PDA

View Full Version : Amonetize.InstallPath


jfaulkner5
2013-12-29, 21:28
Can anyone tell me what this is and how to remove it. Thanks ibn advance
ken545
2013-12-29, 22:25
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR

Download DDS from one of the links below to your desktop

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)


Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)


Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)








Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
jfaulkner5
2013-12-29, 23:09
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Vern at 16:55:35 on 2013-12-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8062.2584 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Conexant\SA3\SmartAudio3.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Vern\AppData\Local\Akamai\netsession_win.exe
C:\Users\Vern\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Vern\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Users\Vern\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 9.0\ReminderApp.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Users\Vern\AppData\Local\NDS\PCShow\NDSPCShowServer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\SysWow64\IntelCpHeciSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = localhost:21320
mWinlogon: Userinit = userinit.exe,
BHO: Cox Toolbar: {23C17F9A-C4AF-4701-9657-D384E3EE8958} - C:\Program Files (x86)\coxtoolbartb\CoxToolbarDx.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Cox Toolbar: {23C17F9A-C4AF-4701-9657-D384E3EE8958} - C:\Program Files (x86)\coxtoolbartb\CoxToolbarDx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Akamai NetSession Interface] "C:\Users\Vern\AppData\Local\Akamai\netsession_win.exe"
uRun: [8E134342D67168CDB6EDF95A3F758C3F2CEF6F34._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Lync] "C:\Program Files\Microsoft Office 15\root\office15\lync.exe" /fromrunkey
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [PCShowServer] C:\Users\Vern\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe
uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Google Update] "C:\Users\Vern\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
uRun: [Amazon Cloud Player] "C:\Users\Vern\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 9.0\ReminderApp.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
StartupFolder: C:\Users\Vern\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{073BF507-962F-4901-B6B8-EC2EECDCA61A} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{90B26BA0-59D5-4DED-963A-15A6695C9CEE} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{DE6B77B2-01E7-41B9-82E3-82F1E5A55FE8} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0 /dne /s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Samsung Link] "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vern\AppData\Roaming\Mozilla\Firefox\Profiles\xorm35n8.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll
FF - plugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPluginUACElevator.dll
FF - plugin: C:\Users\Vern\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Vern\AppData\Local\NDS\PCShow\npPlayerPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-20 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe [2013-10-11 404360]
R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2012-7-29 109184]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-20 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-7-29 161560]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-1-29 1907896]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-11-27 479840]
R2 Samsung Link Service;Samsung Link Service;C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [2013-12-10 605768]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-5 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-10-5 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-10-5 171928]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-7-20 1695040]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-20 363800]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2013-11-2 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2013-11-2 270704]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-7-20 73728]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-21 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-20 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-20 788760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-21 565352]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2013-3-5 29184]
S3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;C:\Windows\System32\drivers\lgandnetdiag264.sys [2013-3-5 29184]
S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2013-3-5 36352]
S3 CXPLRCAP;Capture Device;C:\Windows\System32\drivers\CxPlrCap.sys [2010-1-6 235904]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-13 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-13 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-27 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-29 19:36:52 -------- d-----w- C:\Users\Vern\AppData\Roaming\com.bby.cinemanowplayer
2013-12-29 19:36:50 -------- d-----w- C:\Program Files (x86)\CinemaNow Player
2013-12-29 06:45:40 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13635F76-3996-4D01-B548-6C0BDCD99B8A}\offreg.dll
2013-12-29 06:45:05 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13635F76-3996-4D01-B548-6C0BDCD99B8A}\mpengine.dll
2013-12-29 02:29:13 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-27 19:36:19 -------- d-----w- C:\Users\Vern\AppData\Local\Amazon Cloud Player
2013-12-27 17:21:11 -------- d-----w- C:\Users\Vern\AppData\Local\{E8181E00-4169-4E02-A05E-607F45E17B3F}
2013-12-26 20:42:38 -------- d-----w- C:\Program Files\Western Digital
2013-12-26 18:49:20 -------- d-----w- C:\Users\Vern\AppData\Local\{6C1A0262-4B7E-4E13-82C4-FEE3BE4AFE79}
2013-12-17 20:47:31 -------- d-----w- C:\Program Files (x86)\MarkAny
2013-12-15 13:06:06 -------- d-----w- C:\Users\Vern\AppData\Local\{83C550FF-C7F4-485A-9661-EA644F8C7E14}
2013-12-11 08:02:57 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 08:02:57 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 08:02:56 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 08:02:56 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 06:26:36 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-10 17:31:05 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2013-12-10 17:30:26 -------- d-----w- C:\Users\Vern\Samsung Link
2013-12-10 17:28:19 -------- d-----w- C:\Upload
2013-12-10 17:28:00 -------- d-----w- C:\Users\Vern\.swt
2013-12-10 17:27:37 -------- d-----w- C:\Program Files\Samsung
2013-12-10 16:28:45 -------- d-----w- C:\Users\Vern\AppData\Local\Samsung
2013-12-10 16:28:43 -------- d-----w- C:\Users\Vern\AppData\Roaming\Samsung
2013-12-10 16:27:31 -------- d-----w- C:\Program Files (x86)\MyFree Codec
2013-12-10 16:26:31 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-12-10 16:26:27 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2013-12-10 16:25:24 -------- d-----w- C:\ProgramData\Samsung
2013-12-10 16:25:24 -------- d-----w- C:\Program Files (x86)\Samsung
2013-12-07 21:51:39 -------- d-----w- C:\Users\Vern\AppData\Local\{08A696EA-5390-457D-9D2D-55AC308BBFB9}
2013-12-06 07:02:53 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-12-06 07:02:53 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D435D12D-5CF8-407A-A9A7-A25A9D74D520}\gapaengine.dll
.
==================== Find3M ====================
.
2013-12-10 20:20:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 20:20:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 17:07:00 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2013-10-30 17:07:00 330240 ----a-w- C:\Windows\MASetupCaller.dll
2013-10-30 17:07:00 30568 ----a-w- C:\Windows\MusiccityDownload.exe
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-28 06:12:12 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-10-28 06:12:10 107288 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-10-25 22:14:23 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-17 09:22:40 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2013-10-17 09:22:40 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2013-10-17 07:54:34 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-10-17 07:54:34 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2013-10-02 01:10:56 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe
2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll
2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-10-01 15:09:18 30720 ----a-w- C:\Windows\System32\MediaDB64.dll
2013-10-01 15:09:02 908800 ----a-w- C:\Windows\System32\ContentDirectoryPresenter64.dll
2013-10-01 14:46:40 25600 ----a-w- C:\Windows\SysWow64\MediaDB.dll
2013-10-01 14:11:08 706560 ----a-w- C:\Windows\SysWow64\ContentDirectoryPresenter.dll
.
============= FINISH: 16:55:58.33 ===============
jfaulkner5
2013-12-29, 23:14
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-29 17:10:52
-----------------------------
17:10:52.396 OS Version: Windows x64 6.1.7601 Service Pack 1
17:10:52.396 Number of processors: 4 586 0x2A07
17:10:52.396 ComputerName: FAULKNER-PC UserName: Vern
17:10:53.925 Initialize success
17:11:05.371 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:11:05.371 Disk 0 Vendor: ST2000DM CC4G Size: 1907729MB BusType: 3
17:11:05.434 Disk 0 MBR read successfully
17:11:05.434 Disk 0 MBR scan
17:11:05.434 Disk 0 Windows VISTA default MBR code
17:11:05.449 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
17:11:05.449 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 81920
17:11:05.449 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1895146 MB offset 25767936
17:11:05.480 Disk 0 scanning C:\Windows\system32\drivers
17:11:10.566 Service scanning
17:11:23.327 Modules scanning
17:11:23.327 Disk 0 trace - called modules:
17:11:23.343 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
17:11:23.358 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80099fd060]
17:11:23.857 3 CLASSPNP.SYS[fffff88001c8043f] -> nt!IofCallDriver -> [0xfffffa8007168e40]
17:11:23.857 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800716b050]
17:11:23.857 Scan finished successfully
17:11:46.493 Disk 0 MBR has been saved successfully to "C:\Users\Vern\Desktop\MBR.dat"
17:11:46.493 The log file has been saved successfully to "C:\Users\Vern\Desktop\aswMBR.txt"
ken545
2013-12-29, 23:53
Hi,

Where going to do some general cleanup, looking at a bad proxy server

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.





Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
jfaulkner5
2013-12-30, 00:32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Vern on Sun 12/29/2013 at 18:22:26.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AEDB69D2-4CC1-43D8-B04C-B71036E35BD1}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Vern\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Vern\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Vern\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Vern\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{0255D4BA-D761-4978-96B4-C9BE592A0FCA}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{05D1F3C9-E617-4281-9AE4-2B13292DB2FB}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{06AA86AD-5C10-435D-9D8A-25EAA0BD5D23}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{08A696EA-5390-457D-9D2D-55AC308BBFB9}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{0B960B4D-7C27-484C-99A5-048C5EC0AE72}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{0BA6002F-9331-4BC9-B262-02C2FD972BFB}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{0E3B46F2-0A26-4F94-8EAE-288CF27F1178}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{0F4CF66C-D094-479D-B0AE-C0426663AA07}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{0FAEEC71-E08E-4A35-8A0E-4EB79BC2C708}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{12B0C5E2-4E0A-44EE-A38B-05A1944FF5D4}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{12F0ADFA-311C-48D8-9E85-8F03AE19A5BC}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{13AB711A-A5FB-4DA8-B686-8EF8AD0AEB0D}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{14EE52D6-E126-4937-8454-63B1EB7765E6}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{15C73B9C-97EF-4A70-874D-4247A574CA23}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{162A416E-DCD3-41EA-BBF9-ADB6AC780646}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{179B01D1-72E6-4F35-97DD-B93FF53A2A91}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{18E3448C-7B2A-429A-AA80-EDEB767E6E5A}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{1D712008-695B-4242-A595-A56C22204174}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{1E7F2C02-B77E-494B-9651-43170D163A1A}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{1EBF5B27-F548-4DF1-A29A-399822842C0E}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{211121E7-3346-4AFF-BB83-04E30EA33DF7}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{229EFE8E-13A6-45A7-AA3D-9E6CBE9EA1B7}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{23485AF1-6974-4B3D-9E95-0ED65F5EF766}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{24391446-63B3-4E0F-ACF6-AFBB05581828}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{25B43A7F-7F4F-44EB-B398-11D6A2489C3C}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{27BCD2D4-72CF-4441-AA1A-8037590210B4}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{29614892-FF58-483F-A674-2EA88DA66DAD}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{2D412F8B-767B-4C57-BD0B-4D804CEFDAB0}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{2FEA0C0B-7835-4CA9-9A2A-BCF9EC948C8A}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{3072C1AE-9AF4-47F8-B054-829C0E20F22E}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{3095EA9B-D8EA-4E6B-9A61-77BBBDAA4D09}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{348DCE7E-E7E3-4C41-8275-7B9128ED294F}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{34ABCEFF-94F4-4FE6-A1E2-3B67AE4E67CB}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{38BBE3BC-4DE5-4685-AB42-B3D812CA887C}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{3932C64D-A48D-42C8-903C-451D3958791B}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{39B1BDB5-6B27-4F19-ABF6-E3D3BA472977}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{39DF1F81-0993-4460-91C1-8DB01FC396D1}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{3BDC9650-4D36-418A-8ECD-7029CAE873A2}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{3C271028-02F4-4527-A65F-C5BE1C8E4A66}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{3C8D0EEC-4C6B-4974-AFA0-67053A9E7D1A}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{3E7A7D4E-E659-414B-B0D3-C6C8AC8AEB42}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{3F37D216-5C81-413E-8E02-DEC6D032D7BD}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{404D2E0D-49C5-495C-876F-822EC83C33BE}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{41AB0F7E-8CF2-49A7-A507-41AA9BDCF6A9}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{45C86C40-B722-4148-9A8D-DC960451ED2A}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{46BD20BD-FA5D-4D8E-970D-D563F10B85E5}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{4B5E797D-D9C4-4BD1-8D93-E18BFF4F5BDE}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{4D32CD1B-B888-4E00-B015-230CD2FC0BCC}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{50970EF8-0E04-4066-A588-EDA0886ED95F}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{50E528CA-A572-4117-90A4-9C20259704DB}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{525DC1A5-C5BD-46D5-B809-A22C931AB740}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{53EDBA98-076D-4063-8405-C52E7F522705}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{5525D608-BA69-4484-8317-5366E6E2F986}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{57E30EF9-EFD2-4838-A5EF-68CBD9E77C50}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{5A0C1FF8-B351-4147-B4D0-FE226FD1F0F9}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{5A42DCE7-2E04-4438-9A70-10E0BE95A940}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{5AD274F9-C1C4-48BA-AEF4-8527AA88983A}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{5BEF187E-43CE-4D2C-9912-25BD8289E006}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{5C294178-A7DD-4BDD-A64A-C55DC01F771B}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{5F716513-BD86-4496-AE64-CC48F1BE0E9C}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{60E05B2E-9756-4AC9-A1CD-58676FA91F72}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{6268C879-921F-47F7-BE6F-35B6BA0F01E2}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{6792D52F-9FEB-4606-B591-A7A127FB7E98}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{67F5C389-6799-4355-BCD8-D21DBC986FBD}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{6C1A0262-4B7E-4E13-82C4-FEE3BE4AFE79}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{6C2A7924-B960-42F3-ABF2-3F0F01F602CA}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{6D9BD66A-92C6-4235-9CBF-8DA6209B7C2B}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{72F31D6E-F767-4A89-9263-66484E2DA66C}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{7631F187-30F6-463A-88C8-E7FEF3E9A6D8}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{76DE111E-8421-4249-8BE4-31B068C86DF5}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{7725CEF8-E1D5-4236-BB65-33CF9B3ECFBD}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{779E94A8-EBA2-4A0A-BEFE-9E52DFB4A645}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{7A6C7FCD-39EA-4A77-B592-F1B154330A9D}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{7BAD0557-D628-41BB-9E41-25D74ED96268}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{7DD3BE2F-3B17-4D47-A3D9-2BADFE941D60}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{80EEE0BD-1C03-4FC6-AA45-C885B4A7A9F0}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{811FD863-537B-4381-B529-262F3FA4E1B7}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{82D98E32-1F91-41E1-86D1-E8DAC7DB77BE}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{83862A11-1E56-42E5-B299-88972A737241}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{83C550FF-C7F4-485A-9661-EA644F8C7E14}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{88D0F234-3F85-43DE-A59D-7AE04E90651E}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{894B2F29-71DE-4004-8053-16672842B0EB}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{8AAB1F57-F496-4BB4-9561-8C4D1371C382}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{8B69CBE9-FDD0-436E-A30C-9BCAFD529FE8}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{8D353EDA-09F3-4086-BEE0-4F17D2DA7B38}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{8E9FC082-825B-4A91-9D29-655E5962393E}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{8FEE64FF-47D4-41E9-9FFA-492E5F9774EA}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{92F30426-37A0-4FA7-9BFF-C7A00F44E9B0}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{93104AE6-0E22-46B8-B9E7-F4C2B6E0162F}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{943B16E2-2DD1-4F06-B479-4CA457604A4C}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{9962FCBE-8F21-4C29-8B8E-E8954E276C19}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{9A7B2877-64D7-4621-B996-297EF538BCBD}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{9B13557E-F7C6-4A90-90C8-9DB6B5886382}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{9B283B2B-047E-4938-8C50-70E895907745}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{9B4CA9BD-8AEB-4143-88DF-99FEC2292D38}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{9BD1446F-DD67-43BC-B355-0E799F6D3800}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{9CEA1727-1620-42CB-B06E-8BCA952A4BDA}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{9E603BB1-1407-4ADA-B4C7-A9F1A0DE3C21}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{9E781001-5C43-4B13-AB35-DB6B802143FA}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{9EBB6D93-83BC-4F1F-9922-60B04FCCA01B}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{A57F00CC-E427-4D6F-ACC5-2DC6994D6EB6}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{A65BF794-98B2-4635-963D-25B73C101AFF}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{A8479221-38C6-4089-917C-520646A03570}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{A98B1D4C-9067-4604-8143-B5A0207208B5}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{AA2A979C-0B7A-445F-96F5-EA2B4432CC25}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{ADEEE598-ADD7-45CD-9351-7B1DFF5F5548}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{AE5F907C-D32C-4596-811A-808C52C88AF4}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{AED1F720-5704-4983-AFC6-E197B6331925}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{AF240DC9-0564-4886-A1DE-C0ED3B535272}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{B299BA57-FA04-4AB3-A164-A92B3330BACF}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{B7D476FD-F971-4699-861F-A250E5636B7F}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{BA9734B0-AE15-4B00-B5D5-76EB339CBA1A}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{BDD2E261-C6A8-4974-9CEA-95D68643C7B4}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{C02170D1-3D1C-4170-BFDC-AE01624F2920}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{C0B9E502-C664-4523-BBED-793B83CC907E}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{C0E279E7-15FE-42FA-A89D-53FC84003F64}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{C16ECF55-EF01-451F-B458-0B0939E997A9}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{C2F31CEF-C903-41B1-A468-85EC16B0ABA7}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{C47F999A-0D89-4A36-882A-6AB522914841}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{C4ABB072-74CC-4514-ACE7-B4C734267EC6}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{C593BAD3-EA44-4AFB-9FFA-3B7BECD85FCC}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{C821A32D-10F9-46CB-B805-F691C7C17DB5}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{C8689A1B-22CD-4CDA-9528-861D98CF7330}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{C990D1BD-3B0A-4637-8F97-9048741DF526}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{CA81B854-77DC-44BA-9EA4-36FDF9AE43B3}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{CACE881F-EBC5-4B47-AA9F-229A4C527284}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{CB6D839A-9E75-4680-AAE1-75CF326CF847}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{CE5D517E-48E3-4D2B-8D00-4FFD15F5CF79}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{CEC5E85A-0BBA-4E9A-B2F1-61C57DFECAF8}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{D0269B98-B864-4789-AB18-908D0B3C0477}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{D63D2878-E81A-4BAC-B2A1-3A0B064EBEA7}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{D7635955-9298-486A-A0C2-E91C3362F767}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{D97F30D2-EFDE-4F99-B489-D5A841ED36C5}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{DB7AF7C1-601D-4492-9544-127648AF42C6}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{DBFC9C20-3D3B-4D93-96B0-FB03252DEE76}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{DC450E90-18A6-4218-A6E0-F63FE0C24C02}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{DCC0484F-7D3D-40A9-BE4D-B269BB34766C}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{DD44516D-FC25-4A16-81A0-3840929DE5A5}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{DD4A4636-1BD2-4BC7-BBA7-19CB9CF5B8C4}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{E3B9370C-036B-457B-8089-7663FCBA9B4D}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{E7E4F73A-A600-46AE-BC8E-98A089A9209F}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{E8181E00-4169-4E02-A05E-607F45E17B3F}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{E9986B81-3192-4B00-9491-5FC8A6E86D3E}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{EA7F2E58-2E0E-4FCA-8C1A-730AD7C64B1B}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{F2F6BBBE-AD43-4598-B8F5-D4FC00B51140}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{F4E5DC26-12E0-4EB6-B6FC-92E7AAB6125B}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{F9EA6751-A24C-4F67-AECA-D75D1E3C3BA9}
Successfully deleted: [Empty Folder] C:\Users\Vern\appdata\local\{FA3EA640-DD4C-40A6-869E-2374D5A78B56}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Vern\AppData\Roaming\mozilla\firefox\profiles\xorm35n8.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/29/2013 at 18:27:09.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jfaulkner5
2013-12-30, 00:44
# AdwCleaner v3.016 - Report created 29/12/2013 at 18:41:08
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Vern - FAULKNER-PC
# Running from : C:\Users\Vern\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Vern\AppData\Roaming\Mozilla\Firefox\Profiles\xorm35n8.default\user.js
Folder Found : C:\Users\Vern\AppData\Roaming\Mozilla\Firefox\Profiles\xorm35n8.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found C:\ProgramData\WeCareReminder

