Security Scan reports:

CharmPeddler

CharmPeddler

New Member
Just going through the suggested scans from the sticky thread. Here are my results.

# AdwCleaner v3.020 - Report created 06/03/2014 at 21:08:02
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : CharmPeddler - XPS-MEDIA
# Running from : C:\Users\CharmPeddler\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\driver-soft

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B878FD4-8F19-46DB-94B1-4CABFF80679C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BA495EF-6CD5-413A-8AEF-483631B98C4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C71E394-2E6F-452A-AB7D-C17E78307083}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E54FBC83-9028-45AC-A5B9-D5DA828E59C2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v19.0.2 (en-US)

[ File : C:\Users\CharmPeddler\AppData\Roaming\Mozilla\Firefox\Profiles\u75ink9z.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\CharmPeddler\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2304 octets] - [06/03/2014 20:59:11]
AdwCleaner[S0].txt - [2226 octets] - [06/03/2014 21:08:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2286 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by CharmPeddler on Thu 03/06/2014 at 23:40:37.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\driver genius



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Emptied folder: C:\Users\CharmPeddler\AppData\Roaming\mozilla\firefox\profiles\u75ink9z.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/07/2014 at 0:02:28.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please also post the OTL log (most important one) and MalwareBytes (if you ran it).
 
Yep, I'm doing them all. Just that the computer is in the babies room, and she was in there sleeping. so it takes a bit when i have to go in and out of the room.

Also, I know the stuff at the bottom of this list can cause issues for sure. But i'm hoping that these are all false positives. Am i correct in assuming that being on this list says "this COULD be an issue" and not necessarily "these are causing issues"?


Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
CharmPeddler :: XPS-MEDIA [administrator]

Protection: Enabled

3/7/2014 12:22:30 AM
MBAM-log-2014-03-07 (08-24-11).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 649901
Time elapsed: 2 hour(s), 1 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
E:\# Software #\CAD\AutoDesk AutoCAD 2012\AutoDesk AutoCAD (64) (2012)(M)\Pony-Patch\X-Force_2012_x32.exe (PUP.RiskwareTool.CK) -> No action taken.
E:\# Software #\CAD\AutoDesk AutoCAD 2012\AutoDesk AutoCAD (64) (2012)(M)\Pony-Patch\X-Force_2012_x64.exe (Trojan.Agent.ck) -> No action taken.
E:\# Software #\OS Activators\Windows 7 one click actiator v2.1.5\Windows Loader\Windows Loader.exe (Hacktool.Agent) -> No action taken.
E:\# Software #\OS Activators\Windows 8 Pro Crack\Windows 8-Pro-Final crack\P8_v25.exe (Trojan.Dropper.SFX) -> No action taken.
E:\# Software #\OS Activators\Windows.7.Loader.v2.1.5.Daz-HD3D\Windows Genuine Loader\Windows Loader.exe (Hacktool.Agent) -> No action taken.
E:\Downloading\MS Office 13\New folder\KMSnano_10_TheWiz\Ax86.exe (Trojan.FakeMS) -> No action taken.
E:\Dropbox\PC Repair\Serial Validators\Windows Genuine Validator\Windows Loader.exe (Hacktool.Agent) -> No action taken.

(end)
 
Looks like you have been downloading software and trying to pirate it. Thats a big no no. Rerun malwarebytes and make sure those entries get removed.
 
OTL logfile created on: 3/7/2014 8:31:21 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CharmPeddler\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 58.86% Memory free
6.50 Gb Paging File | 4.90 Gb Available in Paging File | 75.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75.00 Gb Total Space | 19.62 Gb Free Space | 26.17% Space Free | Partition Type: NTFS
Drive E: | 623.54 Gb Total Space | 285.63 Gb Free Space | 45.81% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 115.68 Gb Free Space | 12.42% Space Free | Partition Type: NTFS

