Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware all over screen


  • This topic is locked This topic is locked

#1
desperate96

desperate96

    New Member

  • Member
  • Pip
  • 8 posts
I am having issues with adware popping up on multiple hyperlinks and all over my screen. Also a Yahoo Search box keeps popping up telling me I have updated my search engine and if I want to keep the changes.




Here are my reports...




OTL logfile created on: 3/16/2014 7:17:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joshua\AppData\Local\Microsoft\Windows\INetCache\IE\6HO6F7H6
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.37 Gb Available Physical Memory | 79.62% Memory free
9.25 Gb Paging File | 7.22 Gb Available in Paging File | 78.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383.86 Gb Total Space | 1252.01 Gb Free Space | 90.47% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 1.58 Gb Free Space | 11.90% Space Free | Partition Type: NTFS

Computer Name: JOSHUA-HP | User Name: Joshua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/16 19:17:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua\AppData\Local\Microsoft\Windows\INetCache\IE\6HO6F7H6\OTL.exe
PRC - [2014/03/12 21:04:24 | 000,958,536 | ---- | M] (InstallX, LLC) -- C:\Users\Joshua\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe
PRC - [2014/01/21 12:14:36 | 001,816,672 | ---- | M] (We-Care.com) -- C:\ProgramData\WeCareReminder\ReminderHelper.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/06 13:55:46 | 000,845,168 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/11/06 13:55:40 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/11/06 13:55:38 | 001,564,528 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/10/27 12:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/23 06:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/12 21:00:43 | 000,188,328 | ---- | M] () -- C:\Users\Joshua\AppData\Local\ArcadeParlor\Arcadeparlor.dll
MOD - [2014/02/18 10:17:48 | 000,086,800 | ---- | M] () -- C:\Program Files (x86)\SavingsBull\IEOptimizer.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/27 15:45:12 | 000,710,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe -- (Level Quality Watcher)
SRV:64bit: - [2013/11/27 10:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/27 04:17:40 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/11/22 23:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/11/07 22:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/10/30 19:29:53 | 000,348,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/10/30 19:29:53 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/10/21 20:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/10/04 03:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/09/21 00:38:15 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/09/21 00:34:45 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/08/31 05:00:10 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/08/22 14:11:18 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2013/08/22 14:11:17 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 05:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 04:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 04:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 04:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2014/03/03 10:15:57 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/27 12:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/23 06:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/08/31 04:25:30 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012/07/25 21:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 21:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/21 16:52:12 | 000,108,336 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NEOFLTR_740_28091.SYS -- (NEOFLTR_740_28091)
DRV:64bit: - [2013/11/10 21:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/09 06:55:11 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/11/01 06:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/30 19:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/30 19:29:36 | 000,236,888 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/30 19:29:36 | 000,124,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/10/30 19:28:47 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/27 12:12:42 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/10/25 20:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/12 21:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 10:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/27 05:53:50 | 000,034,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LcUvcUpper.sys -- (LcUvcUpper)
DRV:64bit: - [2013/09/21 07:10:51 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/09/17 04:18:30 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/14 09:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/08/22 14:11:19 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2013/08/22 14:11:18 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/22 14:11:12 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2013/08/22 14:11:12 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2013/08/22 14:11:12 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2013/08/22 14:11:12 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2013/08/22 14:11:12 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 07:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 07:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 06:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/20 23:31:40 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 23:31:40 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/25 14:05:37 | 002,607,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/06/18 09:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2010/08/13 08:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 08:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV - [2012/07/13 19:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD AF 1A 60 5F 3E CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{92E51875-EE85-48DB-88F6-D6527C734116}: "URL" = http://search.yahoo....11,20028,0,31,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20140311,20030,0,31,0"
FF - prefs.js..keyword.URL: "http://search.yahoo....1,20030,0,31,0"
FF - prefs.js..browser.startup.homepage: "http://us.yhs4.searc...1,20031,0,31,0"


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/03/12 21:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua\AppData\Roaming\mozilla\Extensions
[2014/03/13 20:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions
[2014/03/12 21:03:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/03/12 21:00:43 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
[2014/03/13 20:22:55 | 000,000,000 | ---D | M] (SavingsBull) -- C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\SavingsBull@jetpack
[2014/03/12 21:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\staged
[2014/03/03 10:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/03 10:15:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEOptimizer) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SavingsBull\IEOptimizer.dll ()
O2 - BHO: (ArcadeParlor Games) - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\Joshua\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [InstallX Search Protect for Yahoo] C:\Users\Joshua\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe (InstallX, LLC)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/...tupClient64.cab (JuniperSetupClientControl64 Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E39B0B6-B0CB-4919-B915-23AFBFF19691}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91DA47A5-FFDA-4CF2-BBE0-34F34016405A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fbb30ed8-5523-11e3-824b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fbb30ed8-5523-11e3-824b-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\autorun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/16 19:02:55 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Malwarebytes
[2014/03/16 19:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/13 20:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SavingsBull
[2014/03/13 20:22:42 | 000,000,000 | ---D | C] -- C:\temp
[2014/03/13 16:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\SavingsBull
[2014/03/12 21:04:08 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\InstallX Search Protect for Yahoo
[2014/03/12 21:04:05 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/03/12 21:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2014/03/12 21:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2014/03/12 21:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2014/03/12 21:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/03/12 21:03:21 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Yahoo!
[2014/03/12 21:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2014/03/12 21:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2014/03/12 21:00:44 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2014/03/12 21:00:40 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\ArcadeParlor
[2014/03/09 12:06:43 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\NVIDIA
[2014/03/09 11:58:37 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\.minecraft
[2014/03/03 10:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/03 09:47:28 | 000,108,336 | ---- | C] (Juniper Networks) -- C:\WINDOWS\SysNative\drivers\NEOFLTR_740_28091.SYS
[2014/03/03 09:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2014/03/03 09:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/03 09:42:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/03/03 09:37:02 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\Juniper Networks
[2014/03/03 09:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java