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\wecarereminder
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\wecarereminder
Key Found : HKLM\Software\BetterSurf
Key Found : HKLM\SOFTWARE\Classes\.bdc
Key Found : HKLM\SOFTWARE\Classes\.bgl
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Myfree Codec
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\DomaIQ
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Vern\AppData\Roaming\Mozilla\Firefox\Profiles\xorm35n8.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5138 octets] - [29/12/2013 18:41:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5198 octets] ##########
ken545
2013-12-30, 01:48
No problem helping you, my pleasure :)

Where going to run AdwCleaner again this time we are going to use the clean feature

Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.






Then run Malwarebytes

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
jfaulkner5
2013-12-30, 02:18
# AdwCleaner v3.016 - Report created 29/12/2013 at 19:59:49
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Vern - FAULKNER-PC
# Running from : C:\Users\Vern\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0NT5NQ0T\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Vern\AppData\Roaming\Mozilla\Firefox\Profiles\xorm35n8.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5306 octets] - [29/12/2013 18:41:08]
AdwCleaner[R1].txt - [1074 octets] - [29/12/2013 19:59:00]
AdwCleaner[S0].txt - [4551 octets] - [29/12/2013 18:59:16]
AdwCleaner[S1].txt - [997 octets] - [29/12/2013 19:59:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1056 octets] ##########



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Vern :: FAULKNER-PC [administrator]

12/29/2013 8:08:06 PM
mbam-log-2013-12-29 (20-08-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237996
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Vern\AppData\Local\ArcadeParlor\Arcadeparlor.dll (PUP.Optional.ArcadeParlor.A) -> Delete on reboot.

Registry Keys Detected: 7
HKCR\CLSID\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1F29738C-11D6-4AE5-A1B1-86D4D5F3A69C} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
HKCR\Interface\{96B4DEA0-F89C-475C-8124-B247260B7CB5} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B74443DB-5A88-4583-860A-F0D06EF399E3} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Vern\AppData\Local\ArcadeParlor (PUP.Optional.ArcadeParlor.A) -> Delete on reboot.

Files Detected: 7
C:\Users\Vern\Downloads\7zip_14315_2210.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\Vern\Local Settings\Temporary Internet Files\Content.IE5\W0LL6BBI\getUpdateZip4.1.25[1].zip (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\Users\Vern\AppData\Local\ArcadeParlor\ap.config (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Vern\AppData\Local\ArcadeParlor\Arcadeparlor.dll (PUP.Optional.ArcadeParlor.A) -> Delete on reboot.
C:\Users\Vern\AppData\Local\ArcadeParlor\broker.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Vern\AppData\Local\ArcadeParlor\removal.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\Vern\AppData\Local\ArcadeParlor\versioncheck.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.

(end)
ken545
2013-12-30, 02:24
When you ran Adwcleaner, did you check it all to be cleaned ?? If not run it again please and make sure all is checked


OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
jfaulkner5
2013-12-30, 02:27
yes, I have ran it twice and checked all both times, see reports attached. I think maybe I jumped the gun when I ran the cleaner the first time.
ken545
2013-12-30, 11:04
Good Morning,

OK, lets see the OTL logs
jfaulkner5
2013-12-30, 23:30
OTL logfile created on: 12/30/2013 10:46:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vern\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.87 Gb Total Physical Memory | 3.15 Gb Available Physical Memory | 39.96% Memory free
15.74 Gb Paging File | 10.35 Gb Available in Paging File | 65.72% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1850.73 Gb Total Space | 1458.37 Gb Free Space | 78.80% Space Free | Partition Type: NTFS

Computer Name: FAULKNER-PC | User Name: Vern | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Vern\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Vern\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung Link\utils\SocketTranscoder.exe ()
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe (Samsung)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Users\Vern\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Vern\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe (NDS Technologies)
PRC - C:\Users\Vern\AppData\Local\NDS\PCShow\NDSPCShowServer.exe ()
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 9.0\ReminderApp.exe ()
PRC - C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\_ssl.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\wx._gdi_.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\pywintypes27.dll ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\_multiprocessing.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\wx._windows_.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\_hashlib.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\wx._html2.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\win32process.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\win32pipe.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\_ctypes.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\win32pdh.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\wx._controls_.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\unicodedata.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\pyexpat.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\win32file.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\win32security.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\win32inet.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\win32event.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\win32profile.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\select.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\wx._core_.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\windows._lib_cacheinvalidation.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\pythoncom27.dll ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\win32com.shell.shell.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\_elementtree.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\win32api.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\_socket.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\win32ts.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\wx._misc_.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\wx._wizard.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI51402\win32crypt.pyd ()
MOD - C:\Users\Vern\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\46863d4abf7db3e009962abc8710c945\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\c94852f43f7ac59fcbe4c54b119788d2\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\96afc74588c6581e299884469ea0dced\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a42743bb1ed71d59b6594b67cf6c9384\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4774201dc923674852e089053f76e76e\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\de9e77138e17f0188104c9ec32d375da\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c5f2c02bd940c74019ed4a183c7830c0\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\z.dll ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\ndsLogStore.dll ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\libxml2-2.dll ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\libgstreamer-0.10.dll ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\gsttspplugin.dll ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\NDSPCShowServer.exe ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\DrmSingleton.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 9.0\ReminderApp.exe ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (Samsung Link Service) -- C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG)
SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AllShare Framework DMS) -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe (Samsung)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (CxUtilSvc) -- C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe (Conexant Systems, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.)
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (CXPLRCAP) -- C:\Windows\SysNative\drivers\CxPlrCap.sys (Conexant Systems, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2F8D8C30-75B4-4284-BB40-8BE9DAF98B98}
IE:64bit: - HKLM\..\SearchScopes\{2F8D8C30-75B4-4284-BB40-8BE9DAF98B98}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F8D8C30-75B4-4284-BB40-8BE9DAF98B98}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Vern\AppData\Local\NDS\PCShow\npPlayerPlugin.dll (COX)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vern\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vern\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Vern\AppData\Local\NDS\PCShow\npPlayerPlugin.dll (COX)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/09/10 19:39:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/12/29 18:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vern\AppData\Roaming\mozilla\Extensions
[2013/12/29 18:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vern\AppData\Roaming\mozilla\Firefox\Profiles\xorm35n8.default\extensions
[2013/12/27 12:05:51 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Vern\AppData\Roaming\mozilla\Firefox\Profiles\xorm35n8.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2013/12/29 18:35:14 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Vern\AppData\Roaming\mozilla\Firefox\Profiles\xorm35n8.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
[2013/11/17 11:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/17 11:40:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: ArcadeParlor = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej\1.0.0_0\
CHR - Extension: Google Docs = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Cast = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\13.1210.0.6_0\
CHR - Extension: Google Search = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Hola Better Internet = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.2.258_0\
CHR - Extension: avast! Online Security = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: We-Care Reminder = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.38\
CHR - Extension: Earth = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac\1.6_0\
CHR - Extension: Google Play = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
CHR - Extension: Fireplace = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjnhkmdlhpjalapikmdocokkigmhimo\0.0.0.1_0\
CHR - Extension: No name found = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco\2.2.7_0\
CHR - Extension: Google Wallet = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Cox Toolbar) - {23C17F9A-C4AF-4701-9657-D384E3EE8958} - C:\Program Files (x86)\coxtoolbartb\CoxToolbarDx.dll ()
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Cox Toolbar) - {23C17F9A-C4AF-4701-9657-D384E3EE8958} - C:\Program Files (x86)\coxtoolbartb\CoxToolbarDx.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-290018582-107595803-2753680044-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-290018582-107595803-2753680044-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Samsung Link] C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Copyright 2013 SAMSUNG)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 9.0\ReminderApp.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [8E134342D67168CDB6EDF95A3F758C3F2CEF6F34._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service File not found
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [Akamai NetSession Interface] C:\Users\Vern\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [Amazon Cloud Player] C:\Users\Vern\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [PCShowServer] C:\Users\Vern\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Vern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{073BF507-962F-4901-B6B8-EC2EECDCA61A}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90B26BA0-59D5-4DED-963A-15A6695C9CEE}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE6B77B2-01E7-41B9-82E3-82F1E5A55FE8}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c3490e2-de87-11e2-81d1-d4bed9d4fdd9}\Shell - "" = AutoRun
O33 - MountPoints2\{4c3490e2-de87-11e2-81d1-d4bed9d4fdd9}\Shell\AutoRun\command - "" = H:\LGAutoRun.exe
O33 - MountPoints2\{7c15ca8b-5925-11e2-b1ca-d4bed9d4fdd9}\Shell - "" = AutoRun
O33 - MountPoints2\{7c15ca8b-5925-11e2-b1ca-d4bed9d4fdd9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
jfaulkner5
2013-12-30, 23:31
========== Files/Folders - Created Within 30 Days ==========

