,000,000 | ---D
| C] -- C:\Program Files (x86)\Common Files\Java [2014/08/25 18:51:18 | 000,272,808 | ----
| C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014/08/25 18:51:09 | 000,175,528 | ----
| C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014/08/25 18:51:09 | 000,175,528 | ----
| C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014/08/25 18:51:09 | 000,098,216 | ----
| C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014/08/25 18:51:09 | 000,000,000 | ---D
| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014/08/25 18:45:52 | 000,000,000 | ---D
| C] -- C:\PFiles [2014/08/25 18:43:05 | 000,000,000 | ---D
| C] -- C:\Windows\SysWow64\Adobe [2014/08/24 14:50:33 | 000,000,000 | ---D
| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2014/08/24 14:49:38 | 000,000,000 | ---D
| C] -- C:\Program Files (x86)\iTunes [2014/08/24 14:49:38 | 000,000,000 | ---D
| C] -- C:\Program Files\iPod [2014/08/24 14:49:38 | 000,000,000 | ---D
| C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2014/08/24 14:49:37 | 000,000,000 | ---D
| C] -- C:\Program Files\iTunes [2014/08/19 19:04:38 | 000,000,000 | ---D
| C] -- C:\FRST [2014/08/13 22:44:13 | 001,389,208 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe [2014/08/13 22:44:13 | 000,619,672 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe [2014/08/13 22:44:13 | 000,171,160 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll [2014/08/13 22:44:13 | 000,099,480 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll [2014/08/13 22:44:12 | 000,008,856 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll [2014/08/13 22:44:12 | 000,008,856 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll [2014/08/13 22:43:55 | 000,035,480 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe [2014/08/13 22:43:55 | 000,035,480 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe [2014/08/13 07:34:10 | 000,007,168 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL [2014/08/13 07:34:10 | 000,007,168 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL [2014/08/13 07:34:10 | 000,007,168 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL [2014/08/13 07:34:10 | 000,007,168 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL [2014/08/13 07:34:10 | 000,007,168 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL [2014/08/13 07:34:10 | 000,007,168 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL [2014/08/13 07:34:10 | 000,006,656 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL [2014/08/13 07:34:10 | 000,006,656 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL [2014/08/13 07:34:10 | 000,006,656 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL [2014/08/13 07:34:10 | 000,006,656 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL [2014/08/13 07:34:00 | 003,241,984 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2014/08/13 07:34:00 | 001,941,504 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2014/08/13 07:34:00 | 001,805,824 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2014/08/13 07:33:59 | 000,504,320 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll [2014/08/13 07:33:59 | 000,337,408 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll [2014/08/13 07:33:59 | 000,112,064 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2014/08/13 07:33:55 | 000,404,480 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll [2014/08/13 07:33:49 | 000,069,632 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014/08/13 07:33:49 | 000,051,200 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014/08/13 07:33:48 | 000,597,504 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014/08/13 07:33:48 | 000,072,704 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2014/08/13 07:33:48 | 000,060,416 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2014/08/13 07:33:48 | 000,048,640 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014/08/13 07:33:48 | 000,032,768 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014/08/13 07:33:46 | 000,692,736 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014/08/13 07:33:46 | 000,061,952 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014/08/13 07:33:46 | 000,033,792 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014/08/13 07:33:45 | 002,001,920 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014/08/13 07:33:45 | 000,004,096 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014/08/13 07:33:44 | 000,452,096 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014/08/13 07:33:44 | 000,111,616 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014/08/13 07:33:43 | 000,631,808 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014/08/13 07:33:43 | 000,438,784 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014/08/13 07:33:42 | 000,066,048 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014/08/13 07:33:41 | 002,087,936 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014/08/13 07:33:39 | 001,068,032 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2014/08/13 07:33:38 | 000,704,512 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014/08/13 07:33:38 | 000,112,128 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014/08/13 07:33:37 | 000,164,864 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014/08/13 07:33:37 | 000,061,952 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2014/08/13 07:33:36 | 000,598,016 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014/08/13 07:33:36 | 000,292,864 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014/08/13 07:33:35 | 001,249,280 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2014/08/13 07:33:35 | 000,758,272 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014/08/13 07:33:35 | 000,139,264 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014/08/13 07:33:35 | 000,085,504 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014/08/13 07:33:34 | 005,824,512 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014/08/13 07:33:34 | 000,846,336 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014/08/13 07:33:34 | 000,548,352 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014/08/13 07:33:33 | 000,940,032 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014/08/13 07:33:33 | 000,195,584 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014/08/13 07:33:33 | 000,083,968 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2014/08/13 07:33:05 | 001,216,000 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2014/08/13 07:33:04 | 000,529,920 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll [2014/08/13 07:33:03 | 000,424,448 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