========== Files - Modified Within 30 Days ==========

[2014/03/16 18:59:34 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ArcadeParlor.job
[2014/03/16 18:46:22 | 000,955,428 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/03/16 18:46:22 | 000,795,720 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/03/16 18:46:22 | 000,159,922 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/03/16 18:21:31 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/16 10:21:14 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/03/16 10:21:12 | 2576,375,807 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/12 17:46:26 | 000,486,176 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/03/03 17:55:28 | 000,002,276 | -H-- | M] () -- C:\Users\Joshua\Documents\Default.rdp
[2014/03/03 09:47:24 | 000,000,018 | ---- | M] () -- C:\pending.un

========== Files Created - No Company Name ==========

[2014/03/12 21:00:40 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ArcadeParlor.job
[2014/03/11 16:22:57 | 000,386,722 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/03/03 09:43:42 | 000,138,240 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2014/03/03 09:43:42 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/03/03 09:43:15 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-results.searchconnector-ms
[2014/03/03 09:43:15 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-results.searchconnector-ms
[2013/10/30 15:07:00 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013/10/30 15:06:54 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll
[2013/10/30 15:06:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll
[2013/10/30 15:06:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll
[2013/10/30 15:06:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/04/24 21:29:07 | 000,000,000 | ---- | C] () -- C:\Users\Joshua\defogger_reenable
[2011/12/05 20:04:08 | 000,002,049 | ---- | C] () -- C:\Users\Joshua\The Sith Lords.lnk
[2011/11/29 20:45:51 | 000,001,984 | ---- | C] () -- C:\Users\Joshua\Star Wars Knights of the Old Republic.lnk
[2011/11/29 14:11:09 | 000,000,919 | ---- | C] () -- C:\Users\Joshua\Ventrilo.lnk

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/23 06:49:06 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/23 03:19:35 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/03/16 17:10:43 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\.minecraft
[2013/11/26 08:15:58 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\com.vudu.air.Downloader
[2013/11/24 16:41:18 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\e-academy Inc
[2014/03/12 21:04:33 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\InstallX Search Protect for Yahoo
[2013/12/19 07:24:59 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\JetBrains
[2013/12/13 00:23:49 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Juniper Networks
[2013/11/25 08:34:04 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\LockLizard
[2013/12/19 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\NuGet
[2013/11/26 09:10:15 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Samsung

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Joshua\SkyDrive:ms-properties

< End of report >


OTL Extras logfile created on: 3/16/2014 7:17:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joshua\AppData\Local\Microsoft\Windows\INetCache\IE\6HO6F7H6
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.37 Gb Available Physical Memory | 79.62% Memory free
9.25 Gb Paging File | 7.22 Gb Available in Paging File | 78.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383.86 Gb Total Space | 1252.01 Gb Free Space | 90.47% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 1.58 Gb Free Space | 11.90% Space Free | Partition Type: NTFS

