[RESOLVED] I might need help

I don't need it.
We posted at the same time so make sure you read my previous reply.

Computer seems to be runnning ok, not cutting off the internet and when I opened the browser it went to the proper home page. Other than not being logged in, Also when I went to VDR I was still logged in. On to the next phase. ADWCleaner

[wrong question]

# AdwCleaner v2.005 - Logfile created 01/31/2013 at 19:26:39
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : imadreamer2 - IMADREAMER2-PC
# Boot Mode : Normal
# Running from : C:\Users\imadreamer2\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://mail.google.com/mail/#inbox --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (en-US)

Profile name : default
File : C:\Users\imadreamer2\AppData\Roaming\Mozilla\Firefox\Profiles\92igwiov.default\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/?shva=1#inbox");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\imadreamer2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R4].txt - [1751 octets] - [16/01/2013 13:19:44]
AdwCleaner[S2].txt - [1747 octets] - [16/01/2013 13:20:28]
AdwCleaner[R5].txt - [1108 octets] - [26/01/2013 23:35:20]
AdwCleaner[S3].txt - [1208 octets] - [26/01/2013 23:35:44]
AdwCleaner[S4].txt - [1305 octets] - [31/01/2013 19:26:39]

########## EOF - C:\AdwCleaner[S4].txt - [1365 octets] ##########
ADW Cleaner must reset homepage to google cause on this reboot hompage went to google instead of gmail. LOL I knew it would.

the JRT was running and a warning block popped up saying Find String (QGREP) Utility has stopped working. Windows will close program and search for a solution. I can not find the JRT.txt on the desktop or anywhere in c drive. I think windows stoped it. Should I run it again?

Skip it.

Ok, you said skip it on the JRT so here is the OTL txt but once again I cannot find Extras.txt. I would expect it to be next to OTL but it aint nor can I find it on the taskbar and search c drive does not find either. OTL logfile created on: 1/31/2013 8:34:34 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\imadreamer2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 64.46% Memory free
5.50 Gb Paging File | 4.25 Gb Available in Paging File | 77.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 841.68 Gb Free Space | 92.30% Space Free | Partition Type: NTFS