[2013/12/30 10:44:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vern\Desktop\OTL.exe
[2013/12/29 20:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/29 20:07:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/29 20:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/29 18:41:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/29 18:35:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\modules
[2013/12/29 18:35:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\images
[2013/12/29 18:35:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\html
[2013/12/29 18:35:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\css
[2013/12/29 18:35:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\js
[2013/12/29 18:35:14 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2013/12/29 18:35:01 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/12/29 18:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/12/29 18:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2013/12/29 18:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/12/29 18:34:44 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/12/29 18:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013/12/29 18:34:38 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\FileAssociationManager
[2013/12/29 18:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileAssociationManager
[2013/12/29 18:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/12/29 18:34:35 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Yahoo!
[2013/12/29 18:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/12/29 18:22:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/29 14:36:52 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\com.bby.cinemanowplayer
[2013/12/29 14:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CinemaNow Player
[2013/12/27 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
[2013/12/27 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Local\Amazon Cloud Player
[2013/12/26 15:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2013/12/17 15:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2013/12/13 10:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/11 03:02:56 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/11 03:02:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/11 03:02:56 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/11 03:02:55 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/11 03:01:44 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/11 03:01:44 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/11 03:01:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/11 03:01:43 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/11 03:01:43 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/11 03:01:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/11 03:01:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/11 03:01:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/11 03:01:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/11 03:01:42 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/11 03:01:42 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/11 03:01:42 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/11 03:01:42 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/11 03:01:41 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/11 03:01:41 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/11 03:01:38 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 01:26:36 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 01:26:36 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 01:26:35 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 01:26:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 01:26:35 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 01:26:30 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 01:26:30 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 01:26:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 01:26:30 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 01:26:30 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 01:26:30 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 01:26:30 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 01:26:30 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/10 12:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/12/10 12:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013/12/10 12:30:26 | 000,000,000 | ---D | C] -- C:\Users\Vern\Samsung Link
[2013/12/10 12:28:24 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
[2013/12/10 12:28:19 | 000,000,000 | ---D | C] -- C:\Upload
[2013/12/10 12:28:00 | 000,000,000 | ---D | C] -- C:\Users\Vern\.swt
[2013/12/10 12:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2013/12/10 11:28:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/12/10 11:28:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/12/10 11:28:45 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Local\Samsung
[2013/12/10 11:28:43 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Samsung
[2013/12/10 11:28:42 | 000,000,000 | ---D | C] -- C:\Users\Vern\Documents\samsung
[2013/12/10 11:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013/12/10 11:26:31 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2013/12/10 11:26:27 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2013/12/10 11:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/12/10 11:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung

========== Files - Modified Within 30 Days ==========

[2013/12/30 10:44:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vern\Desktop\OTL.exe
[2013/12/30 10:26:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/30 10:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/30 10:01:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-290018582-107595803-2753680044-1000UA.job
[2013/12/30 08:17:00 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\ArcadeParlor.job
[2013/12/30 07:26:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/30 01:01:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-290018582-107595803-2753680044-1000Core.job
[2013/12/29 20:30:33 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/29 20:30:33 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/29 20:27:33 | 000,782,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/29 20:27:33 | 000,663,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/29 20:27:33 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/29 20:21:09 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2013/12/29 20:19:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/29 20:19:46 | 2044,899,327 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/29 20:07:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 18:40:42 | 000,001,164 | ---- | M] () -- C:\Users\Vern\Desktop\AdwCleaner - Shortcut.lnk
[2013/12/29 17:11:46 | 000,000,512 | ---- | M] () -- C:\Users\Vern\Desktop\MBR.dat
[2013/12/29 17:03:56 | 000,003,023 | ---- | M] () -- C:\Users\Vern\Desktop\attach.zip
[2013/12/29 14:36:51 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\CinemaNow Player.lnk
[2013/12/27 14:36:26 | 000,001,210 | ---- | M] () -- C:\Users\Vern\Desktop\Amazon Cloud Player.lnk
[2013/12/23 11:17:51 | 000,002,324 | -H-- | M] () -- C:\Users\Vern\Documents\Default.rdp
[2013/12/23 11:10:09 | 000,226,036 | ---- | M] () -- C:\Users\Vern\Documents\Merry Christmas 2013.pdf
[2013/12/23 09:14:50 | 000,005,660 | ---- | M] () -- C:\Users\Vern\Documents\Christmas Card 2013.pdf
[2013/12/21 20:53:38 | 000,002,358 | ---- | M] () -- C:\Users\Vern\Desktop\Chrome App Launcher.lnk
[2013/12/17 15:49:05 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/12/14 07:08:52 | 003,536,690 | ---- | M] () -- C:\Users\Public\Documents\Jordan Graduation 12-14-13.fgc
[2013/12/11 03:20:15 | 000,488,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/10 15:20:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 15:20:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/10 15:08:20 | 000,007,605 | ---- | M] () -- C:\Users\Vern\AppData\Local\Resmon.ResmonCfg
[2013/12/10 11:28:41 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013/12/10 11:26:35 | 000,002,028 | ---- | M] () -- C:\Users\Vern\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013/12/10 11:26:35 | 000,002,018 | ---- | M] () -- C:\Users\Vern\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013/12/07 11:03:26 | 006,040,022 | ---- | M] () -- C:\Users\Public\Documents\Victorias 18th birthday..fgc
[2013/12/04 19:02:28 | 000,002,368 | ---- | M] () -- C:\Users\Vern\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/04 19:02:28 | 000,002,366 | ---- | M] () -- C:\Users\Vern\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/12/29 20:07:18 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 18:40:42 | 000,001,164 | ---- | C] () -- C:\Users\Vern\Desktop\AdwCleaner - Shortcut.lnk
[2013/12/29 18:35:13 | 000,000,268 | ---- | C] () -- C:\Windows\tasks\ArcadeParlor.job
[2013/12/29 17:11:46 | 000,000,512 | ---- | C] () -- C:\Users\Vern\Desktop\MBR.dat
[2013/12/29 17:03:56 | 000,003,023 | ---- | C] () -- C:\Users\Vern\Desktop\attach.zip
[2013/12/29 14:36:51 | 000,000,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CinemaNow Player.lnk
[2013/12/29 14:36:51 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\CinemaNow Player.lnk
[2013/12/27 14:36:26 | 000,001,210 | ---- | C] () -- C:\Users\Vern\Desktop\Amazon Cloud Player.lnk
[2013/12/23 11:10:09 | 000,226,036 | ---- | C] () -- C:\Users\Vern\Documents\Merry Christmas 2013.pdf
[2013/12/23 09:14:50 | 000,005,660 | ---- | C] () -- C:\Users\Vern\Documents\Christmas Card 2013.pdf
[2013/12/21 20:53:37 | 000,002,358 | ---- | C] () -- C:\Users\Vern\Desktop\Chrome App Launcher.lnk
[2013/12/14 07:08:51 | 003,536,690 | ---- | C] () -- C:\Users\Public\Documents\Jordan Graduation 12-14-13.fgc
[2013/12/10 11:28:41 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/12/10 11:28:41 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013/12/10 11:26:35 | 000,002,028 | ---- | C] () -- C:\Users\Vern\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013/12/10 11:26:35 | 000,002,018 | ---- | C] () -- C:\Users\Vern\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013/12/09 10:54:53 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2013/12/07 11:03:26 | 006,040,022 | ---- | C] () -- C:\Users\Public\Documents\Victorias 18th birthday..fgc
[2013/11/09 20:35:16 | 000,000,034 | ---- | C] () -- C:\Windows\AvastEmUpdate.ini
[2013/10/30 12:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/10/28 16:41:24 | 000,000,258 | ---- | C] () -- C:\Windows\wininit.ini
[2013/10/25 17:14:23 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/10/01 09:46:40 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll
[2013/10/01 09:11:08 | 000,706,560 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll
[2013/07/23 19:18:54 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll
[2013/07/23 19:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
[2013/07/23 19:18:42 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll
[2013/07/23 19:18:40 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
[2013/07/23 19:18:38 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
[2013/07/23 19:18:38 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll
[2013/03/05 18:57:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013/03/05 18:57:58 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013/02/15 16:04:02 | 000,007,605 | ---- | C] () -- C:\Users\Vern\AppData\Local\Resmon.ResmonCfg
[2012/12/22 16:57:31 | 001,180,400 | ---- | C] () -- C:\Users\Vern\DellDigitalDelivery.Release.2.1.1000.0_ZPE.exe
[2012/12/22 16:57:10 | 043,269,904 | ---- | C] () -- C:\Users\Vern\Audio_Conexant_W74_A00_Setup-772CK_ZPE.exe
[2012/12/22 16:56:47 | 052,100,400 | ---- | C] () -- C:\Users\Vern\iMEI_Intel_W74_A00_Setup-P92RM_ZPE.exe
[2012/12/22 16:56:44 | 003,118,912 | ---- | C] () -- C:\Users\Vern\Chipset_Intel_WIN_A00_Setup-WTN9T_ZPE.exe
[2012/12/22 16:56:38 | 012,533,256 | ---- | C] () -- C:\Users\Vern\USB3_Intel_W7_A01_Setup-1H1P1_ZPE.exe
[2012/12/22 16:56:35 | 005,997,032 | ---- | C] () -- C:\Users\Vern\LOM_RealTek_W7_A00_Setup-K0X2P_ZPE.exe
[2012/12/22 16:56:19 | 033,924,240 | ---- | C] () -- C:\Users\Vern\DW1506_W7_A01_Setup-V5DYK_ZPE.exe
[2012/12/22 16:56:13 | 012,418,584 | ---- | C] () -- C:\Users\Vern\AHCI_Intel_W7_A01_Setup-GVVJD_ZPE.exe
[2012/12/22 16:55:00 | 158,923,064 | ---- | C] () -- C:\Users\Vern\Video_Intel_W74_A01_Setup-JYNR7_ZPE.exe
[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/07/28 10:34:53 | 000,003,584 | ---- | C] () -- C:\Users\Vern\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/21 00:23:48 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/07/21 00:23:45 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/07/21 00:23:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/29 20:41:13 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\AVAST Software
[2013/02/15 18:25:49 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\Blio
[2013/12/29 14:36:54 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\com.bby.cinemanowplayer
[2013/12/29 18:34:38 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\FileAssociationManager
[2012/07/27 15:18:07 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\Fingertapps
[2012/07/29 08:56:30 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\PCDr
[2013/12/17 15:46:39 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\Samsung
[2012/07/27 20:12:04 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\SoftGrid Client
[2013/01/05 22:52:50 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\TeamViewer
[2012/07/27 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\TP
[2013/08/24 16:28:48 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\ZinioReader4