Computer Name: JOSHUA-HP | User Name: Joshua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1199E43C-10E5-4BE7-AA01-4C1F77F13090}" = lport=137 | protocol=17 | dir=in | app=system |
"{2E308B75-607D-4A1A-A8C4-6DC9276E508D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31ACBA66-080F-41D9-8D2B-BF59479424AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44BED119-8D57-4D75-8454-5D029FE25226}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47425027-F677-4760-8E81-3F85BECEF105}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4771AF42-D22A-4BEE-85B2-032E1C5D5981}" = lport=138 | protocol=17 | dir=in | app=system |
"{4A5F9A67-227D-456C-A117-DB70E19D87EC}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{4B9C219E-77F3-4D93-BC94-074396F02335}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B259C21-4AE0-40A3-929D-E45E55221643}" = lport=10243 | protocol=6 | dir=in | app=system |
"{630508AB-3C75-4759-8A7C-50AAFD9B2BCC}" = lport=139 | protocol=6 | dir=in | app=system |
"{850459EF-EE2B-4F47-B22C-FC4ED2E2C350}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B801E9D-249A-4206-8424-D19009B86DCC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CE3365E-B35F-4787-99BB-EB4E0BC66278}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E7A68CE-2583-4E7F-BC60-2F86570C0863}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9C22740E-0D05-4FF9-9BF2-E3D934F4C893}" = rport=139 | protocol=6 | dir=out | app=system |
"{A53F36F2-1E39-426C-BD50-1D89B43F8525}" = rport=138 | protocol=17 | dir=out | app=system |
"{A7C69EA8-019B-45F8-A75B-331EADF26CD1}" = rport=137 | protocol=17 | dir=out | app=system |
"{D98E1772-1ADC-443A-9348-74ED0F6662BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB190114-87D5-464D-918A-3DB70F031AA3}" = rport=445 | protocol=6 | dir=out | app=system |
"{EF113F22-0688-4FAE-8991-F7BA46434C27}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC01FB36-6298-498E-A47E-40884C9230D4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC226BBD-2B1B-4C5B-8358-F5EA7DDDAA91}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0479FF1B-F353-4FAA-B3CE-132F9CF7A72F}" = dir=out | name=skype |
"{058349CC-3068-4867-BB0E-6A4F2E062737}" = dir=out | name=minion rush |
"{072A72C0-1781-4304-8751-AE7CC25FDCD9}" = dir=out | name=dragon's blade |
"{09264DB4-ED63-4EC6-A76C-0F1E2803326B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{09765165-719A-4F32-AD40-8801E765E211}" = dir=out | name=the espn app |
"{0E611C4D-066A-44FC-9F11-CF3622B2C1D4}" = dir=out | name=despicable me: minion rush |
"{150C951B-26FA-4349-8BC5-D41ABE60F6A8}" = dir=out | name=@{microsoft.zunevideo_2.2.767.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{1D0F9BCE-FD68-47FA-8B03-8818088EA98B}" = dir=out | name=3d car race |
"{1EF9AA32-1153-4C54-951F-1E1D05870645}" = dir=out | name=google search |
"{23AEBE7D-2ED5-431A-88DB-7C5522995D53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{253F3514-AC43-428B-B41D-E091BDB0E88F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2874DB82-6543-4031-85B2-D76533A9FA6F}" = dir=out | name=project spark |
"{2D69D4F4-F9B0-45A6-B908-EC8DE3DD2ACE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2F25117E-9246-4A2D-B1B3-05440A12B38B}" = dir=in | name=despicable me: minion rush |
"{3DEC655E-CB68-4484-9BD4-E0053EC10B48}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{3E4DF899-FD6B-4F51-9A6E-8A05CAC262E7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4116F824-5003-4CCB-964A-2E157DFBB479}" = dir=out | name=pinball fx2 |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{48C1055A-6D76-4D16-BB08-00B30B9F2F1A}" = dir=out | name=soulcraft |
"{514C3688-4CAB-41BA-8217-D09612800954}" = dir=out | name=@{microsoft.bingfinance_3.0.2.234_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{5335C1FE-477F-43DD-81E2-294C9E80AE2C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{56160830-7452-498A-9D73-E54BEF923803}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{5B9C2771-770A-43DE-BAFB-6C41ED316B32}" = dir=out | name=facebook |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{5FE182BC-6770-464F-A02B-FF1F54A6BEAD}" = dir=out | name=the weather channel |
"{62FD637F-00F7-4C94-9D78-2A8B9AFDE287}" = dir=out | name=7 minute workout |
"{6800E97C-EC41-45E8-8547-1CB091E5152C}" = dir=in | name=pinball fx2 |
"{68639D58-E3AD-4DB6-8E8D-986EB37A0351}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C63B061-A84A-46F0-AA81-C36252E94BB4}" = dir=in | name=skype |
"{6D3C5CF9-B912-4C02-AE2C-8C8AF7DC8555}" = protocol=6 | dir=out | app=system |
"{73092530-F2C6-4E88-8F52-3BB80D22E710}" = dir=out | name=call of duty ghosts |
"{77F8099E-79AE-4718-BDCE-44DEB9BD7E2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7B1E13C1-CD29-4FF0-A6E7-D4ECF0CE5414}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{7B5C2AEC-4FC4-49FD-A0D7-17175C1D5FB0}" = protocol=1 | dir=out | [email protected],-28544 |
"{7E3A2956-0CB2-47C3-98D6-7BD151E7912C}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{81470CBF-7992-4372-BB5D-F3B7E6CFBE08}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{833D1D0C-E980-4FF3-822D-7F16D6A34642}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{8579CD63-28A2-41E3-8B33-6915D617DC5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85D3D907-56E3-4F93-87BC-E4A58E1055B3}" = dir=in | name=microsoft solitaire collection |
"{866C9AA9-13ED-4E12-842C-22D0D2C5467C}" = dir=out | name=green bay packers football |
"{8D0D6AE3-40A1-4C60-BAEE-E9581ED22FAB}" = dir=out | name=call of duty ghosts wallpaper (lockscreen) |
"{8D4BF631-45D1-4CFC-9A5E-A18EFB8FDC7D}" = dir=out | name=@{microsoft.bingdictionary_3.0.0.8_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingdictionary/resources/appdisplaynameinstore} |
"{9185DF80-B96D-4E48-A423-D1AF548AA92C}" = protocol=58 | dir=out | [email protected],-28546 |
"{94DC3DC3-A420-415E-A022-20E4DB1195E6}" = dir=out | name=pandora win 8 |
"{9B9155DF-63A5-444C-9876-95F85E34F3D6}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.236_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{9D886111-8FFB-44CE-8132-BB607B345095}" = dir=out | name=complete c programs |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A425882E-7FD6-48C4-85CA-52CB6349F6AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB162289-6320-46E4-A2B6-15F66CD400D2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC4E968D-3F29-498A-9958-32B252CB8FEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF33D4C0-C788-4003-AC5A-08AF72A30950}" = dir=out | name=netflix |
"{B0B9E24C-8D3B-42F3-B15B-7D698F653DC5}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B0F66E22-C373-48F8-A251-BABF2C02312D}" = dir=out | name=microsoft mahjong |