in\Documents\My Kindle Content [2014/08/10 19:37:11 | 000,000,000 | ---D
| C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [2014/08/10 19:37:01 | 000,000,000 | ---D
| C] -- C:\Users\Admin\AppData\Local\Amazon [2014/08/09 18:39:10 | 000,000,000 | ---D
| C] -- C:\Users\Admin\AppData\Local\{148A9304-1359-4D13-B435-906EFF6AC730} [2014/08/06 09:08:21 | 000,000,000 | ---D
| C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music [2014/08/06 09:08:17 | 000,000,000 | ---D
| C] -- C:\Users\Admin\AppData\Local\Amazon Music [2014/08/01 18:40:57 | 000,000,000 | ---D
| C] -- C:\Users\Admin\AppData\Local\{AC944D5B-F534-41D4-9900-13CADD5CC315} [2014/08/01 05:55:55 | 002,620,928 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2014/08/01 05:55:55 | 000,058,336 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2014/08/01 05:55:55 | 000,044,512 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2014/08/01 05:55:29 | 000,700,384 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2014/08/01 05:55:29 | 000,581,600 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2014/08/01 05:55:29 | 000,097,792 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2014/08/01 05:55:29 | 000,092,672 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2014/08/01 05:55:29 | 000,038,880 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2014/08/01 05:55:29 | 000,036,320 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2014/08/01 05:55:08 | 000,198,600 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2014/08/01 05:55:08 | 000,179,656 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2014/08/01 05:55:08 | 000,036,864 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2014/08/01 05:55:08 | 000,033,792 | ----
| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========
[2014/08/27 08:18:05 | 000,000,830 | ----
| M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/08/27 07:59:12 | 000,000,896 | ----
| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/08/27 07:46:04 | 000,018,736 | -H--
| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/08/27 07:46:04 | 000,018,736 | -H--
| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/08/27 07:44:50 | 000,122,584 | ----
| M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/08/27 07:44:21 | 000,001,064 | ----
| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/08/27 07:38:50 | 000,000,892 | ----
| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/08/27 07:37:59 | 000,067,584 | --S-
| M] () -- C:\Windows\bootstat.dat [2014/08/27 07:37:46 | 3013,521,408 | -HS-
| M] () -- C:\hiberfil.sys [2014/08/27 07:25:27 | 000,357,944 | ----
| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/08/26 12:02:47 | 000,002,145 | ----
| M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014/08/26 06:31:14 | 000,097,792 | ----
| M] () -- C:\Users\Admin\Documents\prophecies about Jesus.wps [2014/08/26 06:31:14 | 000,012,918 | ----
| M] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat [2014/08/25 18:50:56 | 000,098,216 | ----
| M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014/08/25 18:50:54 | 000,272,808 | ----
| M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014/08/25 18:50:53 | 000,175,528 | ----
| M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014/08/25 18:50:53 | 000,175,528 | ----
| M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014/08/25 18:40:32 | 000,001,981 | ----
| M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2014/08/25 18:31:57 | 000,002,241 | ----
| M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2014/08/24 14:50:33 | 000,001,745 | ----
| M] () -- C:\Users\Public\Desktop\iTunes.lnk [2014/08/23 17:15:05 | 000,036,352 | ----
| M] () -- C:\Users\Admin\Documents\SUNDAY SCHOOL.wps [2014/08/21 06:45:49 | 000,011,776 | ----
| M] () -- C:\Users\Admin\Documents\Deacon Meeting Notes.wps [2014/08/19 12:39:57 | 000,011,776 | ----
| M] () -- C:\Users\Admin\Documents\reference tara.wps [2014/08/14 06:38:40 | 000,699,568 | ----
| M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014/08/14 06:38:39 | 000,071,344 | ----
| M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014/08/10 19:37:14 | 000,002,191 | ----
| M] () -- C:\Users\Admin\Desktop\Kindle.lnk [2014/08/06 20:06:41 | 000,529,920 | ----
| M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll [2014/08/06 20:01:34 | 000,424,448 | ----
| M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2014/08/06 11:27:46 | 000,782,470 | ----
| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/08/06 11:27:46 | 000,662,384 | ----
| M] () -- C:\Windows\SysNative\perfh009.dat [2014/08/06 11:27:46 | 000,122,252 | ----
| M] () -- C:\Windows\SysNative\perfc009.dat [2014/08/04 19:46:42 | 000,012,800 | ----
| M] () -- C:\Users\Admin\Documents\heart mtn realty.wps [2014/07/31 17:18:54 | 000,000,544 | ----
| M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2014/07/31 06:54:22 | 000,010,752 | ----
| M] () -- C:\Users\Admin\Documents\Carrier RCA policy.wps [2014/07/31 06:24:22 | 000,025,088 | ----
| M] () -- C:\Users\Admin\Documents\thoughts.wps [2014/07/28 14:16:28 | 000,011,264 | ----
| M] () -- C:\Users\Admin\Documents\Dilly Beans.wps [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========
[2014/08/26 06:31:14 | 000,097,792 | ----
| C] () -- C:\Users\Admin\Documents\prophecies about Jesus.wps [2014/08/25 18:40:32 | 000,002,441 | ----
| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2014/08/25 18:40:32 | 000,001,981 | ----
| C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2014/08/25 18:31:57 | 000,002,145 | ----
| C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014/08/24 14:50:33 | 000,001,745 | ----
| C] () -- C:\Users\Public\Desktop\iTunes.lnk [2014/08/19 12:27:48 | 000,011,776 | ----
| C] () -- C:\Users\Admin\Documents\reference tara.wps [2014/08/10 19:37:14 | 000,002,191 | ----
| C] () -- C:\Users\Admin\Desktop\Kindle.lnk [2014/08/04 19:46:42 | 000,012,800 | ----
| C] () -- C:\Users\Admin\Documents\heart mtn realty.wps [2014/07/31 06:49:42 | 000,010,752 | ----
| C] () -- C:\Users\Admin\Documents\Carrier RCA policy.wps [2014/07/28 14:16:28 | 000,011,264 | ----
| C] () -- C:\Users\Admin\Documents\Dilly Beans.wps [2013/04/19 10:29:35 | 000,000,000 | ----
| C] () -- C:\Windows\PowerReg.dat [2013/04/19 10:28:54 | 000,000,516 | ----
| C] () -- C:\Windows\hegames.ini [2013/04/14 18:05:27 | 000,000,000 | ----
| C] () -- C:\Windows\setup32.INI [2012/01/28 22:07:59 | 000,000,000 | ----
| C] () -- C:\Users\Admin\AppData\Local\{ACB8D88A-54F1-4DDC-AFF8-049A6ED809A7} [2011/10/21 22:42:04 | 000,000,000 | ----
| C] () -- C:\Users\Admin\AppData\Local\{95842444-C6FE-45A4-9F05-D0DC849F8F95} [2011/10/11 21:45:36 | 000,000,000 | ----
| C] () -- C:\Users\Admin\AppData\Local\{650EA41C-2FA1-4289-A888-D6290E9FC358} [2011/09/25 21:40:43 | 000,000,000 | ----
| C] () -- C:\Users\Admin\AppData\Local\{F2EBCA02-4A98-466C-9207-11AF069041DE} [2011/07/07 12:09:01 | 000,000,600 | ----
| C] () -- C:\Users\Admin\PUTTY.RND [2010/08/24 20:25:20 | 000,012,918 | ----
| C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () --
C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ----
| M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ----
| M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ----
| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll --
[2010/11/20 06:19:02 | 000,606,208 | ----
| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ----
| M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========
[2011/06/02 22:31:32 | 000,000,000 | ---D
| M] -- C:\Users\Admin\AppData\Roaming\Amazon [2013/12/26 21:23:28 | 000,000,000 | ---D
| M] -- C:\Users\Admin\AppData\Roaming\canon [2013/12/26 21:31:10 | 000,000,000 | ---D
| M] -- C:\Users\Admin\AppData\Roaming\Canon_Inc_IC [2014/04/09 17:52:19 | 000,000,000 | ---D
| M] -- C:\Users\Admin\AppData\Roaming\EncryptStick [2012/10/07 22:06:25 | 000,000,000 | ---D
| M] -- C:\Users\Admin\AppData\Roaming\OfficeSuiteX [2012/10/29 22:44:44 | 000,000,000 | ---D
| M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2013/05/02 19:25:17 | 000,000,000 | ---D
| M] -- C:\Users\Admin\AppData\Roaming\Oracle [2010/08/25 05:30:03 | 000,000,000 | ---D
| M] -- C:\Users\Admin\AppData\Roaming\PictureMover [2014/01/03 08:00:17 | 000,000,000 | ---D
| M] -- C:\Users\Admin\AppData\Roaming\Smilebox [2010/08/24 20:25:22 | 000,000,000 | ---D
| M] -- C:\Users\Admin\AppData\Roaming\Template [2011/07/07 11:55:18 | 000,000,000 | ---D
| M] -- C:\Users\Admin\AppData\Roaming\WinBatch [2011/01/21 10:14:37 | 000,000,000 | ---D
| M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
 

Share this post


Link to post
Share on other sites

Lou, i will be right back with a fix that i will write for this computer only !!

 

Chuck

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this