Computer Name: IMADREAMER2-PC | User Name: imadreamer2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/31 19:48:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\imadreamer2\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/16 07:54:22 | 001,041,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
PRC - [2012/09/25 00:06:14 | 000,122,696 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
PRC - [2011/03/21 15:05:32 | 002,113,536 | ---- | M] (NCP) -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe
PRC - [2011/01/31 14:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2011/01/26 18:48:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/01/18 19:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/10/16 19:41:00 | 003,775,488 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
MOD - [2012/10/16 07:54:22 | 001,041,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
MOD - [2012/10/11 18:57:28 | 008,295,424 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
MOD - [2012/10/11 18:57:28 | 001,553,408 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
MOD - [2012/10/11 18:57:28 | 001,188,352 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
MOD - [2012/10/11 18:57:28 | 001,132,032 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
MOD - [2012/10/11 18:57:28 | 001,062,400 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
MOD - [2012/10/11 18:57:28 | 000,920,064 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
MOD - [2012/10/11 18:57:28 | 000,702,464 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
MOD - [2012/10/11 18:57:28 | 000,641,536 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
MOD - [2012/10/11 18:57:28 | 000,504,832 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
MOD - [2012/10/11 18:57:28 | 000,500,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
MOD - [2012/10/11 18:57:28 | 000,478,720 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
MOD - [2012/10/11 18:57:28 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
MOD - [2012/10/11 18:57:28 | 000,229,888 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
MOD - [2012/10/11 18:57:28 | 000,186,368 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
MOD - [2012/10/11 18:57:28 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
MOD - [2012/10/11 18:57:28 | 000,138,752 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
MOD - [2012/10/11 18:57:28 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
MOD - [2012/10/11 18:57:28 | 000,116,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
MOD - [2012/10/11 18:57:28 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
MOD - [2012/10/11 18:57:28 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
MOD - [2012/10/11 18:57:28 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
MOD - [2012/10/11 18:57:28 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
MOD - [2012/09/25 00:06:14 | 001,233,389 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
MOD - [2012/09/25 00:06:14 | 000,122,696 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
MOD - [2012/05/11 00:24:16 | 009,814,016 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
MOD - [2012/05/11 00:24:16 | 002,537,472 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
MOD - [2012/05/11 00:24:16 | 001,140,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
MOD - [2012/05/11 00:24:16 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
MOD - [2012/05/11 00:24:16 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
MOD - [2012/05/11 00:24:16 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
MOD - [2012/05/11 00:24:16 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
MOD - [2012/05/09 20:34:06 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
MOD - [2012/05/09 20:34:06 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
MOD - [2011/01/18 19:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/01/18 19:08:04 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
MOD - [2004/07/19 12:06:58 | 000,520,192 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\c4dll.dll
MOD - [2003/05/28 07:55:30 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\ssleay32.dll
MOD - [2003/05/28 07:55:28 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\libeay32.dll
MOD - [2002/09/12 08:29:46 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\zlib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/16 05:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/31 14:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/10 17:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/08/10 17:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2013/01/18 16:02:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 22:05:39 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/25 00:06:14 | 000,231,752 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2011/01/26 18:48:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/16 05:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/16 20:42:47 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/13 09:05:16 | 000,075,016 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2012/04/13 09:05:02 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/06/21 20:51:14 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/07/30 03:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/#inbox/13c935de5adc2b2f
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 16:02:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/21 22:21:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\imadreamer2\AppData\Roaming\Mozilla\Extensions
[2013/01/29 22:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\imadreamer2\AppData\Roaming\Mozilla\Firefox\Profiles\92igwiov.default\extensions
[2013/01/29 22:58:23 | 000,000,000 | ---D | M] (WOT) -- C:\Users\imadreamer2\AppData\Roaming\Mozilla\Firefox\Profiles\92igwiov.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/11/24 00:24:18 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\imadreamer2\AppData\Roaming\Mozilla\Firefox\Profiles\92igwiov.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/18 16:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/18 16:02:51 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/30 22:15:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 11:36:45 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Docs = C:\Users\imadreamer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\imadreamer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\imadreamer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\imadreamer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\imadreamer2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [MegaPanel] C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe (NCP)
O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/def...x.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/F...ansferCtrl.cab (DLC Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/isan/def...ploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/31 19:48:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\imadreamer2\Desktop\OTL.exe
[2013/01/31 19:39:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/31 19:38:56 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/31 19:25:33 | 000,538,188 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\imadreamer2\Desktop\JRT.exe
[2013/01/31 18:48:53 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/01/31 18:43:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/31 17:43:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/30 23:33:20 | 000,000,000 | ---D | C] -- C:\Users\imadreamer2\Desktop\RK_Quarantine
[2013/01/29 22:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/29 22:54:42 | 000,000,000 | ---D | C] -- C:\Users\imadreamer2\AppData\Local\Google
[2013/01/29 22:54:40 | 000,000,000 | ---D | C] -- C:\Users\imadreamer2\AppData\Roaming\SUPERAntiSpyware.com
[2013/01/29 22:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/29 10:48:11 | 000,000,000 | ---D | C] -- C:\Users\imadreamer2\Desktop\rootkit
[2013/01/28 22:52:32 | 000,000,000 | R--D | C] -- C:\Sandbox
[2013/01/28 22:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2013/01/28 22:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2013/01/18 16:02:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/01/31 20:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/31 20:04:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/31 19:48:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\imadreamer2\Desktop\OTL.exe
[2013/01/31 19:35:10 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 19:35:10 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 19:32:49 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/31 19:32:49 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/31 19:32:49 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/31 19:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/31 19:27:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/31 19:27:48 | 2214,092,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/31 19:25:33 | 000,538,188 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\imadreamer2\Desktop\JRT.exe
[2013/01/30 23:32:39 | 000,768,512 | ---- | M] () -- C:\Users\imadreamer2\Desktop\RogueKiller.exe
[2013/01/30 13:17:45 | 003,932,214 | ---- | M] () -- C:\Users\imadreamer2\Desktop\quilting station.bmp
[2013/01/30 12:29:59 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\imadreamer2\Desktop\dds.com
[2013/01/30 12:26:36 | 000,000,512 | ---- | M] () -- C:\Users\imadreamer2\Desktop\MBR.dat
[2013/01/29 23:07:37 | 000,002,128 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/01/29 23:06:53 | 000,002,248 | ---- | M] () -- C:\Users\imadreamer2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/29 22:55:37 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/28 22:47:20 | 000,000,905 | ---- | M] () -- C:\Users\imadreamer2\Desktop\Sandboxed Web Browser.lnk
[2013/01/28 22:47:20 | 000,000,905 | ---- | M] () -- C:\Users\imadreamer2\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2013/01/28 16:48:22 | 003,932,214 | ---- | M] () -- C:\Users\imadreamer2\Desktop\homesteadwhithered crops.bmp
[2013/01/17 12:05:30 | 003,932,214 | ---- | M] () -- C:\Users\imadreamer2\Desktop\puttingupwalls.bmp
[2013/01/10 12:25:03 | 000,284,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/08 18:43:45 | 000,001,408 | ---- | M] () -- C:\Users\imadreamer2\Desktop\bills2013 - Shortcut.lnk
[2013/01/08 18:20:50 | 000,001,489 | ---- | M] () -- C:\Users\imadreamer2\Desktop\checkregister 2013 - Shortcut.lnk
[2013/01/02 12:55:00 | 000,274,158 | ---- | M] () -- C:\Users\imadreamer2\Desktop\bricksgift.bmp