"{BE65488C-6466-4A7F-8C2D-8C87E8402AA6}" = dir=in | name=project spark |
"{BF57ED23-6DBF-4BF2-A45D-129FED7D8CCD}" = dir=in | name=taptiles |
"{C3B16F75-459C-44CF-ABDB-21DC420CAB41}" = dir=in | name=microsoft mahjong |
"{C5672372-2087-4E6B-BFE3-2F82A21B47BF}" = dir=out | name=fox news |
"{C6C78C4A-BBE9-439B-89EC-3D921E28F5BB}" = dir=out | name=c programming tutorial |
"{C7E1C8A9-FB30-4D1C-9896-633EDECB4229}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8B6B9EB-D222-4BBB-A5CF-FA2C9D9503D7}" = dir=in | name=the espn app |
"{D5334F77-A114-4302-AA2C-68F96333A6A8}" = dir=out | name=@{microsoft.zunemusic_2.2.767.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D8C5C33E-F14E-4A57-A3A9-29B9A843CF41}" = dir=out | name=@{microsoft.bingtravel_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DBC4CD8A-77BD-4F6F-9022-AD77245D84F2}" = dir=in | name=nfl mobile |
"{E2048CF7-45E8-4EDE-8B02-4565ACE4858B}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E311007D-6EBF-4FFA-8586-44D282F35488}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E6C47894-B192-4D05-B03B-2B645BF11602}" = protocol=1 | dir=in | [email protected],-28543 |
"{E9088FD3-CA76-441D-A61E-4E0D714C699E}" = dir=out | name=@{microsoft.bingnews_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EF692792-C566-4BDE-BC84-3852946816C8}" = dir=out | name=uno & friends |
"{EF9CA083-5C11-4B57-8DDE-4BA511141F8C}" = dir=out | name=microsoft solitaire collection |
"{F23A750D-22DD-44AC-9093-EE9747C6162D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F6532E67-87B1-44CE-9771-4905202FFE55}" = protocol=58 | dir=in | [email protected],-28545 |
"{F6E00BE2-58CD-47D5-9491-F0F72E301F80}" = dir=out | name=taptiles |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F993A2C0-FDD8-4AC7-98EB-2E7C37989B9E}" = dir=out | name=@{microsoft.bingsports_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{FC5F6687-078F-4899-9720-8640ED93D729}" = dir=out | name=@{microsoft.bingweather_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{FD006B06-1096-4FA0-B3AC-C75BE185EBE3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE505F59-74AD-4057-B06E-75479193F8BF}" = dir=out | name=nfl mobile |
"{FE5370B9-5961-4E35-9AA0-B7BF7D600E03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{29CB0841-82C4-458F-9B33-5BF20B12FBA6}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{B03CA1AA-2947-49DC-B653-687792F43098}C:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe |
"UDP Query User{316F9C65-6C75-4845-848A-36BB548E1E47}C:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe |
"UDP Query User{B4AA5523-AACD-4D00-B4F4-A1C6D591E0BA}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack
"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{68A48EF1-DF03-394F-AF40-1E4FE42BB8DD}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013
"{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.15.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client 64-bit Activex Control
"Level Quality Watcher" = SavingsBull
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{0A1A1D48-DB23-443A-BC7B-49255D138020}" = Entity Framework Designer for Visual Studio 2012 - enu
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
"{16DD6E8B-E10B-4B6D-BC2D-B2BF631094F2}" = Microsoft Visual Studio 2012 Preparation
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20fc1ec7-3058-48d4-80f8-e1cfd52391c7}" = Microsoft Visual Studio Professional 2012
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{26B4D0E1-6F6D-48DF-8719-80276A259F7E}" = CWA Reminder by We-Care.com v4.1.26.3
"{29F259D7-C517-3EED-84B4-237573CFD39C}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{43A98407-46AE-AD13-427B-2D782DD27ABC}" = VUDU To Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{532DBCC8-9468-435C-AEF6-30B7F50735A2}" = Blend for Visual Studio 2012 ENU resources
"{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{62DB820D-3F2D-4037-BA6A-6AFB0771EC8F}" = JetBrains ReSharper 8.0.2
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{6742BE3D-1A59-3BFD-BA20-2FDA866099B8}" = Microsoft Visual Studio 2010 Premium - ENU
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}" = SavingsBull
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{89B4532E-19CE-4FA9-9692-10BFD5A38532}" = Visual Studio Extensions for Windows Library for JavaScript
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DDDFCDBE-4F28-468F-A2AB-EAC7EC6818EF}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{91150000-0015-0000-0000-0000000FF1CE}" = Microsoft Access 2013
"{91150000-00A1-0000-0000-0000000FF1CE}" = Microsoft OneNote 2013
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{A4366F69-CE22-4DB7-9C8C-46A5845AF997}" = Microsoft Visual C++ 2012 Compilers - ENU Resources
"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries
"{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources
"{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012
"{B9F35D86-242E-3FA4-B9F8-A982E0DF918D}" = Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
"{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
"{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{E86B07AE-9F94-44D5-AD47-DC2716EA90D2}" = Secure Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00)
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"7-Zip 9.20" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"com.vudu.air.Downloader" = VUDU To Go
"InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Lizard Safeguard - PDF Viewer_is1" = Lizard Safeguard - PDF Viewer 2.6.34
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Visual Studio 2010 Premium - ENU" = Microsoft Visual Studio 2010 Premium - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office15.AccessR" = Microsoft Access 2013
"Office15.ONENOTER" = Microsoft OneNote 2013
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B74443DB-5A88-4583-860A-F0D06EF399E3}" = ArcadeParlor
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2014 12:28:12 PM | Computer Name = Joshua-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\microsoft
visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/9/2014 2:50:01 PM | Computer Name = Joshua-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\microsoft
visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/9/2014 2:51:09 PM | Computer Name = Joshua-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\microsoft
visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/12/2014 10:46:11 AM | Computer Name = Joshua-HP | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied.
.