Computer Name: XPS-MEDIA | User Name: CharmPeddler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\CharmPeddler\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
PRC - C:\Users\CharmPeddler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - C:\Users\CharmPeddler\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\CharmPeddler\AppData\Roaming\Dropbox\bin\libcef.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (BcmBtRSupport) -- C:\Windows\SysNative\BtwRSupportService.exe (Broadcom Corporation.)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology)
DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NETwLv64) -- C:\Windows\SysNative\drivers\NETwLv64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 4A D8 0F 96 0A CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A6FA003-A952-43FB-8FB4-F219144D97C1}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.deviantart.com/"
FF - prefs.js..extensions.enabledAddons: jumpstart%40mihailo.lalevic:0.5a5.5.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\CharmPeddler\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\CharmPeddler\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\CharmPeddler\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\CharmPeddler\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\CharmPeddler\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/12/11 14:16:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/22 14:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/06 23:44:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/22 14:36:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/06 23:44:26 | 000,000,000 | ---D | M]

[2012/12/06 22:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CharmPeddler\AppData\Roaming\Mozilla\Extensions
[2014/02/09 07:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CharmPeddler\AppData\Roaming\Mozilla\Firefox\Profiles\u75ink9z.default\extensions
[2014/02/09 07:49:33 | 000,224,364 | ---- | M] () (No name found) -- C:\Users\CharmPeddler\AppData\Roaming\Mozilla\Firefox\Profiles\u75ink9z.default\extensions\[email protected]
[2013/10/13 19:27:53 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\CharmPeddler\AppData\Roaming\Mozilla\Firefox\Profiles\u75ink9z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/08 15:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 15:21:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 15:22:23 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\CharmPeddler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\CharmPeddler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\CharmPeddler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\CharmPeddler\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\CharmPeddler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" File not found
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - Startup: C:\Users\CharmPeddler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\CharmPeddler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\CharmPeddler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn.icminc.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26CC5631-90CE-4DA3-A190-CCF01A05CC7B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{682B4854-E171-498D-A606-4C8A43106E58}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88895457-0D84-48D7-9754-81EA86D69334}: DhcpNameServer = 10.0.0.253
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9f3326be-1f35-11e3-9501-0016cffe9f1e}\Shell - "" = AutoRun
O33 - MountPoints2\{9f3326be-1f35-11e3-9501-0016cffe9f1e}\Shell\AutoRun\command - "" = F:\iLinker.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/06 23:40:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/06 20:59:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/06 20:23:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CharmPeddler\Desktop\OTL.exe
[2014/03/06 20:22:46 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\CharmPeddler\Desktop\JRT.exe
[2014/02/26 22:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2014/02/16 18:17:18 | 000,035,112 | ---- | C] (TeamViewer GmbH) -- C:\Windows\SysNative\drivers\teamviewervpn.sys
[2014/02/16 18:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/02/09 18:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2014/02/09 18:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex
[2014/02/09 18:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/02/06 21:04:35 | 000,000,000 | ---D | C] -- C:\Users\CharmPeddler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/07 08:37:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3444931015-2942659446-3513286149-1000UA.job
[2014/03/07 08:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/07 08:28:02 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/07 03:28:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/06 23:44:33 | 000,028,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/06 23:44:33 | 000,028,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/06 23:38:18 | 000,000,244 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/03/06 23:38:00 | 000,000,244 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2014/03/06 23:37:49 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2014/03/06 23:36:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/06 23:36:44 | 2616,037,376 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/06 20:57:14 | 000,000,973 | ---- | M] () -- C:\Users\CharmPeddler\Desktop\http - Shortcut.lnk
[2014/03/06 20:23:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CharmPeddler\Desktop\OTL.exe
[2014/03/06 20:22:56 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\CharmPeddler\Desktop\JRT.exe
[2014/03/06 19:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3444931015-2942659446-3513286149-1000Core.job
[2014/03/06 18:33:27 | 001,244,192 | ---- | M] () -- C:\Users\CharmPeddler\Desktop\AdwCleaner.exe
[2014/03/05 08:53:10 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/05 08:53:10 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/05 08:53:10 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/22 20:31:46 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/02/17 20:42:50 | 004,976,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/16 22:57:41 | 000,000,017 | ---- | M] () -- C:\Users\CharmPeddler\AppData\Local\resmon.resmoncfg
[2014/02/13 03:06:55 | 000,775,084 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/09 19:18:06 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/06 20:57:14 | 000,000,973 | ---- | C] () -- C:\Users\CharmPeddler\Desktop\http - Shortcut.lnk
[2014/03/06 18:33:16 | 001,244,192 | ---- | C] () -- C:\Users\CharmPeddler\Desktop\AdwCleaner.exe
[2014/02/16 22:57:41 | 000,000,017 | ---- | C] () -- C:\Users\CharmPeddler\AppData\Local\resmon.resmoncfg
[2014/02/16 18:17:22 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/02/16 18:17:22 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2013/11/21 20:20:04 | 000,000,006 | ---- | C] () -- C:\Users\CharmPeddler\start
[2013/09/22 14:23:55 | 000,142,432 | ---- | C] () -- C:\Windows\hpwins26.dat
[2013/09/22 14:23:55 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2013/09/18 18:03:00 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/05 12:39:29 | 000,405,881 | ---- | C] () -- C:\Windows\KJ.exe
[2012/12/10 22:47:51 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/18 18:45:30 | 000,000,000 | ---D | M] -- C:\Users\CharmPeddler\AppData\Roaming\Autodesk
[2013/12/03 20:56:36 | 000,000,000 | ---D | M] -- C:\Users\CharmPeddler\AppData\Roaming\AVAST Software
[2014/03/07 08:27:34 | 000,000,000 | ---D | M] -- C:\Users\CharmPeddler\AppData\Roaming\Dropbox
[2012/12/22 12:16:01 | 000,000,000 | ---D | M] -- C:\Users\CharmPeddler\AppData\Roaming\DVDFab
[2014/02/04 18:02:21 | 000,000,000 | ---D | M] -- C:\Users\CharmPeddler\AppData\Roaming\Foxit Software
[2013/08/09 20:39:23 | 000,000,000 | ---D | M] -- C:\Users\CharmPeddler\AppData\Roaming\HandBrake
[2012/12/04 20:12:09 | 000,000,000 | ---D | M] -- C:\Users\CharmPeddler\AppData\Roaming\Leadertech
[2013/10/22 20:01:30 | 000,000,000 | ---D | M] -- C:\Users\CharmPeddler\AppData\Roaming\Motorola
[2013/10/22 20:04:06 | 000,000,000 | ---D | M] -- C:\Users\CharmPeddler\AppData\Roaming\Motorola Mobility
[2014/02/16 22:57:05 | 000,000,000 | ---D | M] -- C:\Users\CharmPeddler\AppData\Roaming\TeamViewer
[2012/12/22 12:48:50 | 000,000,000 | ---D | M] -- C:\Users\CharmPeddler\AppData\Roaming\TeraCopy
[2013/11/28 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\CharmPeddler\AppData\Roaming\Wacom