========== Purity Check ==========



< End of report >
jfaulkner5
2013-12-30, 23:33
OTL Extras logfile created on: 12/30/2013 10:46:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vern\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.87 Gb Total Physical Memory | 3.15 Gb Available Physical Memory | 39.96% Memory free
15.74 Gb Paging File | 10.35 Gb Available in Paging File | 65.72% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1850.73 Gb Total Space | 1458.37 Gb Free Space | 78.80% Space Free | Partition Type: NTFS

Computer Name: FAULKNER-PC | User Name: Vern | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-290018582-107595803-2753680044-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0290DB09-AA29-46D6-A168-D8EF60D6F761}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 |
"{03841DF0-BEC9-48D3-BF40-C18728ED0827}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0E18283A-10B4-4C65-871B-D5F2A7D5DEF0}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port |
"{0E3E5E18-99AA-4414-AB01-1005A9170C34}" = rport=445 | protocol=6 | dir=out | app=system |
"{101502CE-A712-4403-BA83-64F01DC3AA7E}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1310D2A9-B9AC-4267-8D8C-1542B8E9A8B2}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 |
"{13FBA182-0CF5-48B0-AB37-046CDBC30F01}" = rport=139 | protocol=6 | dir=out | app=system |
"{1C22C2F9-FF0C-4BF6-9033-17A27837DE9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D4ED201-995A-4353-BA68-0C6AC8DF0E06}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2932F1F2-DEF9-42B8-9F63-5BEAE5BBA277}" = lport=2869 | protocol=6 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29F5F47E-7E30-41C0-9D9E-C8D78472BBCE}" = rport=137 | protocol=17 | dir=out | app=system |
"{312B7687-A160-47B6-8F2A-86A3BBE99FB5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{373C6776-703E-4FC5-A3B6-EC1232CAFE56}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{381A353F-C7E1-4956-B27C-E788DC2EA412}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port |
"{3BE357A2-1CAB-4086-B988-D2A0F2126445}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3C44CECC-70DD-47AA-8B24-BF3D564A34DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4033F9D7-4327-40D1-9353-D91E84B7CDC0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B08AEBE-BA4C-4532-84A2-7C9B45906620}" = lport=2869 | protocol=6 | dir=in | app=system |
"{58196517-CF3E-4563-8891-FC103BAA1FC4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5ADBE51E-B8FC-451C-840F-8F9310A8DDA4}" = lport=445 | protocol=6 | dir=in | app=system |
"{61B8BD42-90C9-4095-9245-74F81B5B2AF6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6629822B-35A0-442A-A5BD-5B56FB6AF988}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B02414C-B9F3-451A-88ED-A61803AD382E}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{6CC64D5C-5CA4-4E4D-BA92-73988771EF1E}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{73C36BB3-D18B-4BCE-85F7-812313A0651F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{74A42327-578B-4590-9AB9-61EEDFCB4B60}" = lport=1723 | protocol=6 | dir=in | app=system |
"{7CFBE50D-3626-4037-A724-928484E52F5E}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{7D28F46D-BF43-4CB8-914F-B982E78F67FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81A8D1E6-5272-45A4-8B7F-6CDCA3277E75}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8494E466-9126-4495-82E5-7CB4F2156F6D}" = lport=139 | protocol=6 | dir=in | app=system |
"{85B1C0D9-4C82-4FFF-B7F4-4B16464D8B2C}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{892D1135-0E95-49A0-83F1-C125A7843B76}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 |
"{8AD7149D-7EC3-431A-9447-A50A90953CF5}" = rport=1701 | protocol=17 | dir=out | app=system |
"{919B9ABC-6B9F-4932-AAEB-49AB8B10BBC9}" = lport=5985 | protocol=6 | dir=in | app=system |
"{9DDAB23D-98BF-4ECD-98D4-663B15204CC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A33C12E3-438E-427A-B406-92E47BFDACA6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A463BDD9-5FD9-4DE4-A5E0-D3DA9B93F91E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A6E75175-C0C0-40B6-B81D-8D157571381D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{ADB28C3B-B399-4AFB-B868-EFF0B1E19F2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AFFE7B95-E983-46B2-AD01-4F60B53B48C4}" = lport=80 | protocol=6 | dir=in | app=system |
"{B309DD51-0F07-48E8-9DEF-9B1EC6543779}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{B5879339-B00D-4B93-8A00-C21E72D76B54}" = rport=138 | protocol=17 | dir=out | app=system |
"{B727CB1D-A2DD-498E-9A8A-FBDD1839BE0A}" = lport=1701 | protocol=17 | dir=in | app=system |
"{C38463AA-6138-4125-B8C5-CAD88621961F}" = rport=1723 | protocol=6 | dir=out | app=system |
"{C3A29C39-24E5-4FAE-9E4E-5FF0007113DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE3C9D0B-CD18-483A-8C9F-224E0CF3DF41}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port |
"{D5BE7BDD-865E-483E-90A5-BB203EA2D73C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5D29E6B-7073-4977-BA52-42FD61B67037}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7513E67-571B-4E27-9EC5-D700AE8A0C58}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D87F9188-0752-4F6B-8295-AF6636623779}" = lport=137 | protocol=17 | dir=in | app=system |
"{DBC45F97-CC3F-403A-A810-882C8D5DF858}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD3EA85D-367C-48EB-9599-EBC92FCD8EFB}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DFE47861-614A-4F9A-93CE-BF9ED5D1A708}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E6D0DBA4-BA59-4256-BB75-715D47358751}" = lport=138 | protocol=17 | dir=in | app=system |
"{E89C600E-D71D-4A81-9095-67E808836DF1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8A8667C-A708-4CBA-AC98-C1FE87869AEA}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 |
"{FEBB138A-0AE8-4911-9097-992C3689DB42}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{FED7EC6C-38AE-4D09-8F33-2F403E53D2F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FE153A-10EE-4FF3-A553-09F68A454E5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A73CE7B-3C00-4D3F-AA32-3BD726D6A810}" = protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{115F8895-7392-4E8C-99A9-639068619AFA}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{13486E4B-9265-4741-8C11-CACE83CC2F64}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{139299B8-F2B5-4D1D-836E-45B38F6CDCF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14E1AD1D-F94A-4A63-A96A-A59339A6CEA6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19875119-92C4-410F-BA6B-E90DD7AC0EFD}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{1DEE1EAF-F8EF-4D12-9BCC-12E85C1A1897}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{1F876894-7666-4E37-8182-D29D24F3A279}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{203ADD8D-166D-4442-900C-95DF32593DDF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20C42B2E-F585-4C8C-B37B-E75DB0CFA843}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{237FB23F-739C-4C68-A04E-092D9EC8ECAE}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{271BE372-84B1-4185-97F0-FFAA8D9BC316}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2AABECEB-3A77-4CA8-B514-B19975CE3EB4}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2D95873E-0DE5-4299-8246-8E8B085CB528}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31E2F399-E8B4-4C13-9311-EFF9D65CB556}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{34BA1535-40CC-45FE-9249-5C29E9D12872}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{365BC6DB-3B20-4647-BA72-D0DB2DDBE28F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{367F99C5-DD0A-45A4-A631-3FDD2BD134C1}" = protocol=6 | dir=in | app=%systemroot%\system32\msra.exe |
"{38432C5E-12A2-4E7E-9C1A-4B74012280FA}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{38ABEB12-3865-424F-9FC9-26F22E0BA1C1}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{398AD1A6-4F86-49EE-8321-A0C3BD961498}" = protocol=6 | dir=out | app=system |
"{3AA30F2B-9236-4ED5-88FE-5CDBD99F346A}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{3B2836DC-1AAE-4104-A08F-21A56A61F09B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{49E856B4-4966-4413-8975-4F1F68F923D4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{508C6684-BC2F-43D7-B14C-86FFB607A1AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{513F6CC0-C0C7-4A7F-AAAD-D9FB75B73153}" = dir=in | app=c:\program files\samsung\samsung link\samsung link tray agent.exe |
"{535B7D36-FA86-4FDD-B1FA-3A50CD20421E}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"{552AFE4E-5FC4-4484-8520-EAD05858A55D}" = protocol=47 | dir=in | app=system |
"{55612222-2432-4C13-A17E-8E60CB981E7F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{577A7AF8-AA19-45DE-9662-6038BBAE0815}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.21\allshareframeworkdms.exe |
"{57D69B81-AE92-4C9B-8E19-15411F98C9EB}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{585B143E-335E-4048-8FA5-4FA6B4E5F510}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{595B17DB-58C1-402A-9978-317A7D1FEA9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60C9A71A-C6F4-4494-903E-C4B336C7DB87}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{677E0DBB-6AEB-401D-9B46-300DC5E24714}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{693E18F8-E4CD-40AE-B116-EFFC4EFFCA90}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E19ED06-AA21-4836-9E8B-EF9ECB9BFD14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{707BDAB1-C450-4AB4-B047-5AB5A850C0F7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7EF5C95E-A2F7-4AE0-B08E-D71393A79E12}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{860E560B-A8B5-48AD-93BA-E89BFC5A1846}" = protocol=6 | dir=out | app=%systemroot%\system32\msra.exe |
"{8850539A-A6CD-4F82-A3E6-F789701D3007}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{89C57C9E-B488-4B73-858E-C9FAC3D6E80E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{92048E27-36BC-497F-A4A5-6BD959956455}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{960A0F5D-7CAD-41E5-BED0-597C67E4766C}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{9B3CBAD1-72F3-492E-980F-61B2602DFAB3}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{A79296FA-F4DA-4AA5-A111-D06A0584E8F6}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{A79CB089-F9C4-4736-8310-5FCC8D06F393}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A9A38862-3A25-414C-84BA-B05CAFD124CD}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare framework dms\1.3.21\allshareframeworkdms.exe |
"{A9C6FE1D-AFDC-4B6A-AE2D-6DC89263CBEF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{AE360590-C2EE-4A3B-8B22-1F7A07E31EEC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B0D1B8B8-78DA-417A-938F-15905A9AFD8B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B14237B6-17DE-4B83-8283-1C7E36C712AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3D5AD75-34BB-4E41-A27C-A8D2C5B656DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B675551E-4A18-42A7-A21B-9353E283F812}" = protocol=17 | dir=in | app=c:\windows\system32\msra.exe |
"{B7C3FDC8-66BA-4A4F-B519-3AFCFD7B87ED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B8807D10-8AEA-486A-A4A8-08F432D46141}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B9B054B1-2F13-46AE-AB61-08D8641649FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE90A07D-394B-4DF6-9699-E5F4F0F8EC94}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C40D1CE0-C5AE-4F06-AF44-49B360C478B1}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{CC1E60EE-6609-4838-82F0-ED8C79485BEB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D374684B-5EAD-465B-8113-6C041155BA05}" = protocol=6 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D44E01B1-6CFE-4037-B95D-63B6DF3422A3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA406542-78B3-42F9-B662-37E02B8AF3C0}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E1E6AF17-F76E-4CF0-8A93-4F74180F08D3}" = protocol=47 | dir=out | app=system |
"{E2C928EF-1E9A-4A45-A162-8BAFB3C9BFEC}" = dir=out | app=c:\program files\samsung\samsung link\samsung link tray agent.exe |
"{EBE45345-F0AB-4200-8A78-964AB3B9C1E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{EE121576-FC45-4BD0-A3FC-545EE2B6B6B0}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{F0D67278-F915-4DB3-A5ED-254A3B209674}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F398738E-6EA8-43CC-930E-5EB073E48F16}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{F4F8ED0C-35A0-44C9-97F8-CFC78D49CF09}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8A6D717-966E-4F17-87A1-6A186FC9A35E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FE833077-CAE1-476E-87BB-AD217C41BEBF}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"TCP Query User{040DD4D5-189B-488B-8CE0-0A1397EC130B}C:\users\vern\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\vern\appdata\local\akamai\netsession_win.exe |
"TCP Query User{04662279-2919-4EB3-9253-1566B149AA5F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{72CF9B56-36D9-4BA8-8AF9-0324DC8C9E0C}C:\users\vern\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\vern\appdata\local\akamai\netsession_win.exe |
"UDP Query User{695826B4-1671-4259-B431-7E7EBED151C7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{CE993C34-F51D-43DE-BDF0-B09B250F20F3}C:\users\vern\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\vern\appdata\local\akamai\netsession_win.exe |
"UDP Query User{DA814696-3C1B-4055-9A70-660CA9064876}C:\users\vern\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\vern\appdata\local\akamai\netsession_win.exe |
jfaulkner5
2013-12-30, 23:34
========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7C403DA-B8D9-4CA0-93D9-6C7F00772240}" = WD SmartWare
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BF01E7C5-918C-4AAB-8099-2D4411E6E6F4}" = AllShare Framework DMS
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"8474-7877-9059-0204" = Samsung Link 1.7.0.1311052230
"CNXT_AUDIO_HDA" = Conexant SmartAudio HD
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = My Dell
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E5C7043-09C5-4974-A69F-A5271FD82BBC}" = PlayMemories Home
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2299EEBD-0A83-4B26-AA4A-057AE9E5BAE8}" = Dell Stage Remote
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2762389E-0901-876D-FB4A-CE7B5A151639}" = CinemaNow Player
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{431E2654-B0A4-4140-82A2-DD55B028B626}" = Blio
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation
"{49CC328B-AEB4-4B57-8E7E-4B437AC40B3B}" = Greeting Card Factory Deluxe
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{507B1304-194A-4204-A9D9-9BAAF51EF760}" = WD Quick View
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{801EA33B-91C5-4D48-8A59-B619BBFBF6EB}" = FeneVision Alternate Wizard Prerequisites
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}" = ArcSoft ShowBiz
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA107568-1B58-407E-9867-D51F71C9F446}" = Driver Install 64-Bit
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-7760-000000000005}" = Adobe Acrobat X Pro
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{ba99df5b-3e46-419e-81e2-544352772fda}" = WD SmartWare Installer
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA86FAE4-25FE-48B1-89E6-24D51B47C2B1}" = Cox TV Connect
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2274C6A-6B2F-42D5-A328-12E666D4CFEF}" = Greeting Card Factory Deluxe 9.0
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
"7-Zip 9.20" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"com.bby.cinemanowplayer" = CinemaNow Player
"coxtoolbartb" = Cox Toolbar
"DMUninstaller" = DMUninstaller
"FileAssociationManager" = File Association Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{AA107568-1B58-407E-9867-D51F71C9F446}" = Driver Install 64-Bit
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.2.0.1116
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"ZinioReader4" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-290018582-107595803-2753680044-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1" = ChromecastApp
"Akamai" = Akamai NetSession Interface
"Amazon Amazon Cloud Player" = Amazon Cloud Player
"bd4d3a0508d364f5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2013 7:55:51 PM | Computer Name = Faulkner-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary GEAR ASPI Filter Driver. System Error: The system cannot find the file
specified. .

Error - 12/29/2013 7:57:31 PM | Computer Name = Faulkner-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary GEAR ASPI Filter Driver. System Error: The system cannot find the file
specified. .

Error - 12/29/2013 8:01:47 PM | Computer Name = Faulkner-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/29/2013 8:02:26 PM | Computer Name = Faulkner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MetaExtractor.exe, version: 1.8.0.0, time
stamp: 0x5271a6e3 Faulting module name: MetaExtractorDLL.dll, version: 0.0.0.0,
time stamp: 0x5271a6de Exception code: 0xc0000005 Fault offset: 0x00003bd6 Faulting
process id: 0x172c Faulting application start time: 0x01cf04f2694dd6bc Faulting application
path: C:\Program Files\Samsung\Samsung Link\utils\MetaExtractor.exe Faulting module
path: C:\Program Files\Samsung\Samsung Link\utils\MetaExtractorDLL.dll Report Id:
a9ef5734-70e5-11e3-9162-d4bed9d4fdd9

Error - 12/29/2013 8:54:40 PM | Computer Name = Faulkner-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 225c Start
Time: 01cf04f8e480df48 Termination Time: 15 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id:

Error - 12/29/2013 9:02:02 PM | Computer Name = Faulkner-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/29/2013 9:03:12 PM | Computer Name = Faulkner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MetaExtractor.exe, version: 1.8.0.0, time
stamp: 0x5271a6e3 Faulting module name: MetaExtractorDLL.dll, version: 0.0.0.0,
time stamp: 0x5271a6de Exception code: 0xc0000005 Fault offset: 0x00003bd6 Faulting
process id: 0x16a0 Faulting application start time: 0x01cf04fae763f648 Faulting application
path: C:\Program Files\Samsung\Samsung Link\utils\MetaExtractor.exe Faulting module
path: C:\Program Files\Samsung\Samsung Link\utils\MetaExtractorDLL.dll Report Id:
2744a74a-70ee-11e3-9842-d4bed9d4fdd9

Error - 12/29/2013 9:20:39 PM | Computer Name = Faulkner-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/29/2013 9:21:23 PM | Computer Name = Faulkner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MetaExtractor.exe, version: 1.8.0.0, time
stamp: 0x5271a6e3 Faulting module name: MetaExtractorDLL.dll, version: 0.0.0.0,
time stamp: 0x5271a6de Exception code: 0xc0000005 Fault offset: 0x00003bd6 Faulting
process id: 0x1134 Faulting application start time: 0x01cf04fd70eb2f8d Faulting application
path: C:\Program Files\Samsung\Samsung Link\utils\MetaExtractor.exe Faulting module
path: C:\Program Files\Samsung\Samsung Link\utils\MetaExtractorDLL.dll Report Id:
b18afa80-70f0-11e3-beff-d4bed9d4fdd9

[ System Events ]
Error - 12/29/2013 8:07:14 PM | Computer Name = Faulkner-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 12/29/2013 9:01:44 PM | Computer Name = Faulkner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.

Error - 12/29/2013 9:01:44 PM | Computer Name = Faulkner-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053

Error - 12/29/2013 9:02:29 PM | Computer Name = Faulkner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Updating Service service to connect.