Error - 3/12/2014 10:56:38 AM | Computer Name = Joshua-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\microsoft
visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/13/2014 9:22:57 PM | Computer Name = Joshua-HP | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.9600.16384, time
stamp: 0x52158c02 Faulting module name: ntdll.dll, version: 6.3.9600.16408, time
stamp: 0x523d45fa Exception code: 0xc0000005 Fault offset: 0x0009e7b5 Faulting process
id: 0xda4 Faulting application start time: 0x01cf3f23ed2cbf93 Faulting application
path: c:\Windows\syswow64\MsiExec.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report
Id: 2c3511dd-ab17-11e3-827a-643150451910 Faulting package full name: Faulting package-relative
application ID:

Error - 3/15/2014 6:43:53 PM | Computer Name = Joshua-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\microsoft
visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/15/2014 6:46:47 PM | Computer Name = Joshua-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\microsoft
visual studio 10.0\Common7\IDE\remote debugger\ia64\msvsmon.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/16/2014 8:03:17 PM | Computer Name = Joshua-HP | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.75.0.1, time stamp:
0x511f8eb2 Faulting module name: OLEAUT32.dll, version: 6.3.9600.16451, time stamp:
0x5270628e Exception code: 0xc0000005 Fault offset: 0x00015e39 Faulting process id:
0x1934 Faulting application start time: 0x01cf41743ee444b2 Faulting application path:
C:\Users\Joshua\Desktop\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
C:\WINDOWS\SYSTEM32\OLEAUT32.dll Report Id: 8a70baae-ad67-11e3-827b-643150451910
Faulting
package full name: Faulting package-relative application ID:

Error - 3/16/2014 8:03:31 PM | Computer Name = Joshua-HP | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.75.0.1, time stamp:
0x511f8eb2 Faulting module name: OLEAUT32.dll, version: 6.3.9600.16451, time stamp:
0x5270628e Exception code: 0xc0000005 Fault offset: 0x00015e39 Faulting process id:
0x123c Faulting application start time: 0x01cf417452aa4af7 Faulting application path:
C:\Users\Joshua\Desktop\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
C:\WINDOWS\SYSTEM32\OLEAUT32.dll Report Id: 92e41b99-ad67-11e3-827b-643150451910
Faulting
package full name: Faulting package-relative application ID:

[ System Events ]
Error - 3/16/2014 4:35:00 PM | Computer Name = Joshua-HP | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 3/16/2014 4:35:34 PM | Computer Name = Joshua-HP | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 3/16/2014 4:35:34 PM | Computer Name = Joshua-HP | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 3/16/2014 4:35:34 PM | Computer Name = Joshua-HP | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR4.

Error - 3/16/2014 6:09:50 PM | Computer Name = Joshua-HP | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 3/16/2014 6:09:50 PM | Computer Name = Joshua-HP | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 3/16/2014 6:09:50 PM | Computer Name = Joshua-HP | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR4.

Error - 3/16/2014 7:21:30 PM | Computer Name = Joshua-HP | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 3/16/2014 7:21:30 PM | Computer Name = Joshua-HP | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR4.

Error - 3/16/2014 7:21:30 PM | Computer Name = Joshua-HP | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.


< End of report >
  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hi! My name is zep516 and Welcome to Geekstogo
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Lets remove all of those programs listed below:
==> Click > Start > Control Panel > Programs & Features.

  • SavingsBull
  • CWA Reminder by We-Care.com v4.1.26.3
  • ArcadeParlor

Next

We need to do a fix to delete some files using OTL

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

:COMMANDS
[CREATERESTOREPOINT]

:OTL
SRV:64bit: - [2014/01/27 15:45:12 | 000,710,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe -- (Level Quality Watcher)
[2014/03/13 20:22:55 | 000,000,000 | ---D | M] (SavingsBull) -- C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\SavingsBull@jetpack
O2 - BHO: (IEOptimizer) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SavingsBull\IEOptimizer.dll ()
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (ArcadeParlor Games) - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\Joshua\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
O4 - HKCU..\Run: [InstallX Search Protect for Yahoo] C:\Users\Joshua\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe (InstallX, LLC)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
[2014/03/13 20:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SavingsBull
[2014/03/13 16:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\SavingsBull
[2014/03/12 21:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2014/03/12 21:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2014/03/12 21:00:43 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
[2014/03/12 21:00:44 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2014/03/12 21:00:40 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\ArcadeParlor
[2014/03/12 21:00:40 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ArcadeParlor.job
[2014/03/12 21:04:08 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\InstallX Search Protect for Yahoo
@Alternate Data Stream - 220 bytes -> C:\Users\Joshua\SkyDrive:ms-properties

:Files

ipconfig /flushdns /c
C:\Program Files\SavingsBull
C:\Program Files (x86)\SavingsBull

:Commands
[emptytemp]
[resethosts]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

Next

Posted Image Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Please post the following logs in your next reply:

  • OTL Fix log located here--> C:\_OTL\Moved Files
  • OTL.txt After quick scan.
  • JRT.txt
  • AdwCleaner[S0].txt

Tell me what's still popping up and how things are.