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 3/7/2014 8:31:21 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CharmPeddler\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 58.86% Memory free
6.50 Gb Paging File | 4.90 Gb Available in Paging File | 75.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75.00 Gb Total Space | 19.62 Gb Free Space | 26.17% Space Free | Partition Type: NTFS
Drive E: | 623.54 Gb Total Space | 285.63 Gb Free Space | 45.81% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 115.68 Gb Free Space | 12.42% Space Free | Partition Type: NTFS

Computer Name: XPS-MEDIA | User Name: CharmPeddler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02429848-495D-45C3-AE04-F147CA0FBE2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CEEDAD2-673E-419D-98E6-9CB3413940A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1E1F277B-2BB0-4BF1-B103-CEC50F482653}" = lport=137 | protocol=17 | dir=in | app=system |
"{2213B500-2B2D-4F8A-829E-06805AD88D80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{250D54BC-C44A-4968-93BD-9B485B85808E}" = lport=139 | protocol=6 | dir=in | app=system |
"{37A84990-CEB4-4F70-A332-7ADE87BD8102}" = rport=138 | protocol=17 | dir=out | app=system |
"{47DD1959-40AA-4C9C-9A2D-3E003869A387}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A08E5DF-2397-462C-9833-4868BEAB5914}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D3EE6F6-F156-498C-8C14-A09D9B40289F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5489CA1D-A77A-48D1-B906-4952DC328B55}" = rport=10243 | protocol=6 | dir=out | app=system |
"{786907C4-A459-4286-B11B-93C4D3FC7EFB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C12938C-1C15-48D9-B6E0-DF8F5FFD4853}" = rport=445 | protocol=6 | dir=out | app=system |
"{8077411D-A18D-404A-BE41-0F49A951FD1B}" = lport=445 | protocol=6 | dir=in | app=system |
"{99A7E5F9-42B9-46FF-A5B7-72B0BEADB2A0}" = rport=139 | protocol=6 | dir=out | app=system |
"{C0B66D4F-107B-49B7-B2DC-5179982F6047}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C390785C-7FF6-4B8F-A381-91650CED93D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C43FC4B8-5785-4C29-BF10-FAA0538C2D65}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB644309-45D5-4E6F-9355-05AF83D271DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE32DA4E-1B8B-4438-9383-9C1D2A1DF986}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFBD78B3-D524-40D4-A3D6-1F91CD6D7513}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D23F4D3E-35A6-4671-B7DF-4DC41BDA2DB3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCBD925D-0F6E-4AE0-BA8D-14A45AC6F01F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F9F671DE-06E2-43ED-B99D-D636810476C0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B89E1A-30AE-4CD4-BB7E-B590B57992F4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0821F4D5-88D7-4CE3-A65E-9CE10E0EFE18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D90CA24-4596-4042-8678-0D953566626B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1DE318D6-466A-4C8C-9F26-17D6889C958F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{32E9D74D-F183-4858-A2FA-35009598C3F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D7A6BA4-0679-4905-9BBC-6276B81DA366}" = protocol=1 | dir=in | [email protected],-28543 |
"{43568170-CDBB-4A37-ACEA-AE61498EE596}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{464C5C1A-29B1-4D94-9181-349A3199A08A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{491AF277-E223-4609-A35E-DBEFBE8E7A77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C643782-ABF5-4488-BF7C-51DCD70D1712}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{5842E3EA-075C-47EF-9EC5-031687657EB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5CCA06DB-1D86-440D-9655-022BD6311BE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63CABD16-3F8A-4E81-A8F7-2696A6F3F007}" = protocol=1 | dir=out | [email protected],-28544 |
"{6406C958-C0A1-4FD9-ABCB-84C8CAE9D42D}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{6425E78C-E57F-4075-9353-5EA08166172E}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexscripthost.exe |
