1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Running terrible

Discussion in 'Virus & Other Malware Removal' started by rnordeman, Oct 30, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. rnordeman

    rnordeman Thread Starter

    Joined:
    Jul 9, 2013
    Messages:
    59
    Can you please help me trouble shoot this laptop? It is running horrible.
    Specs:

    OS Name Microsoft Windows 7 Home Premium
    Version 6.1.7601 Service Pack 1 Build 7601
    Other OS Description Not Available
    OS Manufacturer Microsoft Corporation
    System Name NORDEMAN-PC
    System Manufacturer Dell Inc.
    System Model Inspiron 5720
    System Type x64-based PC
    Processor Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    BIOS Version/Date Dell Inc. A18, 8/23/2013
    SMBIOS Version 2.7
    Windows Directory C:\Windows
    System Directory C:\Windows\system32
    Boot Device \Device\HarddiskVolume2
    Locale United States
    Hardware Abstraction Layer Version = "6.1.7601.17514"
    User Name NORDEMAN-PC\NORDEMAN
    Time Zone Eastern Daylight Time
    Installed Physical Memory (RAM) 6.00 GB
    Total Physical Memory 5.86 GB
    Available Physical Memory 4.20 GB
    Total Virtual Memory 11.7 GB
    Available Virtual Memory 9.92 GB
    Page File Space 5.86 GB
    Page File C:\pagefile.sys
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    Hi medordeman,
    -----------------------------------------------
    Please download MiniToolBox and run it.
    Double click MiniToolBox.exe to launch the program.
    Checkmark only the following boxes in the list:
    • List Installed Programs
    • List Users, Partitions and Memory size
    Click Go to start the scan.
    When finished a log Result.txt will open.
    Please post the contents of that log in your next reply.
    -------------------------------------------------------------
    AdwCleaner Download and Run

    Download AdwCleaner and save it to your desktop or somewhere you can find it.
    Take care NOT to click on any ad, like from PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
    It may take several minutes to complete.
    When it is done, click on the Clean button, accept any prompts that appear and allow the system to Reboot.
    You will then be presented with the report. Copy & Paste it into a reply here.

    [​IMG]
    If you lose track of the log, it is saved in this folder C:\AdwCleaner\
    The filename will be adwcleaner[xx].txt where [xx] will be S1, or S2, etc. whichever filename is newest.
    ----------------------------------------------
    Download and Run Temp File Cleaner (TFC.exe)
    Download Temp File Cleaner and save it to your desktop.
    You might want to Save any unsaved work. TFC will close ALL open programs... including your browser!
    Right click the TFC icon and choose Run as administrator.
    If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
    When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
    After Restart, log back in to your usual account.
    You can keep TFC on your desktop and run it every week or two to clean out excessive temporary files. It does usually require a restart.

    askey127
     
  3. rnordeman

    rnordeman Thread Starter

    Joined:
    Jul 9, 2013
    Messages:
    59
    Ok...so I ran all three and here are the results
    minitoolbox:


    MiniToolBox by Farbar Version: 21-07-2014
    Ran by NORDEMAN (administrator) on 31-10-2014 at 19:32:17
    Running from "C:\Users\NORDEMAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F15D0E3"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************

    =========================== Installed Programs ============================
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
    Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
    Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
    Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
    Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
    Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.214 - ALPS ELECTRIC CO., LTD.)
    DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.58 - Dell Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6426.0 - IDT)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{A10B1524-63B5-40F2-B272-D841CF671C16}) (Version: 2.2.0.0266 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    PicPick (HKLM-x32\...\PicPick) (Version: 3.3.2 - NTeWORKS)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.37 - Dell Inc.)
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.65.1025.2012 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
    Windows Driver Package - Broadcom (BcmVWL) Net (10/21/2011 6.20.55.1) (HKLM\...\D3D5243E35F0E912D4EBC814E30F950D23D4C15B) (Version: 10/21/2011 6.20.55.1 - Broadcom)
    ========================= Devices: ================================

    **** End of log ****






    AdwCleaner:


    # AdwCleaner v3.012 - Report created 17/11/2013 at 09:22:05
    # Updated 11/11/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Nordeman - NORDEMAN-PC
    # Running from : C:\Users\Nordeman\Downloads\AdwCleaner (1).exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    ***** [ Browsers ] *****
    -\\ Internet Explorer v10.0.9200.16686