Thanks
Joe :)
  • 0

#3
desperate96

desperate96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Moved Files

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service Level Quality Watcher stopped successfully!
Service Level Quality Watcher deleted successfully!
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe moved successfully.
Folder C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\SavingsBull@jetpack\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}\ not found.
File C:\Program Files (x86)\SavingsBull\IEOptimizer.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
File C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39AD0726-986D-40F9-972B-E3BFA24B7745}\ not found.
C:\Users\Joshua\AppData\Local\ArcadeParlor\Arcadeparlor.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\InstallX Search Protect for Yahoo deleted successfully.
C:\Users\Joshua\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesAirMessage deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Folder C:\Program Files (x86)\SavingsBull\ not found.
C:\Program Files\SavingsBull folder moved successfully.
Folder C:\ProgramData\WeCareReminder\ not found.
C:\Program Files\Level Quality Watcher\v1.01 folder moved successfully.
C:\Program Files\Level Quality Watcher folder moved successfully.
C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin folder moved successfully.
C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content folder moved successfully.
C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome folder moved successfully.
C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} folder moved successfully.
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor folder moved successfully.
C:\Users\Joshua\AppData\Local\ArcadeParlor folder moved successfully.
File C:\WINDOWS\tasks\ArcadeParlor.job not found.
C:\Users\Joshua\AppData\Roaming\InstallX Search Protect for Yahoo folder moved successfully.
Unable to delete ADS C:\Users\Joshua\SkyDrive:ms-properties .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joshua\Downloads\cmd.bat deleted successfully.
C:\Users\Joshua\Downloads\cmd.txt deleted successfully.
File\Folder C:\Program Files\SavingsBull not found.
File\Folder C:\Program Files (x86)\SavingsBull not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Joshua
->Temp folder emptied: 341456107 bytes
->Temporary Internet Files folder emptied: 34588274 bytes
->Java cache emptied: 591970 bytes
->FireFox cache emptied: 28119757 bytes
->Flash cache emptied: 58072 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49064131 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 433.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03172014_211325

Files\Folders moved on Reboot...
C:\Users\Joshua\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



-----------------------------------------------------------------------------------------------

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service Level Quality Watcher stopped successfully!
Service Level Quality Watcher deleted successfully!
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe moved successfully.
Folder C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\SavingsBull@jetpack\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}\ not found.
File C:\Program Files (x86)\SavingsBull\IEOptimizer.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
File C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39AD0726-986D-40F9-972B-E3BFA24B7745}\ not found.
C:\Users\Joshua\AppData\Local\ArcadeParlor\Arcadeparlor.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\InstallX Search Protect for Yahoo deleted successfully.
C:\Users\Joshua\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesAirMessage deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Folder C:\Program Files (x86)\SavingsBull\ not found.
C:\Program Files\SavingsBull folder moved successfully.
Folder C:\ProgramData\WeCareReminder\ not found.
C:\Program Files\Level Quality Watcher\v1.01 folder moved successfully.
C:\Program Files\Level Quality Watcher folder moved successfully.
C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin folder moved successfully.
C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content folder moved successfully.
C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome folder moved successfully.
C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} folder moved successfully.
C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor folder moved successfully.
C:\Users\Joshua\AppData\Local\ArcadeParlor folder moved successfully.
File C:\WINDOWS\tasks\ArcadeParlor.job not found.
C:\Users\Joshua\AppData\Roaming\InstallX Search Protect for Yahoo folder moved successfully.
Unable to delete ADS C:\Users\Joshua\SkyDrive:ms-properties .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joshua\Downloads\cmd.bat deleted successfully.
C:\Users\Joshua\Downloads\cmd.txt deleted successfully.
File\Folder C:\Program Files\SavingsBull not found.
File\Folder C:\Program Files (x86)\SavingsBull not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Joshua
->Temp folder emptied: 341456107 bytes
->Temporary Internet Files folder emptied: 34588274 bytes
->Java cache emptied: 591970 bytes
->FireFox cache emptied: 28119757 bytes
->Flash cache emptied: 58072 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49064131 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 433.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03172014_211325

Files\Folders moved on Reboot...
C:\Users\Joshua\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
____________________________________________________________________________________________________


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 Pro x64
Ran by Joshua on Mon 03/17/2014 at 21:38:21.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/17/2014 at 21:41:41.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_____________________________________________________________________________________

# AdwCleaner v3.022 - Report created 17/03/2014 at 21:26:04
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Joshua - JOSHUA-HP
# Running from : C:\Users\Joshua\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files (x86)\myfree codec
Folder Deleted : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\opsq8kbu.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\opsq8kbu.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Bull
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : [x64] HKLM\SOFTWARE\Savings Bull

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Profiles\opsq8kbu.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4130 octets] - [17/03/2014 21:23:32]
AdwCleaner[S0].txt - [4029 octets] - [17/03/2014 21:26:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4089 octets] ##########





Nothing is popping up at the moment, but I did see a InstallX popup window before I ran the last two scans.
  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello,

Two things I need you to do.

I see you have Malwarebytes installed, please run a "quick scan" with Malwarebytes, open Malwarebytes:

Once the program has loaded, select "Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Next

After Malwarebytes has finished and you saved the log so you can post it to me:

Please open OTL again, this time do a Quick scan with OTL and post that log report. I'll look over the logs and see what is left.

In your next reply post:

  • Malwarebytes Quick scan log.
  • Fresh OTL Log

Thanks
Joe :)
  • 0

#5
desperate96

desperate96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I can not find the malwarebytes log.

OTL logfile created on: 3/17/2014 10:46:07 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joshua\Downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.36 Gb Available Physical Memory | 79.54% Memory free
9.25 Gb Paging File | 7.37 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383.86 Gb Total Space | 1251.83 Gb Free Space | 90.46% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 1.58 Gb Free Space | 11.90% Space Free | Partition Type: NTFS