"{68591322-5E11-48D5-A92B-8C8A67C7DB14}" = protocol=58 | dir=out | [email protected],-28546 |
"{6A306C15-D5A8-4CBB-A6DF-B832E2C277E2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{6E6C2497-4BA3-402C-9C53-C7932579BAB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72745208-82EE-47DB-AA5D-5C34199A97E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7EFC5807-5A86-4829-80F3-58D178674AB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{873BFBEF-68A6-4F64-86AE-DE4BFB78886E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{896F1F76-BE7B-4F1F-9035-88CB0B037307}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{8D117F8C-E2A8-4C65-8456-24C49D0F2DA2}" = protocol=6 | dir=out | app=system |
"{95750D8D-BC68-4DE7-8B41-AC7AE75E4F02}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E8A5E75-FE71-46E4-8839-2DDC0BACFED5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A362A746-5FC5-4C32-B9C4-078B44AAA89B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A569AE21-C9EA-428B-8721-A4B9ADA92923}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{AE7BD9A5-26C0-4A34-95EA-1CEBB7AA7866}" = protocol=17 | dir=in | app=c:\users\charmpeddler\appdata\roaming\dropbox\bin\dropbox.exe |
"{AF231915-5C1C-4F47-913A-4EF79209F2EE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AF6613F2-416B-47AE-A488-0FB888F86648}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BB363DDC-69BE-42A7-BDAD-FED2606B489B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{BC157220-638A-40B4-A55A-6E5813D6A30A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{C987FCF1-365E-4B42-8014-01FED477A46E}" = dir=in | app=c:\program files (x86)\plex\plex media server\plex media server.exe |
"{D5D543AF-2758-4CFA-BB3F-4BE4D5037F41}" = protocol=17 | dir=in | app=c:\users\charmpeddler\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D5E42014-CEC6-4DBA-BADC-0200A530262A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{DA9F8DE7-7070-420B-ADAB-6F0FD07A0671}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexdlnaserver.exe |
"{DF405AC3-CBEC-4C4C-B94A-E85031DE3B0B}" = protocol=6 | dir=in | app=c:\users\charmpeddler\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E8BCDBB7-EB48-4F30-9C91-EC973A5D6C22}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F41D5A81-0D08-49FD-B75F-CB4371A1F53C}" = protocol=58 | dir=in | [email protected],-28545 |
"{F71D0523-906A-42FC-A1C1-A68517745D6C}" = protocol=6 | dir=in | app=c:\users\charmpeddler\appdata\roaming\dropbox\bin\dropbox.exe |
"{F9649547-E106-4A03-AC15-9F4ABF573210}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{6CE7F508-7003-49DF-BAA2-B237F71FC781}C:\users\charmpeddler\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\charmpeddler\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{84215479-37E6-4053-825E-D5BCA67FC552}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{A0B44151-C301-4DBE-908D-A913C64FB73B}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{D58703FB-6573-4019-BB56-EA5C7F657AC0}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"UDP Query User{355D44D2-0668-4E3F-AF1C-0EAF25D1CB8A}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{4F7BF3ED-6CEB-47D5-B503-5E9DA39C613C}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{60EAE3BA-FA0B-424C-AD80-74A0DCDB2DA2}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"UDP Query User{DA537771-8F8D-4AB1-914E-F091EB22CD14}C:\users\charmpeddler\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\charmpeddler\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5783F2D7-0111-0409-0110-0060B0CE6BBA}" = Autodesk CAD Manager Tools
"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}" = Motorola Mobile Drivers Installation 6.3.0
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Broadcom Bluetooth Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B38968E0-778F-47C3-8781-BAD4E497801C}" = HP Officejet 4500 G510g-m
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"CCleaner" = CCleaner
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeraCopy_is1" = TeraCopy 2.27

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12FB6296-8840-11E3-86D7-00163E98E7D0}" = Evernote v. 5.1.2
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = CloudReading
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E7A5A7D-1045-4075-9808-60C0DE69D38A}" = 4500G510gm_web
"{876ab221-6562-4f34-9335-68fc92bb3f1b}" = Plex Media Server
"{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}" = Motorola Device Software Update
"{8988EA30-14EF-41DE-843E-DBD4CFAAA0AF}" = Plex Media Server
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help_Web
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Wacom Edition 3 Stand-Alone" = Color Efex Pro 3.0 Wacom Edition 3
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"Driver Genius Pro PREACTIVATED by .:sHaRe:.@WaReZ-BB_is1" = Driver Genius Professional Edition
"DVDFab 8 Qt_is1" = DVDFab 8.2.2.5 (14/12/2012) Qt
"DVDFab Decrypter_is1" = DVDFab Decrypter 2.9.8.3
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.8
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"TeamViewer 9" = TeamViewer 9
"VLC media player" = VLC media player 2.1.3
"WinRAR 4.01" = WinRAR 4.01
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google+ Auto Backup" = Google+ Auto Backup

========== Last 20 Event Log Errors ==========

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 11/20/2013 7:28:07 PM | Computer Name = XPS-Media | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
92 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED


Error - 11/20/2013 7:28:07 PM | Computer Name = XPS-Media | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
70 Invoked Function: CapiCertUtils Return Code: -32767981 (0xFE0C0013) Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

Error - 11/20/2013 7:28:07 PM | Computer Name = XPS-Media | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
40 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32767981 (0xFE0C0013)
Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

Error - 11/20/2013 7:28:07 PM | Computer Name = XPS-Media | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
1101 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
-32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED


Error - 11/20/2013 7:31:20 PM | Computer Name = XPS-Media | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 11/20/2013 7:31:32 PM | Computer Name = XPS-Media | Source = acvpnui | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed.