========== Files Created - No Company Name ==========

[2013/01/30 23:32:25 | 000,768,512 | ---- | C] () -- C:\Users\imadreamer2\Desktop\RogueKiller.exe
[2013/01/30 13:17:45 | 003,932,214 | ---- | C] () -- C:\Users\imadreamer2\Desktop\quilting station.bmp
[2013/01/30 12:26:36 | 000,000,512 | ---- | C] () -- C:\Users\imadreamer2\Desktop\MBR.dat
[2013/01/29 22:55:37 | 000,002,248 | ---- | C] () -- C:\Users\imadreamer2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/29 22:55:37 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/29 22:54:47 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/29 22:54:46 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/28 22:47:49 | 000,000,905 | ---- | C] () -- C:\Users\imadreamer2\Desktop\Sandboxed Web Browser.lnk
[2013/01/28 22:47:49 | 000,000,905 | ---- | C] () -- C:\Users\imadreamer2\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2013/01/28 22:47:47 | 000,002,128 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/01/28 16:48:21 | 003,932,214 | ---- | C] () -- C:\Users\imadreamer2\Desktop\homesteadwhithered crops.bmp
[2013/01/17 12:05:30 | 003,932,214 | ---- | C] () -- C:\Users\imadreamer2\Desktop\puttingupwalls.bmp
[2013/01/08 18:43:45 | 000,001,408 | ---- | C] () -- C:\Users\imadreamer2\Desktop\bills2013 - Shortcut.lnk
[2013/01/08 18:20:50 | 000,001,489 | ---- | C] () -- C:\Users\imadreamer2\Desktop\checkregister 2013 - Shortcut.lnk
[2013/01/02 12:54:59 | 000,274,158 | ---- | C] () -- C:\Users\imadreamer2\Desktop\bricksgift.bmp
[2012/06/16 17:19:27 | 000,007,600 | ---- | C] () -- C:\Users\imadreamer2\AppData\Local\Resmon.ResmonCfg
[2011/12/13 20:48:21 | 000,000,277 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2011/12/13 20:44:04 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/12/02 22:11:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/02 19:17:18 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/30 17:34:12 | 000,000,000 | ---D | M] -- C:\Users\imadreamer2\AppData\Roaming\Foxit Software
[2011/12/02 18:30:02 | 000,000,000 | ---D | M] -- C:\Users\imadreamer2\AppData\Roaming\OEM
[2012/05/22 15:58:32 | 000,000,000 | ---D | M] -- C:\Users\imadreamer2\AppData\Roaming\QuickScan
[2012/10/22 11:51:11 | 000,000,000 | ---D | M] -- C:\Users\imadreamer2\AppData\Roaming\SanDisk

========== Purity Check ==========



< End of report >
Where oh where is it.

dupe...

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.


==============================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  
  
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

Don't know how I got the double post but I think it must have been when I did not hit post and went to try and find the Extras.txt. But it did not look like it took. Sorry.

I took care of it.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: imadreamer2
->Temp folder emptied: 13712739 bytes
->Temporary Internet Files folder emptied: 436987796 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 67617523 bytes
->Google Chrome cache emptied: 7858414 bytes
->Flash cache emptied: 5158082 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8320 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 210106344 bytes

Total Files Cleaned = 707.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: imadreamer2
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: imadreamer2
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01312013_212144

Files\Folders moved on Reboot...
C:\Users\imadreamer2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Adobe Flash Player 11.5.502.146
Mozilla Firefox (18.0.1)
Google Chrome 24.0.1312.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

This download was the hardest to understand what to do and which to click.
Farbar Service Scanner Version: 30-01-2013
Ran by imadreamer2 (administrator) on 31-01-2013 at 21:38:33
Running from "C:\Users\imadreamer2\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

ESET no threats