Computer Name: JOSHUA-HP | User Name: Joshua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/06 13:55:46 | 000,845,168 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/11/06 13:55:40 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/11/06 13:55:38 | 001,564,528 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/10/27 12:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/23 06:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/04/24 19:52:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua\Downloads\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/27 10:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/27 04:17:40 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/11/22 23:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/11/07 22:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/10/30 19:29:53 | 000,348,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/10/30 19:29:53 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/10/21 20:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/10/04 03:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/09/21 00:38:15 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/09/21 00:34:45 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/08/31 05:00:10 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/08/22 14:11:18 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2013/08/22 14:11:17 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 05:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 04:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 04:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 04:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2014/03/03 10:15:57 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/27 12:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/23 06:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/08/31 04:25:30 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/25 21:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 21:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/21 16:52:12 | 000,108,336 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NEOFLTR_740_28091.SYS -- (NEOFLTR_740_28091)
DRV:64bit: - [2013/11/10 21:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/09 06:55:11 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/11/01 06:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/30 19:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/30 19:29:36 | 000,236,888 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/30 19:29:36 | 000,124,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/10/30 19:28:47 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/27 12:12:42 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/10/25 20:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/12 21:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 10:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/27 05:53:50 | 000,034,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LcUvcUpper.sys -- (LcUvcUpper)
DRV:64bit: - [2013/09/21 07:10:51 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/09/17 04:18:30 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/14 09:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/08/22 14:11:19 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2013/08/22 14:11:18 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/22 14:11:12 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2013/08/22 14:11:12 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2013/08/22 14:11:12 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2013/08/22 14:11:12 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2013/08/22 14:11:12 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 07:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 07:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 06:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/20 23:31:40 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 23:31:40 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/25 14:05:37 | 002,607,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/06/18 09:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/08/13 08:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 08:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV - [2012/07/13 19:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD AF 1A 60 5F 3E CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{92E51875-EE85-48DB-88F6-D6527C734116}: "URL" = http://search.yahoo....11,20028,0,31,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20140311,20030,0,31,0"
FF - prefs.js..keyword.URL: "http://search.yahoo....1,20030,0,31,0"
FF - prefs.js..browser.startup.homepage: "http://us.yhs4.searc...1,20031,0,31,0"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/03/12 21:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua\AppData\Roaming\mozilla\Extensions
[2014/03/17 21:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Profiles\opsq8kbu.default\extensions
[2014/03/03 10:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/03 10:15:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2014/03/17 21:13:52 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/...tupClient64.cab (JuniperSetupClientControl64 Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E39B0B6-B0CB-4919-B915-23AFBFF19691}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91DA47A5-FFDA-4CF2-BBE0-34F34016405A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fbb30ed8-5523-11e3-824b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fbb30ed8-5523-11e3-824b-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\autorun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/17 22:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/17 22:31:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014/03/17 22:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/17 22:31:12 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\Programs
[2014/03/17 22:31:03 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Joshua\Desktop\mbam-setup-1.75.0.1300.exe
[2014/03/17 21:38:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/03/17 21:38:00 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Joshua\Desktop\JRT.exe
[2014/03/17 21:22:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/17 21:13:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/17 20:46:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appmgmt
[2014/03/16 19:02:55 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Malwarebytes
[2014/03/16 19:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/13 20:22:42 | 000,000,000 | ---D | C] -- C:\temp
[2014/03/12 21:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2014/03/12 21:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/03/12 21:03:21 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Yahoo!
[2014/03/12 21:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2014/03/09 12:06:43 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\NVIDIA
[2014/03/09 11:58:37 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\.minecraft
[2014/03/03 10:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/03 09:47:28 | 000,108,336 | ---- | C] (Juniper Networks) -- C:\WINDOWS\SysNative\drivers\NEOFLTR_740_28091.SYS
[2014/03/03 09:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2014/03/03 09:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/03 09:42:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/03/03 09:37:02 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Local\Juniper Networks
[2014/03/03 09:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java

========== Files - Modified Within 30 Days ==========

[2014/03/17 22:44:48 | 000,955,428 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/03/17 22:44:48 | 000,795,720 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/03/17 22:44:48 | 000,159,922 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/03/17 22:42:20 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/17 22:40:16 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/03/17 22:40:14 | 2576,375,807 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/17 22:31:27 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/17 22:31:04 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Joshua\Desktop\mbam-setup-1.75.0.1300.exe
[2014/03/17 21:38:00 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Joshua\Desktop\JRT.exe
[2014/03/17 21:32:59 | 000,024,597 | ---- | M] () -- C:\Users\Joshua\Desktop\junkware-removal-tool.htm
[2014/03/17 21:21:42 | 001,950,720 | ---- | M] () -- C:\Users\Joshua\Desktop\adwcleaner.exe
[2014/03/17 21:13:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\Hosts
[2014/03/12 17:46:26 | 000,486,176 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/03/03 17:55:28 | 000,002,276 | -H-- | M] () -- C:\Users\Joshua\Documents\Default.rdp
[2014/03/03 09:47:24 | 000,000,018 | ---- | M] () -- C:\pending.un

========== Files Created - No Company Name ==========

[2014/03/17 22:31:27 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/17 21:32:59 | 000,024,597 | ---- | C] () -- C:\Users\Joshua\Desktop\junkware-removal-tool.htm
[2014/03/17 21:21:42 | 001,950,720 | ---- | C] () -- C:\Users\Joshua\Desktop\adwcleaner.exe
[2014/03/11 16:22:57 | 000,386,722 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/03/03 09:43:42 | 000,138,240 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2014/03/03 09:43:42 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/03/03 09:43:15 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-results.searchconnector-ms
[2014/03/03 09:43:15 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-results.searchconnector-ms
[2013/10/30 15:07:00 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013/10/30 15:06:54 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll
[2013/10/30 15:06:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll
[2013/10/30 15:06:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll
[2013/10/30 15:06:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/04/24 21:29:07 | 000,000,000 | ---- | C] () -- C:\Users\Joshua\defogger_reenable
[2011/12/05 20:04:08 | 000,002,049 | ---- | C] () -- C:\Users\Joshua\The Sith Lords.lnk
[2011/11/29 20:45:51 | 000,001,984 | ---- | C] () -- C:\Users\Joshua\Star Wars Knights of the Old Republic.lnk
[2011/11/29 14:11:09 | 000,000,919 | ---- | C] () -- C:\Users\Joshua\Ventrilo.lnk