Error - 11/20/2013 7:31:37 PM | Computer Name = XPS-Media | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: No more data
is available.

Error - 11/20/2013 7:31:38 PM | Computer Name = XPS-Media | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1127 NULL object. Cannot establish a connection at this time.

Error - 11/21/2013 6:55:57 PM | Computer Name = XPS-Media | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1127 NULL object. Cannot establish a connection at this time.

Error - 11/28/2013 11:17:16 PM | Computer Name = XPS-Media | Source = acvpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.


< End of report >
 
Do you know what this file is for?

C:\Windows\KJ.exe

I would like for you to do the following.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.
 
Well, it only took 6 hours 7 minutes:

The first one i'm still hoping is a false positive.
the second and third i'm removing deleting the files now, as they are old and outdated.

"C:\Users\CharmPeddler\Downloads\Activator Win 8+7+Office\K.J_121026.exe Win32/Injector.AAMW trojan
E:\# Phone #\Android\SuperOneClickv1.9.5-ShortFuse.Drivers.rar multiple threats
E:\# Phone #\Android\Apps\Android.Super.Pack.Games.&.Apps\APPS\a Walk and Text v1.3.7.apk Android/Walksteal.A trojan
"
 
Again, you are trying to activate pirated software. Delete any keygens and activators you have and buy the software legally. Its not worth the hassle of infecting your machine over. So delete the first file and also

C:\Windows\KJ.exe
 
johnb35 said:
Looks like you have been downloading software and trying to pirate it. Thats a big no no. Rerun malwarebytes and make sure those entries get removed.
Click to expand...

Agreed.

johnb35 said:
Again, you are trying to activate pirated software. Delete any keygens and activators you have and buy the software legally. Its not worth the hassle of infecting your machine over. So delete the first file and also

C:\Windows\KJ.exe
Click to expand...

Agreed.
Unless if you are 100% that you know what you are doing.
Still...it's against the law so I agree.
 
removing now. does anything you see actually tell you "this is infected", or are you just giving good information and saying "things like this CAN cause problems"?
 
johnb35 said:
Key gens and activators are bad for a pc, plain and simple.
Click to expand...

This is understood and taken into account years ago. I am not questioning the odd's or changes or likely hood of this.

What i'm questioning is whether or not my system IS (not if, or could be, or "this WILL") actually infected. and IF it IS, is anyone (with any more certainty than "with my experience and knowledge BELIEVE it to be") able to tell me that it is because of my stupidity in using the activators and generators? or is it just a run of the mill junk that got in some other way?



let it be known that I am not dismissing or ignoring anyone's very helpful and knowledgeable computer safety advice, or legal advice. I'm just saying that I personally know the risks, and more than likely am ignorant enough to go ahead and take them.
 
You can do whatever you want. But know from experience the keygens and activators contain malware and upon using will inject code in your system. I used to be just like you. Wasn't worth it in the long run. Please be warned that if you continue to use keygens/activators I will not help you with issues in the future.
 
johnb35 said:
You can do whatever you want. But know from experience the keygens and activators contain malware and upon using will inject code in your system. I used to be just like you. Wasn't worth it in the long run. Please be warned that if you continue to use keygens/activators I will not help you with issues in the future.
Click to expand...

Like i said, i completely understand all of what you just said. I have not used an activator and have stopped pirating (a few years at least, i dont remember when or the last thing i got) a long time ago. I have removed most all of that stuff from my system and from my "archive" hard drives. with all the free offerings (av / google apps for ms office / 7zip / I dont know remember what else i used to use it for) i really dont need it anymore.

NOTE: @whiteguru, i think you would have more luck with people seeing your issue if you were to take that post and make a new thread. People will see it as a fresh issue and not mistake it for just another posting inside my thread. GL
 
You must log in or register to reply here.
Back
Top