Error - 12/29/2013 9:02:29 PM | Computer Name = Faulkner-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Updating Service service failed to start due to the
following error: %%1053

Error - 12/29/2013 9:07:34 PM | Computer Name = Faulkner-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 12/29/2013 9:25:42 PM | Computer Name = Faulkner-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.


< End of report >
ken545
2013-12-31, 00:32
Hi :)

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O4 - HKLM..\Run: [] File not found

:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please
jfaulkner5
2013-12-31, 01:24
All processes killed
========== OTL ==========
HKU\S-1-5-21-290018582-107595803-2753680044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-290018582-107595803-2753680044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-290018582-107595803-2753680044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Vern\Desktop\cmd.bat deleted successfully.
C:\Users\Vern\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Desktop Remote

User: Public

User: Vern
->Java cache emptied: 68361 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Desktop Remote

User: Public

User: Vern
->Temp folder emptied: 3047386242 bytes
->Temporary Internet Files folder emptied: 1709465011 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 101557554 bytes
->Google Chrome cache emptied: 384193687 bytes
->Flash cache emptied: 62896 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 705891354 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 77192 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5,673.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12302013_191419

Files\Folders moved on Reboot...
File\Folder C:\Users\Vern\AppData\Local\Temp\hsperfdata_Vern\4352 not found!
C:\Users\Vern\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Vern\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\hsperfdata_FAULKNER-PC$\1824 not found!
C:\Windows\temp\FireFly(201312292020084E0).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(201312292020074E0).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(201312292020094E0).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\Windows\temp\sqlite-3.7.2-sqlitejdbc.dll moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
jfaulkner5
2013-12-31, 01:36
OTL logfile created on: 12/30/2013 7:26:07 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vern\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.87 Gb Total Physical Memory | 5.05 Gb Available Physical Memory | 64.13% Memory free
15.74 Gb Paging File | 12.29 Gb Available in Paging File | 78.04% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1850.73 Gb Total Space | 1462.90 Gb Free Space | 79.04% Space Free | Partition Type: NTFS

Computer Name: FAULKNER-PC | User Name: Vern | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Vern\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Vern\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe (Samsung)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Users\Vern\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Vern\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe (NDS Technologies)
PRC - C:\Users\Vern\AppData\Local\NDS\PCShow\NDSPCShowServer.exe ()
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 9.0\ReminderApp.exe ()
PRC - C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\_multiprocessing.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\_ssl.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\wx._windows_.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\wx._gdi_.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\_hashlib.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\pywintypes27.dll ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\wx._html2.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\win32process.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\win32pipe.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\_ctypes.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\wx._controls_.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\win32inet.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\win32pdh.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\unicodedata.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\pyexpat.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\win32event.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\win32profile.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\select.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\win32file.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\win32security.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\windows._lib_cacheinvalidation.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\_elementtree.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\win32api.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\_socket.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\win32com.shell.shell.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\win32ts.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\wx._core_.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\wx._misc_.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\pythoncom27.dll ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\wx._wizard.pyd ()
MOD - C:\Users\Vern\AppData\Local\Temp\_MEI52922\win32crypt.pyd ()
MOD - C:\Users\Vern\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\46863d4abf7db3e009962abc8710c945\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\c94852f43f7ac59fcbe4c54b119788d2\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\96afc74588c6581e299884469ea0dced\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a42743bb1ed71d59b6594b67cf6c9384\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4774201dc923674852e089053f76e76e\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\de9e77138e17f0188104c9ec32d375da\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c5f2c02bd940c74019ed4a183c7830c0\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\z.dll ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\ndsLogStore.dll ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\libxml2-2.dll ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\libgstreamer-0.10.dll ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\gsttspplugin.dll ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\NDSPCShowServer.exe ()
MOD - C:\Users\Vern\AppData\Local\NDS\PCShow\DrmSingleton.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 9.0\ReminderApp.exe ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (Samsung Link Service) -- C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG)
SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AllShare Framework DMS) -- C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe (Samsung)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (CxUtilSvc) -- C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe (Conexant Systems, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.)
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (CXPLRCAP) -- C:\Windows\SysNative\drivers\CxPlrCap.sys (Conexant Systems, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2F8D8C30-75B4-4284-BB40-8BE9DAF98B98}
IE:64bit: - HKLM\..\SearchScopes\{2F8D8C30-75B4-4284-BB40-8BE9DAF98B98}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F8D8C30-75B4-4284-BB40-8BE9DAF98B98}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-290018582-107595803-2753680044-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Vern\AppData\Local\NDS\PCShow\npPlayerPlugin.dll (COX)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vern\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vern\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Vern\AppData\Local\NDS\PCShow\npPlayerPlugin.dll (COX)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/09/10 19:39:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/12/29 18:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vern\AppData\Roaming\mozilla\Extensions
[2013/12/29 18:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vern\AppData\Roaming\mozilla\Firefox\Profiles\xorm35n8.default\extensions
[2013/12/27 12:05:51 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Vern\AppData\Roaming\mozilla\Firefox\Profiles\xorm35n8.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2013/12/29 18:35:14 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Vern\AppData\Roaming\mozilla\Firefox\Profiles\xorm35n8.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
[2013/11/17 11:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/17 11:40:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: ArcadeParlor = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej\1.0.0_0\
CHR - Extension: Google Docs = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Cast = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\13.1210.0.6_0\
CHR - Extension: Google Search = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Hola Better Internet = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.2.258_0\
CHR - Extension: avast! Online Security = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: We-Care Reminder = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.38\
CHR - Extension: Earth = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac\1.6_0\
CHR - Extension: Google Play = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
CHR - Extension: Fireplace = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjnhkmdlhpjalapikmdocokkigmhimo\0.0.0.1_0\
CHR - Extension: No name found = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco\2.2.7_0\
CHR - Extension: Google Wallet = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Vern\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/30 19:14:20 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Cox Toolbar) - {23C17F9A-C4AF-4701-9657-D384E3EE8958} - C:\Program Files (x86)\coxtoolbartb\CoxToolbarDx.dll ()
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Cox Toolbar) - {23C17F9A-C4AF-4701-9657-D384E3EE8958} - C:\Program Files (x86)\coxtoolbartb\CoxToolbarDx.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-290018582-107595803-2753680044-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-290018582-107595803-2753680044-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Samsung Link] C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Copyright 2013 SAMSUNG)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 9.0\ReminderApp.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [8E134342D67168CDB6EDF95A3F758C3F2CEF6F34._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service File not found
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [Akamai NetSession Interface] C:\Users\Vern\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [Amazon Cloud Player] C:\Users\Vern\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [PCShowServer] C:\Users\Vern\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - HKU\S-1-5-21-290018582-107595803-2753680044-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Vern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{073BF507-962F-4901-B6B8-EC2EECDCA61A}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90B26BA0-59D5-4DED-963A-15A6695C9CEE}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE6B77B2-01E7-41B9-82E3-82F1E5A55FE8}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c3490e2-de87-11e2-81d1-d4bed9d4fdd9}\Shell - "" = AutoRun
O33 - MountPoints2\{4c3490e2-de87-11e2-81d1-d4bed9d4fdd9}\Shell\AutoRun\command - "" = H:\LGAutoRun.exe
O33 - MountPoints2\{7c15ca8b-5925-11e2-b1ca-d4bed9d4fdd9}\Shell - "" = AutoRun
O33 - MountPoints2\{7c15ca8b-5925-11e2-b1ca-d4bed9d4fdd9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
jfaulkner5
2013-12-31, 01:37
========== Files/Folders - Created Within 30 Days ==========

[2013/12/30 19:14:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/30 10:44:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vern\Desktop\OTL.exe
[2013/12/29 20:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/29 20:07:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/29 20:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/29 18:41:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/29 18:35:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\modules
[2013/12/29 18:35:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\images
[2013/12/29 18:35:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\html
[2013/12/29 18:35:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\css
[2013/12/29 18:35:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\js
[2013/12/29 18:35:14 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2013/12/29 18:35:01 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/12/29 18:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/12/29 18:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2013/12/29 18:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/12/29 18:34:44 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/12/29 18:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013/12/29 18:34:38 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\FileAssociationManager
[2013/12/29 18:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileAssociationManager
[2013/12/29 18:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/12/29 18:34:35 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Yahoo!
[2013/12/29 18:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/12/29 18:22:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/29 14:36:52 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\com.bby.cinemanowplayer
[2013/12/29 14:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CinemaNow Player
[2013/12/27 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
[2013/12/27 14:36:19 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Local\Amazon Cloud Player
[2013/12/26 15:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2013/12/17 15:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2013/12/13 10:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/11 03:02:56 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/11 03:02:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/11 03:02:56 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/11 03:02:55 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/11 03:01:44 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/11 03:01:44 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/11 03:01:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/11 03:01:43 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/11 03:01:43 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/11 03:01:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/11 03:01:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/11 03:01:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/11 03:01:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/11 03:01:42 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/11 03:01:42 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/11 03:01:42 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/11 03:01:42 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/11 03:01:41 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/11 03:01:41 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/11 03:01:38 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 01:26:36 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 01:26:36 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 01:26:35 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 01:26:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 01:26:35 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 01:26:30 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 01:26:30 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 01:26:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 01:26:30 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 01:26:30 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 01:26:30 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 01:26:30 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 01:26:30 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/10 12:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013/12/10 12:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013/12/10 12:30:26 | 000,000,000 | ---D | C] -- C:\Users\Vern\Samsung Link
[2013/12/10 12:28:24 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
[2013/12/10 12:28:19 | 000,000,000 | ---D | C] -- C:\Upload
[2013/12/10 12:28:00 | 000,000,000 | ---D | C] -- C:\Users\Vern\.swt
[2013/12/10 12:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2013/12/10 11:28:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/12/10 11:28:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/12/10 11:28:45 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Local\Samsung
[2013/12/10 11:28:43 | 000,000,000 | ---D | C] -- C:\Users\Vern\AppData\Roaming\Samsung
[2013/12/10 11:28:42 | 000,000,000 | ---D | C] -- C:\Users\Vern\Documents\samsung
[2013/12/10 11:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013/12/10 11:26:31 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2013/12/10 11:26:27 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2013/12/10 11:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/12/10 11:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung

========== Files - Modified Within 30 Days ==========

[2013/12/30 19:28:12 | 000,782,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/30 19:28:12 | 000,663,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/30 19:28:12 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/30 19:26:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/30 19:21:51 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2013/12/30 19:21:26 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/30 19:20:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/30 19:20:29 | 2044,899,327 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/30 19:14:20 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/12/30 19:01:20 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-290018582-107595803-2753680044-1000UA.job
[2013/12/30 18:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/30 17:17:00 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\ArcadeParlor.job
[2013/12/30 10:44:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vern\Desktop\OTL.exe
[2013/12/30 01:01:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-290018582-107595803-2753680044-1000Core.job
[2013/12/29 20:30:33 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/29 20:30:33 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/29 20:07:18 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 18:40:42 | 000,001,164 | ---- | M] () -- C:\Users\Vern\Desktop\AdwCleaner - Shortcut.lnk
[2013/12/29 17:11:46 | 000,000,512 | ---- | M] () -- C:\Users\Vern\Desktop\MBR.dat
[2013/12/29 17:03:56 | 000,003,023 | ---- | M] () -- C:\Users\Vern\Desktop\attach.zip
[2013/12/29 14:36:51 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\CinemaNow Player.lnk
[2013/12/27 14:36:26 | 000,001,210 | ---- | M] () -- C:\Users\Vern\Desktop\Amazon Cloud Player.lnk
[2013/12/23 11:17:51 | 000,002,324 | -H-- | M] () -- C:\Users\Vern\Documents\Default.rdp
[2013/12/23 11:10:09 | 000,226,036 | ---- | M] () -- C:\Users\Vern\Documents\Merry Christmas 2013.pdf
[2013/12/23 09:14:50 | 000,005,660 | ---- | M] () -- C:\Users\Vern\Documents\Christmas Card 2013.pdf
[2013/12/21 20:53:38 | 000,002,358 | ---- | M] () -- C:\Users\Vern\Desktop\Chrome App Launcher.lnk
[2013/12/17 15:49:05 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/12/14 07:08:52 | 003,536,690 | ---- | M] () -- C:\Users\Public\Documents\Jordan Graduation 12-14-13.fgc
[2013/12/11 03:20:15 | 000,488,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/10 15:20:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 15:20:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/10 15:08:20 | 000,007,605 | ---- | M] () -- C:\Users\Vern\AppData\Local\Resmon.ResmonCfg
[2013/12/10 11:28:41 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013/12/10 11:26:35 | 000,002,028 | ---- | M] () -- C:\Users\Vern\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013/12/10 11:26:35 | 000,002,018 | ---- | M] () -- C:\Users\Vern\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013/12/07 11:03:26 | 006,040,022 | ---- | M] () -- C:\Users\Public\Documents\Victorias 18th birthday..fgc
[2013/12/04 19:02:28 | 000,002,368 | ---- | M] () -- C:\Users\Vern\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/04 19:02:28 | 000,002,366 | ---- | M] () -- C:\Users\Vern\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/12/29 20:07:18 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 18:40:42 | 000,001,164 | ---- | C] () -- C:\Users\Vern\Desktop\AdwCleaner - Shortcut.lnk
[2013/12/29 18:35:13 | 000,000,268 | ---- | C] () -- C:\Windows\tasks\ArcadeParlor.job
[2013/12/29 17:11:46 | 000,000,512 | ---- | C] () -- C:\Users\Vern\Desktop\MBR.dat
[2013/12/29 17:03:56 | 000,003,023 | ---- | C] () -- C:\Users\Vern\Desktop\attach.zip
[2013/12/29 14:36:51 | 000,000,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CinemaNow Player.lnk
[2013/12/29 14:36:51 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\CinemaNow Player.lnk
[2013/12/27 14:36:26 | 000,001,210 | ---- | C] () -- C:\Users\Vern\Desktop\Amazon Cloud Player.lnk
[2013/12/23 11:10:09 | 000,226,036 | ---- | C] () -- C:\Users\Vern\Documents\Merry Christmas 2013.pdf
[2013/12/23 09:14:50 | 000,005,660 | ---- | C] () -- C:\Users\Vern\Documents\Christmas Card 2013.pdf
[2013/12/21 20:53:37 | 000,002,358 | ---- | C] () -- C:\Users\Vern\Desktop\Chrome App Launcher.lnk
[2013/12/14 07:08:51 | 003,536,690 | ---- | C] () -- C:\Users\Public\Documents\Jordan Graduation 12-14-13.fgc
[2013/12/10 11:28:41 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/12/10 11:28:41 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013/12/10 11:26:35 | 000,002,028 | ---- | C] () -- C:\Users\Vern\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013/12/10 11:26:35 | 000,002,018 | ---- | C] () -- C:\Users\Vern\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013/12/09 10:54:53 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2013/12/07 11:03:26 | 006,040,022 | ---- | C] () -- C:\Users\Public\Documents\Victorias 18th birthday..fgc
[2013/11/09 20:35:16 | 000,000,034 | ---- | C] () -- C:\Windows\AvastEmUpdate.ini
[2013/10/30 12:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/10/28 16:41:24 | 000,000,258 | ---- | C] () -- C:\Windows\wininit.ini
[2013/10/25 17:14:23 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/10/01 09:46:40 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll
[2013/10/01 09:11:08 | 000,706,560 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll
[2013/07/23 19:18:54 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll
[2013/07/23 19:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
[2013/07/23 19:18:42 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll
[2013/07/23 19:18:40 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
[2013/07/23 19:18:38 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
[2013/07/23 19:18:38 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll
[2013/03/05 18:57:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013/03/05 18:57:58 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013/02/15 16:04:02 | 000,007,605 | ---- | C] () -- C:\Users\Vern\AppData\Local\Resmon.ResmonCfg
[2012/12/22 16:57:31 | 001,180,400 | ---- | C] () -- C:\Users\Vern\DellDigitalDelivery.Release.2.1.1000.0_ZPE.exe
[2012/12/22 16:57:10 | 043,269,904 | ---- | C] () -- C:\Users\Vern\Audio_Conexant_W74_A00_Setup-772CK_ZPE.exe
[2012/12/22 16:56:47 | 052,100,400 | ---- | C] () -- C:\Users\Vern\iMEI_Intel_W74_A00_Setup-P92RM_ZPE.exe
[2012/12/22 16:56:44 | 003,118,912 | ---- | C] () -- C:\Users\Vern\Chipset_Intel_WIN_A00_Setup-WTN9T_ZPE.exe
[2012/12/22 16:56:38 | 012,533,256 | ---- | C] () -- C:\Users\Vern\USB3_Intel_W7_A01_Setup-1H1P1_ZPE.exe
[2012/12/22 16:56:35 | 005,997,032 | ---- | C] () -- C:\Users\Vern\LOM_RealTek_W7_A00_Setup-K0X2P_ZPE.exe
[2012/12/22 16:56:19 | 033,924,240 | ---- | C] () -- C:\Users\Vern\DW1506_W7_A01_Setup-V5DYK_ZPE.exe
[2012/12/22 16:56:13 | 012,418,584 | ---- | C] () -- C:\Users\Vern\AHCI_Intel_W7_A01_Setup-GVVJD_ZPE.exe
[2012/12/22 16:55:00 | 158,923,064 | ---- | C] () -- C:\Users\Vern\Video_Intel_W74_A01_Setup-JYNR7_ZPE.exe
[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/07/28 10:34:53 | 000,003,584 | ---- | C] () -- C:\Users\Vern\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/21 00:23:48 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/07/21 00:23:45 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/07/21 00:23:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/29 20:41:13 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\AVAST Software
[2013/02/15 18:25:49 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\Blio
[2013/12/29 14:36:54 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\com.bby.cinemanowplayer
[2013/12/29 18:34:38 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\FileAssociationManager
[2012/07/27 15:18:07 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\Fingertapps
[2012/07/29 08:56:30 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\PCDr
[2013/12/17 15:46:39 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\Samsung
[2012/07/27 20:12:04 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\SoftGrid Client
[2013/01/05 22:52:50 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\TeamViewer
[2012/07/27 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\TP
[2013/08/24 16:28:48 | 000,000,000 | ---D | M] -- C:\Users\Vern\AppData\Roaming\ZinioReader4

========== Purity Check ==========



< End of report >
ken545
2013-12-31, 02:06
Looking good, how is your system behaving now ?
jfaulkner5
2013-12-31, 02:20
My system seems to run quicker and smoother, you have really helped me out and I truly appreciate it!
ken545
2013-12-31, 02:41
Thats nice to hear, glad we could help :)

We need to update your Java to keep you more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 45, if not proceed with the instructions.

Go to the update Tab and update it
Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )

Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.


You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)





Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken
jfaulkner5
2013-12-31, 14:06
Have a Happy New Year!
ken545
2013-12-31, 16:59
Your very welcome

Happy New Year to you and your family also

Take Care,

Ken :)
ken545
2014-01-03, 01:22
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.