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/23 06:49:06 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/23 03:19:35 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/03/16 22:44:24 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\.minecraft
[2013/11/26 08:15:58 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\com.vudu.air.Downloader
[2013/11/24 16:41:18 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\e-academy Inc
[2013/12/19 07:24:59 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\JetBrains
[2013/12/13 00:23:49 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Juniper Networks
[2013/11/25 08:34:04 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\LockLizard
[2013/12/19 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\NuGet
[2013/11/26 09:10:15 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Samsung

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Joshua\SkyDrive:ms-properties

< End of report >
  • 0

#6
desperate96

desperate96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes found 2 PUP files names 7-ZIP, that's all I can remember.
  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
You can find the Malwaerbytes log here--->C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

or

Just reopen Malwarebytes program and click on the Log tab at the top.

In the mean time let me review the new otl log.

Thanks
Joe :)
  • 0

#8
desperate96

desperate96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.18.01

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
Joshua :: JOSHUA-HP [administrator]

3/17/2014 10:32:15 PM
mbam-log-2014-03-17 (22-32-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245061
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Joshua\Downloads\7zip.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\Joshua\Downloads\7zip_14371_stn2.exe (PUP.Optional.SafeInstall.A) -> Quarantined and deleted successfully.

(end)
  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Things are looking good !

One more scan to double check things, this scan may take a bit a time to run.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the Posted Image icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: Posted Image
    (Selecting Uninstall application on close if you so wish)

How are things running now?

Thanks
Joe :)
  • 0

#10
desperate96

desperate96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
  • 0

#11
desperate96

desperate96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
C:\temp\t.msi Win32/AdWare.Adpeak.B application
C:\Users\Joshua\Downloads\driversforfree-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Joshua\Downloads\musicnotesSuite.exe Win32/OpenCandy potentially unsafe application
C:\Windows.old\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.22.5.510_0\TBHostSupport\TBHostSupport.dll a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\_OTL\MovedFiles\03172014_211325\C_Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe a variant of Win32/AdWare.Adpeak.D application
C:\_OTL\MovedFiles\03172014_211325\C_Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe a variant of Win64/Adware.Adpeak.C application
C:\_OTL\MovedFiles\03172014_211325\C_Users\Joshua\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe probably a variant of Win32/InstallIQ.A potentially unwanted application
C:\_OTL\MovedFiles\03172014_211325\C_Users\Joshua\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.zip probably a variant of Win32/InstallIQ.A potentially unwanted application
  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello desperate96,

We are almost done, we will delete some files and then clean up the tools we used...

Next

We need to do a fix to delete some files that ESET found. Using OTL.

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    
    :Files
    
    C:\temp\t.msi 
    
    C:\Users\Joshua\Downloads\driversforfree-setup.exe
    
    C:\Users\Joshua\Downloads\musicnotesSuite.exe
    
    C:\Windows.old\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.22.5.510_0\TBHostSupport\TBHostSupport.dll
    
    :Commands
    [emptytemp]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.

In your next reply post:

The OTL Fix log located here --> C:\_OTL\Moved Files

Thanks
Joe :)
  • 0

#13
desperate96

desperate96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\temp\t.msi moved successfully.
C:\Users\Joshua\Downloads\driversforfree-setup.exe moved successfully.
C:\Users\Joshua\Downloads\musicnotesSuite.exe moved successfully.
C:\Windows.old\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.22.5.510_0\TBHostSupport\TBHostSupport.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Joshua
->Temp folder emptied: 6280366 bytes
->Temporary Internet Files folder emptied: 23795604 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10768294 bytes
RecycleBin emptied: 793 bytes

Total Files Cleaned = 39.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03222014_103346

Files\Folders moved on Reboot...
File\Folder C:\Users\Joshua\AppData\Local\Temp\~DF126D90693D5A137F.TMP not found!
File\Folder C:\Users\Joshua\AppData\Local\Temp\~DF145FCB642E1BD8BB.TMP not found!
File\Folder C:\Users\Joshua\AppData\Local\Temp\~DF27483BF8C3CF3864.TMP not found!
File\Folder C:\Users\Joshua\AppData\Local\Temp\~DF49C6107DF62779EC.TMP not found!
File\Folder C:\Users\Joshua\AppData\Local\Temp\~DF8D6CCE05DD69C8C7.TMP not found!
C:\Users\Joshua\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello desperate96,

If no further issues remain lets clean up our tools.

Next

Since your log reports are clean and free of malware, lets clean up after ourselves.

OTL Clean-Up

Right click on the Posted Image icon on your desktop and choose Run as administrator to open the main window.

Next click on the Posted Image button.

Once clean up is complete you will be prompted to reboot your computer. Please do so.

This will remove most of the programs we have used including itself.

Next

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

Right click on the JRT Icon and select delete.
If there are any left over tools or logs on your computer please delete them now.

Next

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image

Last

I post this for everyone. There prevention steps


Turn On Automatic Updates:

To do that:

1. Click Start,click Run, type sysdm.cpl, and then press ENTER.

2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for "any" time of day. Remember, your computer must be on at the scheduled timefor updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are then downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that "you" can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

Antispyware programs:

I would recommend the download and installation of the following program and the updating of it regularly:

WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Please read this great article by miekiemoes How to prevent Malware
and this great article by Tony Klein So How Did I Get Infected In First Place

Thanks
Joe :)
  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP