Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

IE opens about every hour [Closed]

Started by sharpsr , Aug 29 2013 05:08 AM

This topic is locked

#1
sharpsr

Posted 29 August 2013 - 05:08 AM

New Member

Member
8 posts

2 or 3 days ago IE started opening itself about every hour and I would get a dll error and norton would delete it. Starting today it opens the same but no longer do I get the error message and norton does not see it.

I was working with someone from norton but he had to go and suggested this site. Downloaded (First 64) and ran it and got 2 files - Addition.txt and First.txt.

OTL logfile created on: 8/29/2013 5:51:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sharpsr\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 5.29 Gb Available Physical Memory | 68.34% Memory free
15.54 Gb Paging File | 13.38 Gb Available in Paging File | 86.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 416.42 Gb Free Space | 60.78% Space Free | Partition Type: NTFS
Drive D: | 13.41 Gb Total Space | 1.46 Gb Free Space | 10.87% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1409.56 Gb Free Space | 75.66% Space Free | Partition Type: NTFS
Drive K: | 83.91 Gb Total Space | 79.25 Gb Free Space | 94.45% Space Free | Partition Type: NTFS
Drive M: | 9.44 Gb Total Space | 1.06 Gb Free Space | 11.21% Space Free | Partition Type: FAT32

Computer Name: OFFICE-PC | User Name: sharpsr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/29 05:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sharpsr\Desktop\OTL.exe
PRC - [2013/08/20 16:17:22 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
PRC - [2013/06/23 05:22:18 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/05/18 01:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2011/12/19 00:20:46 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/24 07:40:02 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2008/09/24 07:39:56 | 000,118,784 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2008/09/04 07:21:50 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2008/09/04 07:14:52 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2008/09/04 07:14:44 | 000,049,152 | ---- | M] () -- C:\Windows\SysWOW64\BeepApp.exe

========== Modules (No Company Name) ==========

MOD - [2013/08/14 06:52:19 | 000,229,888 | ---- | M] () -- C:\Users\sharpsr\AppData\Local\ApplicationHistory\oahfji.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/02/03 05:17:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/08/20 17:17:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/07 21:00:22 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/23 05:22:18 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe -- (ScsiAccess)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/05/18 01:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2011/12/19 00:20:46 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/09/23 18:47:22 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/04 07:21:50 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/17 04:19:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 00:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/05/21 00:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/05/16 00:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/04/24 19:43:56 | 000,457,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/03/04 20:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2013/03/04 20:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2012/05/16 11:13:34 | 000,105,624 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/02/03 05:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/02/03 05:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/03 04:24:00 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/26 21:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/25 11:32:58 | 000,220,248 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2009/06/25 11:32:58 | 000,010,840 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2009/06/25 11:32:58 | 000,010,584 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2009/05/24 08:36:52 | 000,626,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2008/11/19 05:42:38 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2008/10/09 19:04:04 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/05/28 20:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/04/23 13:15:48 | 000,031,016 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtlProt.sys -- (RtlProt)
DRV:64bit: - [2007/01/29 20:19:26 | 000,438,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2007/01/29 20:19:04 | 000,055,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM)
DRV - [2013/08/28 18:17:54 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130828.024\ex64.sys -- (NAVEX15)
DRV - [2013/08/28 18:17:52 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130828.024\eng64.sys -- (NAVENG)
DRV - [2013/08/27 05:32:12 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/08/27 05:32:12 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/20 17:38:13 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130828.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/05/31 11:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/07/01 15:24:50 | 000,004,992 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\enport.sys -- (enport)
DRV - [2010/01/29 11:40:14 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009/12/14 23:17:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {797D1CEA-975D-4D20-9E4A-3465A854B8BC}
IE:64bit: - HKLM\..\SearchScopes\{797D1CEA-975D-4D20-9E4A-3465A854B8BC}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9D367194-31E6-4453-96CD-E4E56088E817}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {288C80B7-DDBC-456C-8F1D-4BE4A614750F}
IE - HKLM\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKLM\..\SearchScopes\{797D1CEA-975D-4D20-9E4A-3465A854B8BC}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{9D367194-31E6-4453-96CD-E4E56088E817}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://familytreemak...p-Sr/index.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.search...si=10179&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.search...si=10179&home=1
IE - HKCU\..\SearchScopes,DefaultScope = {224DDEF1-0965-48EF-83DC-CBD75253C953}
IE - HKCU\..\SearchScopes\{224DDEF1-0965-48EF-83DC-CBD75253C953}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\sharpsr\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2013/08/29 05:04:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/14 12:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/14 12:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ [2012/12/04 08:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/07 21:00:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/08/07 21:00:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/07 21:00:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/08/07 21:00:19 | 000,000,000 | ---D | M]

[2012/07/26 16:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Extensions
[2013/08/14 11:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/08/25 14:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2013/08/25 14:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions
[2013/08/25 14:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/12/03 21:39:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2099/01/01 12:00:00 | 000,005,278 | ---- | M] () (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions\[email protected]
[2012/11/25 21:45:10 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2099/01/01 12:00:00 | 000,005,278 | ---- | M] () (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2012/07/31 06:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2099/01/01 12:00:00 | 000,005,278 | ---- | M] () (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\[email protected]
[2012/09/23 13:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/02/18 17:07:16 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.libronix.net # Block Libronix update.
O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\sharpsr\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\sharpsr\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {38542454-DFB6-44F5-B052-D4E071A3D073} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC0204D3-8D84-4A40-8514-B1DB073973C3}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E616433D-9D9C-4826-BE5C-24FA45F092AB}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\jpip - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sidlet - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\jpip {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll (LizardTech)
O18 - Protocol\Handler\sidlet {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll (LizardTech)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\sharpsr\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\sharpsr\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/31 21:41:11 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/13 06:12:23 | 000,000,067 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - M:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - M:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{39282bba-0fce-11e0-9f38-0024211816c6}\Shell - "" = AutoRun
O33 - MountPoints2\{39282bba-0fce-11e0-9f38-0024211816c6}\Shell\AutoRun\command - "" = L:\StormF1.exe
O33 - MountPoints2\{6ee22b39-81a5-11e1-b314-0024211816c6}\Shell - "" = AutoRun
O33 - MountPoints2\{6ee22b39-81a5-11e1-b314-0024211816c6}\Shell\AutoRun\command - "" = G:\StormF1.exe
O33 - MountPoints2\{9412eefe-3331-11e1-a7cb-0024211816c6}\Shell - "" = AutoRun
O33 - MountPoints2\{9412eefe-3331-11e1-a7cb-0024211816c6}\Shell\AutoRun\command - "" = G:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{ee4b72c3-0b69-11e0-9d21-0024211816c6}\Shell - "" = AutoRun
O33 - MountPoints2\{ee4b72c3-0b69-11e0-9d21-0024211816c6}\Shell\AutoRun\command - "" = L:\StormF1.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sh4native Sh4Removal)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/29 05:32:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sharpsr\Desktop\OTL.exe
[2013/08/28 21:25:03 | 000,000,000 | ---D | C] -- C:\FRST
[2013/08/28 21:23:40 | 001,579,080 | ---- | C] (Farbar) -- C:\Users\sharpsr\Desktop\FRST64.exe
[2013/08/27 06:39:51 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\ParetoLogic
[2013/08/27 06:39:43 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2013/08/27 06:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2013/08/27 06:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/08/27 06:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2013/08/25 05:01:56 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SevenZip 9.20
[2013/08/25 05:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SevenZip
[2013/08/25 05:01:44 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Local\SwvUpdater
[2013/08/23 08:58:08 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Local\liQeNSoft
[2013/08/23 08:58:07 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\liQeNSoft
[2013/08/23 08:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2013/08/23 08:47:17 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\QuickScan
[2013/08/23 08:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/08/23 08:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/08/22 22:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013/08/22 19:58:12 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\Malwarebytes
[2013/08/22 19:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/21 17:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VHS2DVD Wizard
[2013/08/21 17:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VHS2DVD Wizard
[2013/08/19 09:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Idea Spectrum
[2013/08/19 09:43:39 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\Documents\Realtime Landscaping Pro 5
[2013/08/19 09:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtime Landscaping Pro 5
[2013/08/19 09:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtime Landscaping Pro 5
[2013/08/19 07:38:37 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\Documents\Realtime Landscaping Photo 5
[2013/08/19 07:38:24 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\Documents\Realtime Landscaping Architect 2
[2013/08/19 07:34:36 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\Documents\Realtime Landscaping Architect 2013 Trial
[2013/08/16 05:35:17 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\dll-files.com
[2013/08/16 05:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2013/08/16 05:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
[2013/08/16 05:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dll-Files.com Fixer
[2013/08/14 14:49:49 | 000,000,000 | R--D | C] -- C:\Users\sharpsr\Documents\HP Photo Creations
[2013/08/14 14:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/08/14 14:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2013/08/14 11:30:04 | 005,337,328 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2013/08/14 11:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners
[2013/08/14 11:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleaners
[2013/08/14 11:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/08/14 11:17:55 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Cleaners
[2013/08/14 11:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2013/08/07 21:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/08/06 19:06:20 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\Online Video Accelerator
[2013/08/06 18:51:56 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
[2013/08/06 18:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer
[2013/08/06 12:04:08 | 000,000,000 | ---D | C] -- C:\Riesselman
[2013/08/05 20:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2013/08/05 20:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\VSO
[2013/08/05 19:59:23 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\sharpsr\AppData\Roaming\pcouffin.sys
[2013/08/05 19:59:22 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\Documents\PcSetup
[2013/08/04 06:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/08/04 06:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/08/01 05:00:55 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Local\Morpheus Software
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/29 05:38:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/08/29 05:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sharpsr\Desktop\OTL.exe
[2013/08/29 05:30:50 | 000,000,221 | ---- | M] () -- C:\Users\sharpsr\Desktop\How to fix Google Redirects - Geeks to Go Forums.url
[2013/08/29 05:16:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/29 05:02:37 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/08/29 05:01:33 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/29 05:01:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/29 05:01:28 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/08/29 05:01:26 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\RegClean System Startup.job
[2013/08/29 05:00:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/28 22:22:39 | 000,000,251 | ---- | M] () -- C:\Users\sharpsr\Desktop\Internet Explorer 9 opens about every hour - Windows Vista.url
[2013/08/28 21:45:45 | 000,000,253 | ---- | M] () -- C:\Users\sharpsr\Desktop\Internet Explorer 9 opens about every hour - Norton Community.url
[2013/08/28 21:23:43 | 001,579,080 | ---- | M] (Farbar) -- C:\Users\sharpsr\Desktop\FRST64.exe
[2013/08/28 18:37:12 | 000,002,328 | ---- | M] () -- C:\{5ABA8EFA-86A5-4F21-96AF-AC520D084676}
[2013/08/28 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/08/28 17:22:05 | 029,762,342 | ---- | M] () -- C:\Users\sharpsr\Documents\Resolved Security Risks.mcf
[2013/08/28 11:30:00 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\pc-dis-upd.job
[2013/08/27 17:01:13 | 000,098,816 | ---- | M] () -- C:\Users\sharpsr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/27 07:07:08 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/08/27 06:39:43 | 000,000,993 | ---- | M] () -- C:\Users\sharpsr\Desktop\RegCure Pro.lnk
[2013/08/25 07:50:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/24 13:30:34 | 000,000,132 | ---- | M] () -- C:\Users\sharpsr\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/08/24 05:35:13 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013/08/23 09:35:36 | 000,207,552 | ---- | M] () -- C:\ProgramData\1377268330.bdinstall.bin
[2013/08/23 08:57:16 | 001,982,096 | ---- | M] () -- C:\ProgramData\1377265600.bdinstall.bin
[2013/08/23 08:51:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/08/23 08:43:42 | 000,001,174 | ---- | M] () -- C:\0
[2013/08/21 17:12:43 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\VHS2DVD Wizard.lnk
[2013/08/21 05:37:46 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/08/20 07:09:54 | 000,010,918 | -H-- | M] () -- C:\Users\sharpsr\Documents\mvstcdxx.lst
[2013/08/19 10:57:10 | 000,000,741 | ---- | M] () -- C:\Users\sharpsr\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/08/19 09:57:41 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Realtime Landscaping Pro 5.lnk
[2013/08/19 09:57:39 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Realtime Picture Editor.lnk
[2013/08/19 09:57:37 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Realtime Landscaping Photo 5.lnk
[2013/08/16 05:35:08 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\Dll-Files Fixer.lnk
[2013/08/15 13:24:06 | 000,000,132 | ---- | M] () -- C:\Users\sharpsr\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2013/08/14 14:49:36 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/08/14 11:30:04 | 000,000,773 | ---- | M] () -- C:\Users\sharpsr\Desktop\PC Cleaner Pro.lnk
[2013/08/14 11:27:11 | 005,337,328 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2013/08/13 21:00:17 | 000,788,778 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/13 21:00:17 | 000,652,330 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/13 21:00:17 | 000,123,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/08 14:56:02 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsharpsr.job
[2013/08/06 19:07:13 | 000,000,009 | ---- | M] () -- C:\END
[2013/08/06 18:51:56 | 000,000,846 | ---- | M] () -- C:\Users\sharpsr\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2013/08/05 20:01:58 | 000,099,384 | ---- | M] () -- C:\Users\sharpsr\AppData\Roaming\inst.exe
[2013/08/05 20:01:58 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\sharpsr\AppData\Roaming\pcouffin.sys
[2013/08/05 20:01:58 | 000,007,859 | ---- | M] () -- C:\Users\sharpsr\AppData\Roaming\pcouffin.cat
[2013/08/05 20:01:58 | 000,001,167 | ---- | M] () -- C:\Users\sharpsr\AppData\Roaming\pcouffin.inf
[2013/08/05 20:01:53 | 000,001,017 | ---- | M] () -- C:\Users\sharpsr\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk
[2013/08/05 07:19:14 | 000,001,189 | ---- | M] () -- C:\Users\sharpsr\AppData\Roaming\vso_ts_preview.xml
[2013/08/03 14:58:48 | 000,139,081 | ---- | M] () -- C:\spyhunter.fix
[2013/07/30 13:09:08 | 000,000,132 | ---- | M] () -- C:\Users\sharpsr\AppData\Roaming\Adobe BMP Format CS5 Prefs
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/29 05:30:50 | 000,000,221 | ---- | C] () -- C:\Users\sharpsr\Desktop\How to fix Google Redirects - Geeks to Go Forums.url
[2013/08/28 22:22:39 | 000,000,251 | ---- | C] () -- C:\Users\sharpsr\Desktop\Internet Explorer 9 opens about every hour - Windows Vista.url
[2013/08/28 21:45:45 | 000,000,253 | ---- | C] () -- C:\Users\sharpsr\Desktop\Internet Explorer 9 opens about every hour - Norton Community.url
[2013/08/28 18:37:12 | 000,002,328 | ---- | C] () -- C:\{5ABA8EFA-86A5-4F21-96AF-AC520D084676}
[2013/08/28 17:21:43 | 029,762,342 | ---- | C] () -- C:\Users\sharpsr\Documents\Resolved Security Risks.mcf
[2013/08/27 06:41:18 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/08/27 06:39:43 | 000,000,993 | ---- | C] () -- C:\Users\sharpsr\Desktop\RegCure Pro.lnk
[2013/08/27 06:39:41 | 000,000,498 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/08/27 06:39:40 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/08/25 05:19:08 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/08/25 05:01:44 | 000,000,364 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/08/24 13:30:34 | 000,000,132 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/08/23 09:35:36 | 000,207,552 | ---- | C] () -- C:\ProgramData\1377268330.bdinstall.bin
[2013/08/23 08:57:15 | 001,982,096 | ---- | C] () -- C:\ProgramData\1377265600.bdinstall.bin
[2013/08/23 08:51:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/08/21 17:12:43 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\VHS2DVD Wizard.lnk
[2013/08/20 07:09:54 | 000,010,918 | -H-- | C] () -- C:\Users\sharpsr\Documents\mvstcdxx.lst
[2013/08/19 10:57:10 | 000,000,741 | ---- | C] () -- C:\Users\sharpsr\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/08/19 09:57:40 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Realtime Landscaping Pro 5.lnk
[2013/08/19 09:57:38 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Realtime Picture Editor.lnk
[2013/08/19 09:57:37 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\Realtime Landscaping Photo 5.lnk
[2013/08/16 05:35:23 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013/08/16 05:35:21 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/08/16 05:35:08 | 000,000,895 | ---- | C] () -- C:\Users\Public\Desktop\Dll-Files Fixer.lnk
[2013/08/14 14:47:22 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/08/14 14:47:20 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/08/14 11:30:03 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\pc-dis-upd.job
[2013/08/14 11:17:55 | 000,000,773 | ---- | C] () -- C:\Users\sharpsr\Desktop\PC Cleaner Pro.lnk
[2013/08/06 19:06:20 | 000,000,009 | ---- | C] () -- C:\END
[2013/08/06 18:51:55 | 000,000,846 | ---- | C] () -- C:\Users\sharpsr\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2013/08/05 20:01:52 | 000,001,017 | ---- | C] () -- C:\Users\sharpsr\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk
[2013/08/05 19:59:23 | 000,099,384 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\inst.exe
[2013/08/05 19:59:23 | 000,007,859 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\pcouffin.cat
[2013/08/05 19:59:23 | 000,001,167 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\pcouffin.inf
[2013/07/30 13:09:08 | 000,000,132 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/05/14 20:09:42 | 000,011,522 | -H-- | C] () -- C:\Users\sharpsr\mvstcdxx.lst
[2013/04/08 17:01:12 | 000,000,167 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\PLGComp.ini
[2012/12/22 11:22:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Displays
[2012/12/22 11:22:27 | 000,000,268 | RH-- | C] () -- C:\Users\sharpsr\AppData\Roaming\Digital Basic
[2012/12/22 11:22:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/12/22 11:22:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Examples
[2012/12/22 11:22:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\DirectoryService
[2012/12/22 11:22:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Digital Mono
[2012/12/22 11:22:26 | 000,000,268 | RH-- | C] () -- C:\Users\sharpsr\AppData\Roaming\Dictionaries
[2012/12/22 11:22:26 | 000,000,268 | RH-- | C] () -- C:\Users\sharpsr\AppData\Roaming\Dialogs
[2012/12/22 11:22:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/12/22 11:22:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/12/22 11:22:26 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Equalizer
[2012/12/22 11:22:26 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Enhance Timing
[2012/08/29 14:34:53 | 000,000,061 | ---- | C] () -- C:\Users\sharpsr\.gtk-bookmarks
[2012/07/31 13:04:31 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2012/05/28 11:22:33 | 000,000,732 | ---- | C] () -- C:\Users\sharpsr\AppData\Local\d3d9caps64.dat
[2012/05/16 16:40:38 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/04/25 17:35:47 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\320c9ee3
[2012/04/25 17:35:47 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\31b540b1
[2012/04/25 17:34:54 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\1605d956
[2012/04/25 17:34:54 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\15d3a8b0
[2012/04/25 17:34:49 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\41bbf5b3
[2012/04/25 17:34:49 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\4162db25
[2012/04/25 17:33:34 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\11805fed
[2012/04/25 17:33:34 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\1128d69f
[2012/04/25 17:33:26 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\de34f115
[2012/04/25 17:33:26 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\ddde77b1
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\80e07dd1
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\80b39f62
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\805a8e85
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\802daf99
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7ffc37f1
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7f52869d
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7f240c0e
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7dffa936
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7dd29a7e
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\78045046
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\77c291b1
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\779ad6d7
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7774b540
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7748904d
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7715a3d9
[2012/04/25 17:32:17 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5d487d29
[2012/04/25 17:32:17 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5cef0ae2
[2012/04/25 17:32:14 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\c077e309
[2012/04/25 17:32:14 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\c01c6404
[2012/04/25 17:30:32 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\31f45873
[2012/04/25 17:30:32 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\319b7987
[2012/04/25 17:30:24 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\985c8656
[2012/04/25 17:30:24 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\97f8ac80
[2012/04/25 17:28:35 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\b5b1082e
[2012/04/25 17:28:35 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\b556dc6e
[2012/04/25 17:28:31 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\67845a4d
[2012/04/25 17:28:31 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\672bc531
[2012/04/25 17:24:34 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\1e46ed04
[2012/04/25 17:24:34 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\1df14ccb
[2012/04/25 17:24:19 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\c0d7e83a
[2012/04/25 17:24:19 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\c07e1970
[2012/04/25 17:21:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\9f1995ed
[2012/04/25 17:21:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\9ec05db6
[2012/04/25 17:21:06 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\ddf9fb1f
[2012/04/25 17:21:06 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\dda1b211
[2012/04/25 17:14:42 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7b4ebb99
[2012/04/25 17:14:42 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7af468df
[2012/04/25 17:14:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\55a609cf
[2012/04/25 17:14:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5552184c
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\917a9578
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\9126638a
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\90c1230b
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\9099dd58
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\906b7c7f
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8fbd977e
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8f8dc78e
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8dcbf0e9
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8d9ceaad
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\89e343a5
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\89bc4157
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\89934bb9
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\896a8a4a
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\893dc8bc
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8909f629
[2012/04/25 17:13:53 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\b7b50ef0
[2012/04/25 17:13:53 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\b75769aa
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5e563df8
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5e27b599
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5db6075f
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5d8eddd7
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5d5dd6fe
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5c71e6b6
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5c424a96
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5ad33fce
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5aa308ec
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\568edff2
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\566a4d00
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\563a372f
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\561398a8
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\55e6f420
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\55b34881
[2012/03/23 13:08:06 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/12 14:30:23 | 000,000,132 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2012/02/27 18:59:25 | 000,028,547 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\aq
[2012/02/25 13:22:08 | 000,632,284 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/02/23 16:23:14 | 000,020,000 | -H-- | C] () -- C:\ProgramData\T09F8
[2011/11/19 06:18:26 | 000,000,774 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/14 14:38:54 | 000,742,220 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/11/14 14:38:54 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/10 07:41:56 | 000,000,082 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\wklnhst.dat
[2011/09/03 14:43:00 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2011/06/14 10:06:56 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/06/03 06:58:00 | 000,001,356 | ---- | C] () -- C:\Users\sharpsr\AppData\Local\d3d9caps.dat
[2011/05/02 20:47:42 | 000,125,037 | ---- | C] () -- C:\Users\sharpsr\video.php
[2011/04/20 10:38:17 | 000,072,080 | ---- | C] () -- C:\Users\sharpsr\g2mdlhlpx.exe
[2011/01/26 07:15:05 | 000,005,099 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj
[2011/01/22 12:07:11 | 004,510,572 | ---- | C] () -- C:\Users\sharpsr\Branson Trip October 2010 (97) 12x8.jpg
[2011/01/10 13:39:13 | 000,000,000 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\chrtmp
[2011/01/07 20:46:53 | 000,000,990 | -HS- | C] () -- C:\Users\sharpsr\AppData\Roaming\systemfl.$dk
[2010/12/26 08:15:44 | 000,001,189 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\vso_ts_preview.xml
[2010/12/13 20:41:24 | 000,098,816 | ---- | C] () -- C:\Users\sharpsr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/13 20:21:40 | 000,000,132 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\Adobe GIF Format CS5 Prefs

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/27 19:01:39 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Anthropics
[2011/04/20 06:21:05 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Athentech
[2013/08/18 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Audacity
[2012/04/25 17:12:26 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Boilsoft
[2012/03/14 21:27:59 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\calibre
[2011/10/16 21:32:14 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/26 17:10:48 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Complitly
[2011/01/10 13:39:09 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\DbqjTCEYBGTdyM
[2011/07/01 20:06:17 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\DeLorme
[2011/09/08 15:46:14 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Digiarty
[2012/08/04 09:24:23 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Digital Detective
[2012/07/31 13:09:51 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\DiscWorks
[2013/08/16 05:35:17 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\dll-files.com
[2013/08/14 11:45:46 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\DMCache
[2013/06/16 23:05:46 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\DriverCure
[2012/02/24 10:45:42 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Dropbox
[2013/07/09 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\DVDVideoSoft
[2010/12/25 22:33:59 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\FDRLab
[2011/12/14 20:11:01 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\FixCleaner
[2013/06/16 23:05:46 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Foresight Software
[2013/08/19 07:35:27 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\GetRightToGo
[2012/08/29 14:36:35 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\gtk-2.0
[2013/08/27 06:51:38 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\IDM
[2011/08/30 11:30:08 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Image Zone Express
[2012/12/03 21:31:38 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\IObit
[2011/02/01 21:48:45 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\IrfanView
[2012/02/23 16:24:28 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Lasersoft Imaging
[2013/08/23 08:58:07 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\liQeNSoft
[2012/12/04 08:32:27 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\MP3 Joiner
[2013/08/14 11:44:22 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\MusicNet
[2011/10/24 15:59:09 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\NCH Swift Sound
[2012/09/29 14:52:01 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\NeatImage SL
[2013/06/23 05:23:36 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Netscape
[2012/12/22 11:39:08 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Nikon
[2011/06/27 19:53:47 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Nuance
[2013/08/06 19:06:20 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Online Video Accelerator
[2011/08/15 14:42:18 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\onOne Software
[2013/08/27 06:39:51 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\ParetoLogic
[2011/04/15 18:07:20 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Photodex
[2013/08/14 11:45:46 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\PhotoMontageGuide
[2010/12/24 23:30:10 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Printer Info Cache
[2011/11/02 21:06:18 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Product_RM
[2010/12/27 08:28:29 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Publish Providers
[2013/08/23 08:47:17 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\QuickScan
[2012/12/04 08:30:35 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\RegClean
[2013/06/19 06:51:07 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Registry Mechanic
[2011/06/27 19:59:45 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\ScanSoft
[2013/08/22 20:18:42 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\SearchProtect
[2011/11/28 08:14:04 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Snapfish
[2013/08/14 11:44:22 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Sony
[2010/12/13 20:24:00 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/10/10 07:42:38 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Template
[2012/10/18 17:23:26 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Thinstall
[2012/07/26 16:11:56 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Thunderbird
[2012/03/09 23:11:34 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Tiffen
[2013/08/28 16:00:15 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\uTorrent
[2011/12/13 22:14:01 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Visan
[2013/08/27 08:50:26 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Vso
[2011/05/25 10:47:37 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\WinBatch
[2012/07/26 06:02:03 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Windows Live Writer
[2011/06/27 19:59:48 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Zeon

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9B013599
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:60466E88

< End of report >

#2
Essexboy

Posted 29 August 2013 - 07:58 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi let me know if this resolves the problem

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[CREATERESTOREPOINT]

:OTL
[2099/01/01 12:00:00 | 000,005,278 | ---- | M] () (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions\[email protected]
[2099/01/01 12:00:00 | 000,005,278 | ---- | M] () (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2099/01/01 12:00:00 | 000,005,278 | ---- | M] () (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\[email protected]
O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\sharpsr\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\sharpsr\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {38542454-DFB6-44F5-B052-D4E071A3D073} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2013/08/25 05:01:44 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Local\SwvUpdater
[2013/08/23 08:58:08 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Local\liQeNSoft
[2013/08/23 08:58:07 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\liQeNSoft
[2013/08/29 05:02:37 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/08/29 05:01:28 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/08/29 05:01:26 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\RegClean System Startup.job
[2011/05/26 17:10:48 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Complitly
[2011/01/10 13:39:09 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\DbqjTCEYBGTdyM

:Files
C:\Users\sharpsr\AppData\Local\ApplicationHistory\oahfji.dll

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.

Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
post the contents of JRT.txt into your next message.

#3
sharpsr

Posted 29 August 2013 - 02:19 PM

New Member

Topic Starter
Member
8 posts

Downloaded and Ran Junkware Removal Tool:

OTL logfile created on: 8/29/2013 2:36:31 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sharpsr\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 5.71 Gb Available Physical Memory | 73.79% Memory free
15.54 Gb Paging File | 13.60 Gb Available in Paging File | 87.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 423.75 Gb Free Space | 61.85% Space Free | Partition Type: NTFS
Drive D: | 13.41 Gb Total Space | 1.46 Gb Free Space | 10.87% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1409.56 Gb Free Space | 75.66% Space Free | Partition Type: NTFS
Drive K: | 83.91 Gb Total Space | 79.25 Gb Free Space | 94.45% Space Free | Partition Type: NTFS
Drive M: | 9.44 Gb Total Space | 1.06 Gb Free Space | 11.21% Space Free | Partition Type: FAT32

Computer Name: OFFICE-PC | User Name: sharpsr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/29 05:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sharpsr\Desktop\OTL.exe
PRC - [2013/08/20 16:17:22 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
PRC - [2013/06/23 05:22:18 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/05/18 01:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2011/12/19 00:20:46 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/24 07:40:02 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2008/09/24 07:39:56 | 000,118,784 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2008/09/04 07:21:50 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2008/09/04 07:14:52 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2008/09/04 07:14:44 | 000,049,152 | ---- | M] () -- C:\Windows\SysWOW64\BeepApp.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/02/03 05:17:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/08/20 17:17:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/07 21:00:22 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/23 05:22:18 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe -- (ScsiAccess)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/05/18 01:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2011/12/19 00:20:46 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/09/23 18:47:22 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/04 07:21:50 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/17 04:19:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 00:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/05/21 00:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/05/16 00:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/04/24 19:43:56 | 000,457,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/03/04 20:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2013/03/04 20:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2012/05/16 11:13:34 | 000,105,624 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/02/03 05:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/02/03 05:55:20 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/03 04:24:00 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/26 21:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/25 11:32:58 | 000,220,248 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2009/06/25 11:32:58 | 000,010,840 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2009/06/25 11:32:58 | 000,010,584 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2009/05/24 08:36:52 | 000,626,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2008/11/19 05:42:38 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2008/10/09 19:04:04 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/05/28 20:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/04/23 13:15:48 | 000,031,016 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtlProt.sys -- (RtlProt)
DRV:64bit: - [2007/01/29 20:19:26 | 000,438,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2007/01/29 20:19:04 | 000,055,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM)
DRV - [2013/08/28 18:17:54 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130829.002\ex64.sys -- (NAVEX15)
DRV - [2013/08/28 18:17:52 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130829.002\eng64.sys -- (NAVENG)
DRV - [2013/08/27 05:32:12 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/08/27 05:32:12 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/20 17:38:13 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130828.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/05/31 11:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/07/01 15:24:50 | 000,004,992 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\enport.sys -- (enport)
DRV - [2010/01/29 11:40:14 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009/12/14 23:17:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {797D1CEA-975D-4D20-9E4A-3465A854B8BC}
IE:64bit: - HKLM\..\SearchScopes\{797D1CEA-975D-4D20-9E4A-3465A854B8BC}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9D367194-31E6-4453-96CD-E4E56088E817}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {288C80B7-DDBC-456C-8F1D-4BE4A614750F}
IE - HKLM\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKLM\..\SearchScopes\{797D1CEA-975D-4D20-9E4A-3465A854B8BC}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{9D367194-31E6-4453-96CD-E4E56088E817}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://familytreemak...p-Sr/index.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.search...si=10179&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.search...si=10179&home=1
IE - HKCU\..\SearchScopes,DefaultScope = {224DDEF1-0965-48EF-83DC-CBD75253C953}
IE - HKCU\..\SearchScopes\{224DDEF1-0965-48EF-83DC-CBD75253C953}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\sharpsr\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2013/08/29 14:30:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/14 12:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/14 12:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ [2012/12/04 08:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/07 21:00:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/08/07 21:00:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/07 21:00:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/08/07 21:00:19 | 000,000,000 | ---D | M]

[2012/07/26 16:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Extensions
[2013/08/14 11:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/08/29 14:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2013/08/29 14:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions
[2013/08/29 14:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/12/03 21:39:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2012/11/25 21:45:10 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2012/07/31 06:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\sharpsr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/09/23 13:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/08/29 14:15:48 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC0204D3-8D84-4A40-8514-B1DB073973C3}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E616433D-9D9C-4826-BE5C-24FA45F092AB}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\jpip - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sidlet - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\jpip {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll (LizardTech)
O18 - Protocol\Handler\sidlet {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll (LizardTech)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\sharpsr\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\sharpsr\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/31 21:41:11 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/13 06:12:23 | 000,000,067 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - M:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - M:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{39282bba-0fce-11e0-9f38-0024211816c6}\Shell - "" = AutoRun
O33 - MountPoints2\{39282bba-0fce-11e0-9f38-0024211816c6}\Shell\AutoRun\command - "" = L:\StormF1.exe
O33 - MountPoints2\{6ee22b39-81a5-11e1-b314-0024211816c6}\Shell - "" = AutoRun
O33 - MountPoints2\{6ee22b39-81a5-11e1-b314-0024211816c6}\Shell\AutoRun\command - "" = G:\StormF1.exe
O33 - MountPoints2\{9412eefe-3331-11e1-a7cb-0024211816c6}\Shell - "" = AutoRun
O33 - MountPoints2\{9412eefe-3331-11e1-a7cb-0024211816c6}\Shell\AutoRun\command - "" = G:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{ee4b72c3-0b69-11e0-9d21-0024211816c6}\Shell - "" = AutoRun
O33 - MountPoints2\{ee4b72c3-0b69-11e0-9d21-0024211816c6}\Shell\AutoRun\command - "" = L:\StormF1.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sh4native Sh4Removal)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/29 14:03:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/29 05:32:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sharpsr\Desktop\OTL.exe
[2013/08/28 21:25:03 | 000,000,000 | ---D | C] -- C:\FRST
[2013/08/28 21:23:40 | 001,579,080 | ---- | C] (Farbar) -- C:\Users\sharpsr\Desktop\FRST64.exe
[2013/08/27 06:39:51 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\ParetoLogic
[2013/08/27 06:39:43 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2013/08/27 06:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2013/08/27 06:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/08/27 06:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2013/08/25 05:01:56 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SevenZip 9.20
[2013/08/25 05:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SevenZip
[2013/08/23 08:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2013/08/23 08:47:17 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\QuickScan
[2013/08/23 08:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/08/23 08:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/08/22 22:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013/08/22 19:58:12 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\Malwarebytes
[2013/08/22 19:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/21 17:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VHS2DVD Wizard
[2013/08/21 17:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VHS2DVD Wizard
[2013/08/19 09:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Idea Spectrum
[2013/08/19 09:43:39 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\Documents\Realtime Landscaping Pro 5
[2013/08/19 09:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtime Landscaping Pro 5
[2013/08/19 09:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtime Landscaping Pro 5
[2013/08/19 07:38:37 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\Documents\Realtime Landscaping Photo 5
[2013/08/19 07:38:24 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\Documents\Realtime Landscaping Architect 2
[2013/08/19 07:34:36 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\Documents\Realtime Landscaping Architect 2013 Trial
[2013/08/16 05:35:17 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\dll-files.com
[2013/08/16 05:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2013/08/16 05:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
[2013/08/16 05:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dll-Files.com Fixer
[2013/08/14 14:49:49 | 000,000,000 | R--D | C] -- C:\Users\sharpsr\Documents\HP Photo Creations
[2013/08/14 14:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/08/14 14:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2013/08/14 11:30:04 | 005,337,328 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2013/08/14 11:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners
[2013/08/14 11:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleaners
[2013/08/14 11:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/08/14 11:17:55 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Cleaners
[2013/08/14 11:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2013/08/07 21:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/08/06 19:06:20 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\Online Video Accelerator
[2013/08/06 18:51:56 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
[2013/08/06 18:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer
[2013/08/06 12:04:08 | 000,000,000 | ---D | C] -- C:\Riesselman
[2013/08/05 20:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2013/08/05 20:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\VSO
[2013/08/05 19:59:23 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\sharpsr\AppData\Roaming\pcouffin.sys
[2013/08/05 19:59:22 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\Documents\PcSetup
[2013/08/04 06:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/08/04 06:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/08/01 05:00:55 | 000,000,000 | ---D | C] -- C:\Users\sharpsr\AppData\Local\Morpheus Software

========== Files - Modified Within 30 Days ==========

[2013/08/29 14:38:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/08/29 14:28:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/29 14:28:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/29 14:28:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/29 14:17:56 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/29 14:15:48 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/29 06:21:51 | 000,000,219 | ---- | M] () -- C:\Users\sharpsr\Desktop\IE opens about every hour - Geeks to Go Forums.url
[2013/08/29 05:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sharpsr\Desktop\OTL.exe
[2013/08/29 05:30:50 | 000,000,221 | ---- | M] () -- C:\Users\sharpsr\Desktop\How to fix Google Redirects - Geeks to Go Forums.url
[2013/08/28 22:22:39 | 000,000,251 | ---- | M] () -- C:\Users\sharpsr\Desktop\Internet Explorer 9 opens about every hour - Windows Vista.url
[2013/08/28 21:45:45 | 000,000,253 | ---- | M] () -- C:\Users\sharpsr\Desktop\Internet Explorer 9 opens about every hour - Norton Community.url
[2013/08/28 21:23:43 | 001,579,080 | ---- | M] (Farbar) -- C:\Users\sharpsr\Desktop\FRST64.exe
[2013/08/28 18:37:12 | 000,002,328 | ---- | M] () -- C:\{5ABA8EFA-86A5-4F21-96AF-AC520D084676}
[2013/08/28 18:00:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/08/28 17:22:05 | 029,762,342 | ---- | M] () -- C:\Users\sharpsr\Documents\Resolved Security Risks.mcf
[2013/08/28 11:30:00 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\pc-dis-upd.job
[2013/08/27 17:01:13 | 000,098,816 | ---- | M] () -- C:\Users\sharpsr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/27 07:07:08 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/08/27 06:39:43 | 000,000,993 | ---- | M] () -- C:\Users\sharpsr\Desktop\RegCure Pro.lnk
[2013/08/25 07:50:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/24 13:30:34 | 000,000,132 | ---- | M] () -- C:\Users\sharpsr\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/08/24 05:35:13 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013/08/23 09:35:36 | 000,207,552 | ---- | M] () -- C:\ProgramData\1377268330.bdinstall.bin
[2013/08/23 08:57:16 | 001,982,096 | ---- | M] () -- C:\ProgramData\1377265600.bdinstall.bin
[2013/08/23 08:51:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/08/23 08:43:42 | 000,001,174 | ---- | M] () -- C:\0
[2013/08/21 17:12:43 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\VHS2DVD Wizard.lnk
[2013/08/21 05:37:46 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/08/20 07:09:54 | 000,010,918 | -H-- | M] () -- C:\Users\sharpsr\Documents\mvstcdxx.lst
[2013/08/19 10:57:10 | 000,000,741 | ---- | M] () -- C:\Users\sharpsr\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/08/19 09:57:41 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Realtime Landscaping Pro 5.lnk
[2013/08/19 09:57:39 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Realtime Picture Editor.lnk
[2013/08/19 09:57:37 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Realtime Landscaping Photo 5.lnk
[2013/08/16 05:35:08 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\Dll-Files Fixer.lnk
[2013/08/15 13:24:06 | 000,000,132 | ---- | M] () -- C:\Users\sharpsr\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2013/08/14 14:49:36 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/08/14 11:30:04 | 000,000,773 | ---- | M] () -- C:\Users\sharpsr\Desktop\PC Cleaner Pro.lnk
[2013/08/14 11:27:11 | 005,337,328 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2013/08/13 21:00:17 | 000,788,778 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/13 21:00:17 | 000,652,330 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/13 21:00:17 | 000,123,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/08 14:56:02 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsharpsr.job
[2013/08/06 19:07:13 | 000,000,009 | ---- | M] () -- C:\END
[2013/08/06 18:51:56 | 000,000,846 | ---- | M] () -- C:\Users\sharpsr\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2013/08/05 20:01:58 | 000,099,384 | ---- | M] () -- C:\Users\sharpsr\AppData\Roaming\inst.exe
[2013/08/05 20:01:58 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\sharpsr\AppData\Roaming\pcouffin.sys
[2013/08/05 20:01:58 | 000,007,859 | ---- | M] () -- C:\Users\sharpsr\AppData\Roaming\pcouffin.cat
[2013/08/05 20:01:58 | 000,001,167 | ---- | M] () -- C:\Users\sharpsr\AppData\Roaming\pcouffin.inf
[2013/08/05 20:01:53 | 000,001,017 | ---- | M] () -- C:\Users\sharpsr\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk
[2013/08/05 07:19:14 | 000,001,189 | ---- | M] () -- C:\Users\sharpsr\AppData\Roaming\vso_ts_preview.xml
[2013/08/03 14:58:48 | 000,139,081 | ---- | M] () -- C:\spyhunter.fix

========== Files Created - No Company Name ==========

[2013/08/29 06:21:51 | 000,000,219 | ---- | C] () -- C:\Users\sharpsr\Desktop\IE opens about every hour - Geeks to Go Forums.url
[2013/08/29 05:30:50 | 000,000,221 | ---- | C] () -- C:\Users\sharpsr\Desktop\How to fix Google Redirects - Geeks to Go Forums.url
[2013/08/28 22:22:39 | 000,000,251 | ---- | C] () -- C:\Users\sharpsr\Desktop\Internet Explorer 9 opens about every hour - Windows Vista.url
[2013/08/28 21:45:45 | 000,000,253 | ---- | C] () -- C:\Users\sharpsr\Desktop\Internet Explorer 9 opens about every hour - Norton Community.url
[2013/08/28 18:37:12 | 000,002,328 | ---- | C] () -- C:\{5ABA8EFA-86A5-4F21-96AF-AC520D084676}
[2013/08/28 17:21:43 | 029,762,342 | ---- | C] () -- C:\Users\sharpsr\Documents\Resolved Security Risks.mcf
[2013/08/27 06:41:18 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2013/08/27 06:39:43 | 000,000,993 | ---- | C] () -- C:\Users\sharpsr\Desktop\RegCure Pro.lnk
[2013/08/27 06:39:40 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2013/08/25 05:19:08 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/08/24 13:30:34 | 000,000,132 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/08/23 09:35:36 | 000,207,552 | ---- | C] () -- C:\ProgramData\1377268330.bdinstall.bin
[2013/08/23 08:57:15 | 001,982,096 | ---- | C] () -- C:\ProgramData\1377265600.bdinstall.bin
[2013/08/23 08:51:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/08/21 17:12:43 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\VHS2DVD Wizard.lnk
[2013/08/20 07:09:54 | 000,010,918 | -H-- | C] () -- C:\Users\sharpsr\Documents\mvstcdxx.lst
[2013/08/19 10:57:10 | 000,000,741 | ---- | C] () -- C:\Users\sharpsr\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/08/19 09:57:40 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Realtime Landscaping Pro 5.lnk
[2013/08/19 09:57:38 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Realtime Picture Editor.lnk
[2013/08/19 09:57:37 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\Realtime Landscaping Photo 5.lnk
[2013/08/16 05:35:23 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013/08/16 05:35:21 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/08/16 05:35:08 | 000,000,895 | ---- | C] () -- C:\Users\Public\Desktop\Dll-Files Fixer.lnk
[2013/08/14 14:47:22 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/08/14 14:47:20 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/08/14 11:30:03 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\pc-dis-upd.job
[2013/08/14 11:17:55 | 000,000,773 | ---- | C] () -- C:\Users\sharpsr\Desktop\PC Cleaner Pro.lnk
[2013/08/06 19:06:20 | 000,000,009 | ---- | C] () -- C:\END
[2013/08/06 18:51:55 | 000,000,846 | ---- | C] () -- C:\Users\sharpsr\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2013/08/05 20:01:52 | 000,001,017 | ---- | C] () -- C:\Users\sharpsr\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk
[2013/08/05 19:59:23 | 000,099,384 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\inst.exe
[2013/08/05 19:59:23 | 000,007,859 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\pcouffin.cat
[2013/08/05 19:59:23 | 000,001,167 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\pcouffin.inf
[2013/07/30 13:09:08 | 000,000,132 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/05/14 20:09:42 | 000,011,522 | -H-- | C] () -- C:\Users\sharpsr\mvstcdxx.lst
[2013/04/08 17:01:12 | 000,000,167 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\PLGComp.ini
[2012/12/22 11:22:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Displays
[2012/12/22 11:22:27 | 000,000,268 | RH-- | C] () -- C:\Users\sharpsr\AppData\Roaming\Digital Basic
[2012/12/22 11:22:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/12/22 11:22:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Examples
[2012/12/22 11:22:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\DirectoryService
[2012/12/22 11:22:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Digital Mono
[2012/12/22 11:22:26 | 000,000,268 | RH-- | C] () -- C:\Users\sharpsr\AppData\Roaming\Dictionaries
[2012/12/22 11:22:26 | 000,000,268 | RH-- | C] () -- C:\Users\sharpsr\AppData\Roaming\Dialogs
[2012/12/22 11:22:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/12/22 11:22:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/12/22 11:22:26 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Equalizer
[2012/12/22 11:22:26 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Enhance Timing
[2012/08/29 14:34:53 | 000,000,061 | ---- | C] () -- C:\Users\sharpsr\.gtk-bookmarks
[2012/07/31 13:04:31 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2012/05/28 11:22:33 | 000,000,732 | ---- | C] () -- C:\Users\sharpsr\AppData\Local\d3d9caps64.dat
[2012/05/16 16:40:38 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/04/25 17:35:47 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\320c9ee3
[2012/04/25 17:35:47 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\31b540b1
[2012/04/25 17:34:54 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\1605d956
[2012/04/25 17:34:54 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\15d3a8b0
[2012/04/25 17:34:49 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\41bbf5b3
[2012/04/25 17:34:49 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\4162db25
[2012/04/25 17:33:34 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\11805fed
[2012/04/25 17:33:34 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\1128d69f
[2012/04/25 17:33:26 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\de34f115
[2012/04/25 17:33:26 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\ddde77b1
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\80e07dd1
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\80b39f62
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\805a8e85
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\802daf99
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7ffc37f1
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7f52869d
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7f240c0e
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7dffa936
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7dd29a7e
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\78045046
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\77c291b1
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\779ad6d7
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7774b540
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7748904d
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7715a3d9
[2012/04/25 17:32:17 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5d487d29
[2012/04/25 17:32:17 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5cef0ae2
[2012/04/25 17:32:14 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\c077e309
[2012/04/25 17:32:14 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\c01c6404
[2012/04/25 17:30:32 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\31f45873
[2012/04/25 17:30:32 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\319b7987
[2012/04/25 17:30:24 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\985c8656
[2012/04/25 17:30:24 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\97f8ac80
[2012/04/25 17:28:35 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\b5b1082e
[2012/04/25 17:28:35 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\b556dc6e
[2012/04/25 17:28:31 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\67845a4d
[2012/04/25 17:28:31 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\672bc531
[2012/04/25 17:24:34 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\1e46ed04
[2012/04/25 17:24:34 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\1df14ccb
[2012/04/25 17:24:19 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\c0d7e83a
[2012/04/25 17:24:19 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\c07e1970
[2012/04/25 17:21:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\9f1995ed
[2012/04/25 17:21:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\9ec05db6
[2012/04/25 17:21:06 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\ddf9fb1f
[2012/04/25 17:21:06 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\dda1b211
[2012/04/25 17:14:42 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7b4ebb99
[2012/04/25 17:14:42 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7af468df
[2012/04/25 17:14:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\55a609cf
[2012/04/25 17:14:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5552184c
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\917a9578
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\9126638a
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\90c1230b
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\9099dd58
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\906b7c7f
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8fbd977e
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8f8dc78e
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8dcbf0e9
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8d9ceaad
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\89e343a5
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\89bc4157
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\89934bb9
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\896a8a4a
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\893dc8bc
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8909f629
[2012/04/25 17:13:53 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\b7b50ef0
[2012/04/25 17:13:53 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\b75769aa
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5e563df8
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5e27b599
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5db6075f
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5d8eddd7
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5d5dd6fe
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5c71e6b6
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5c424a96
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5ad33fce
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5aa308ec
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\568edff2
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\566a4d00
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\563a372f
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\561398a8
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\55e6f420
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\55b34881
[2012/03/23 13:08:06 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/12 14:30:23 | 000,000,132 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2012/02/27 18:59:25 | 000,028,547 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\aq
[2012/02/25 13:22:08 | 000,632,284 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/02/23 16:23:14 | 000,020,000 | -H-- | C] () -- C:\ProgramData\T09F8
[2011/11/19 06:18:26 | 000,000,774 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/14 14:38:54 | 000,742,220 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/11/14 14:38:54 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/10 07:41:56 | 000,000,082 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\wklnhst.dat
[2011/09/03 14:43:00 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2011/06/14 10:06:56 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/06/03 06:58:00 | 000,001,356 | ---- | C] () -- C:\Users\sharpsr\AppData\Local\d3d9caps.dat
[2011/05/02 20:47:42 | 000,125,037 | ---- | C] () -- C:\Users\sharpsr\video.php
[2011/04/20 10:38:17 | 000,072,080 | ---- | C] () -- C:\Users\sharpsr\g2mdlhlpx.exe
[2011/01/26 07:15:05 | 000,005,099 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj
[2011/01/22 12:07:11 | 004,510,572 | ---- | C] () -- C:\Users\sharpsr\Branson Trip October 2010 (97) 12x8.jpg
[2011/01/10 13:39:13 | 000,000,000 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\chrtmp
[2011/01/07 20:46:53 | 000,000,990 | -HS- | C] () -- C:\Users\sharpsr\AppData\Roaming\systemfl.$dk
[2010/12/26 08:15:44 | 000,001,189 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\vso_ts_preview.xml
[2010/12/13 20:41:24 | 000,098,816 | ---- | C] () -- C:\Users\sharpsr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/13 20:21:40 | 000,000,132 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\Adobe GIF Format CS5 Prefs

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/27 19:01:39 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Anthropics
[2011/04/20 06:21:05 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Athentech
[2013/08/18 19:52:15 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Audacity
[2012/04/25 17:12:26 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Boilsoft
[2012/03/14 21:27:59 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\calibre
[2011/10/16 21:32:14 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/01 20:06:17 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\DeLorme
[2011/09/08 15:46:14 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Digiarty
[2012/08/04 09:24:23 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Digital Detective
[2012/07/31 13:09:51 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\DiscWorks
[2013/08/16 05:35:17 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\dll-files.com
[2013/08/14 11:45:46 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\DMCache
[2013/06/16 23:05:46 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\DriverCure
[2012/02/24 10:45:42 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Dropbox
[2013/07/09 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\DVDVideoSoft
[2010/12/25 22:33:59 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\FDRLab
[2011/12/14 20:11:01 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\FixCleaner
[2013/06/16 23:05:46 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Foresight Software
[2013/08/19 07:35:27 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\GetRightToGo
[2012/08/29 14:36:35 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\gtk-2.0
[2013/08/27 06:51:38 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\IDM
[2011/08/30 11:30:08 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Image Zone Express
[2012/12/03 21:31:38 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\IObit
[2011/02/01 21:48:45 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\IrfanView
[2012/02/23 16:24:28 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Lasersoft Imaging
[2012/12/04 08:32:27 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\MP3 Joiner
[2013/08/14 11:44:22 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\MusicNet
[2011/10/24 15:59:09 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\NCH Swift Sound
[2012/09/29 14:52:01 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\NeatImage SL
[2013/06/23 05:23:36 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Netscape
[2012/12/22 11:39:08 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Nikon
[2011/06/27 19:53:47 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Nuance
[2013/08/06 19:06:20 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Online Video Accelerator
[2011/08/15 14:42:18 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\onOne Software
[2013/08/27 06:39:51 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\ParetoLogic
[2011/04/15 18:07:20 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Photodex
[2013/08/14 11:45:46 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\PhotoMontageGuide
[2010/12/24 23:30:10 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Printer Info Cache
[2011/11/02 21:06:18 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Product_RM
[2010/12/27 08:28:29 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Publish Providers
[2013/08/23 08:47:17 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\QuickScan
[2012/12/04 08:30:35 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\RegClean
[2013/06/19 06:51:07 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Registry Mechanic
[2011/06/27 19:59:45 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\ScanSoft
[2013/08/22 20:18:42 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\SearchProtect
[2011/11/28 08:14:04 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Snapfish
[2013/08/14 11:44:22 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Sony
[2010/12/13 20:24:00 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/10/10 07:42:38 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Template
[2012/10/18 17:23:26 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Thinstall
[2012/07/26 16:11:56 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Thunderbird
[2012/03/09 23:11:34 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Tiffen
[2013/08/28 16:00:15 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\uTorrent
[2011/12/13 22:14:01 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Visan
[2013/08/27 08:50:26 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Vso
[2011/05/25 10:47:37 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\WinBatch
[2012/07/26 06:02:03 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Windows Live Writer
[2011/06/27 19:59:48 | 000,000,000 | ---D | M] -- C:\Users\sharpsr\AppData\Roaming\Zeon

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9B013599
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:60466E88

< End of report >

#4
Essexboy

Posted 29 August 2013 - 02:23 PM

GeekU Moderator

Retired Staff
69,964 posts

How is the computer behaving now ?

#5
sharpsr

Posted 29 August 2013 - 03:45 PM

New Member

Topic Starter
Member
8 posts

Seems to be working fine now. Thank You Very Much

#6
Essexboy

Posted 30 August 2013 - 05:20 AM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

[2012/04/25 17:35:47 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\320c9ee3
[2012/04/25 17:35:47 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\31b540b1
[2012/04/25 17:34:54 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\1605d956
[2012/04/25 17:34:54 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\15d3a8b0
[2012/04/25 17:34:49 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\41bbf5b3
[2012/04/25 17:34:49 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\4162db25
[2012/04/25 17:33:34 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\11805fed
[2012/04/25 17:33:34 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\1128d69f
[2012/04/25 17:33:26 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\de34f115
[2012/04/25 17:33:26 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\ddde77b1
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\80e07dd1
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\80b39f62
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\805a8e85
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\802daf99
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7ffc37f1
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7f52869d
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7f240c0e
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7dffa936
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7dd29a7e
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\78045046
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\77c291b1
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\779ad6d7
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7774b540
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7748904d
[2012/04/25 17:33:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7715a3d9
[2012/04/25 17:32:17 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5d487d29
[2012/04/25 17:32:17 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5cef0ae2
[2012/04/25 17:32:14 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\c077e309
[2012/04/25 17:32:14 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\c01c6404
[2012/04/25 17:30:32 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\31f45873
[2012/04/25 17:30:32 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\319b7987
[2012/04/25 17:30:24 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\985c8656
[2012/04/25 17:30:24 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\97f8ac80
[2012/04/25 17:28:35 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\b5b1082e
[2012/04/25 17:28:35 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\b556dc6e
[2012/04/25 17:28:31 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\67845a4d
[2012/04/25 17:28:31 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\672bc531
[2012/04/25 17:24:34 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\1e46ed04
[2012/04/25 17:24:34 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\1df14ccb
[2012/04/25 17:24:19 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\c0d7e83a
[2012/04/25 17:24:19 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\c07e1970
[2012/04/25 17:21:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\9f1995ed
[2012/04/25 17:21:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\9ec05db6
[2012/04/25 17:21:06 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\ddf9fb1f
[2012/04/25 17:21:06 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\dda1b211
[2012/04/25 17:14:42 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7b4ebb99
[2012/04/25 17:14:42 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\7af468df
[2012/04/25 17:14:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\55a609cf
[2012/04/25 17:14:21 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5552184c
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\917a9578
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\9126638a
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\90c1230b
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\9099dd58
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\906b7c7f
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8fbd977e
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8f8dc78e
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8dcbf0e9
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8d9ceaad
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\89e343a5
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\89bc4157
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\89934bb9
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\896a8a4a
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\893dc8bc
[2012/04/25 17:14:04 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\8909f629
[2012/04/25 17:13:53 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\b7b50ef0
[2012/04/25 17:13:53 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\b75769aa
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5e563df8
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5e27b599
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5db6075f
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5d8eddd7
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5d5dd6fe
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5c71e6b6
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5c424a96
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5ad33fce
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\5aa308ec
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\568edff2
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\566a4d00
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\563a372f
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\561398a8
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\55e6f420
[2012/04/25 17:12:30 | 000,004,638 | ---- | C] () -- C:\Users\sharpsr\AppData\Roaming\55b34881

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Delete JRT from the desktop

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

#7
sharpsr

Posted 30 August 2013 - 01:08 PM

New Member

Topic Starter
Member
8 posts

I have done everything down to and including clear Restore Points. I have noticed I am getting the following about every hour:

RunDLL

Error Loading
C:\Users\sharpsr\AppData\Local\ApplicationHistory\oahfji

The specified module could not be found

Thanks

#8
Essexboy

Posted 30 August 2013 - 01:15 PM

GeekU Moderator

Retired Staff
69,964 posts

Run this quick programme and then let me know tomorrow if it has gone

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
 :Files 
C:\Windows\tasks\pc-dis-upd.job 
```
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

#9
sharpsr

Posted 30 August 2013 - 02:29 PM

New Member

Topic Starter
Member
8 posts

========== FILES ==========
File/Folder C:\Windows\tasks\pc-dis-upd.job not found.

OTM by OldTimer - Version 3.1.21.0 log created on 08302013_142941

#10
Essexboy

Posted 30 August 2013 - 02:44 PM

GeekU Moderator

Retired Staff
69,964 posts

OK we will need to look at your task list

Could you run autoruns from here http://technet.micro...ernals/bb963902

When the programme opens select the Scheduled Tasks tab

Then take a screenshot of that and post it here

#11
sharpsr

Posted 30 August 2013 - 03:29 PM

New Member

Topic Starter
Member
8 posts

I hit the print screen but it won't let me paste it in this reply.

#12
Essexboy

Posted 30 August 2013 - 03:36 PM

GeekU Moderator

Retired Staff
69,964 posts

After you have hit print screen open the paint programme and select file > paste
Then save as a JPG file to your desktop and attach

#13
sharpsr

Posted 30 August 2013 - 03:42 PM

New Member

Topic Starter
Member
8 posts

New twist for me. Thanks

#14
sharpsr

Posted 30 August 2013 - 03:46 PM

New Member

Topic Starter
Member
8 posts

Did I forget to hit attach this file?

#15
Essexboy

Posted 31 August 2013 - 04:26 AM

GeekU Moderator

Retired Staff
69,964 posts

OK found it .. This time download the autoruns programme to your desktop (you just delete it when done)
Run Autoruns in the elevated mode :
Right click Autoruns and select Run as Administrator
Select Scheduled tasks
Remove the tick from the following entry :

\rerdtpusyf

Reboot and then monitor for the next hour or so, it should now be gone