    -\\ Google Chrome v30.0.1599.69
    [ File : C:\Users\Nordeman\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    *************************
    AdwCleaner[R0].txt - [1210 octets] - [17/11/2013 09:16:23]
    AdwCleaner[R1].txt - [1274 octets] - [17/11/2013 09:19:11]
    AdwCleaner[S0].txt - [1090 octets] - [17/11/2013 09:22:05]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1150 octets] ##########
    # AdwCleaner v3.311 - Report created 31/10/2014 at 19:37:13
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : NORDEMAN - NORDEMAN-PC
    # Running from : C:\Users\NORDEMAN\Desktop\AdwCleaner.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\374311380
    Folder Deleted : C:\ProgramData\AVG Security Toolbar
    Folder Deleted : C:\Users\NORDEMAN\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\NORDEMAN\Documents\PC Speed Maximizer
    File Deleted : C:\END
    ***** [ Scheduled Tasks ] *****
    Task Deleted : FF Watcher {5874CCD0-2EAB-419B-983E-47F359AC1B82}
    Task Deleted : FF Watcher {65703D9D-0647-4045-A923-2D02E4CE633F}
    Task Deleted : FF Watcher {C913CE7E-8C2F-4DEF-8BBF-12BC7486D041}
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
    Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\WEDLMNGR
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\InstallIQ
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17344

    -\\ Google Chrome v37.0.2062.124
    [ File : C:\Users\NORDEMAN\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M0EDF19CB-9530-464D-A312-B46A294BAE57&SearchSource=58&CUI=&UM=5&UP=SP6C42EBC1-26D3-4585-B12D-5107FDFD4CB7&q={searchTerms}&SSPV=
    *************************
    AdwCleaner[R0].txt - [6458 octets] - [17/11/2013 10:16:23]
    AdwCleaner[R1].txt - [1274 octets] - [17/11/2013 10:19:11]
    AdwCleaner[R2].txt - [958 octets] - [17/11/2013 10:26:48]
    AdwCleaner[R3].txt - [1586 octets] - [22/12/2013 16:13:15]
    AdwCleaner[S0].txt - [5917 octets] - [17/11/2013 10:22:05]
    AdwCleaner[S1].txt - [1018 octets] - [17/11/2013 10:27:20]
    AdwCleaner[S2].txt - [1542 octets] - [22/12/2013 16:13:59]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6097 octets] ##########




    Temp File Cleaner:


    This one doesn't give a log or I didn't know where to look for it.




    Let me know what you think of the logs.
    Rosemary
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    mordermen,
    Your obsolete Java needs to be removed. You can decide later if you want to replace it.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Java 7 Update 67

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ---------------------------------------------
    Run a Scan with OTL
    • Right click the OTL icon and choose "Run as administrator" to run it.
    • Check the box at the top, labeled Include 64 bit scans
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

    ---------------------------------------------------
    So, In Your Replies, we will be looking for the following :
    The contents of:
    • OTL.txt
    • Extras.txt
    Please feel free to use separate replies.

    askey127
     
  5. rnordeman

    rnordeman Thread Starter

    Joined:
    Jul 9, 2013
    Messages:
    59
    Ok....did all that and here are my reports


    OTL logfile created on: 11/1/2014 10:10:03 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NORDEMAN\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17358)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.86 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 70.84% Memory free
    11.73 Gb Paging File | 9.90 Gb Available in Paging File | 84.40% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 678.79 Gb Total Space | 551.08 Gb Free Space | 81.19% Space Free | Partition Type: NTFS

    Computer Name: NORDEMAN-PC | User Name: NORDEMAN | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/11/01 10:07:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NORDEMAN\Desktop\OTL.exe
    PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2014/03/11 12:47:10 | 013,165,400 | ---- | M] (NTeWORKS) -- C:\Program Files (x86)\PicPick\picpick.exe
    PRC - [2012/06/18 15:32:00 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    PRC - [2012/06/18 15:31:58 | 001,333,184 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    PRC - [2012/06/18 15:31:48 | 001,095,616 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2012/01/20 17:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2012/01/20 17:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2012/01/20 12:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/09/18 21:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2014/07/22 19:31:23 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2014/01/06 17:04:52 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2012/09/05 15:40:42 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2012/01/10 22:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV - [2014/10/19 18:49:34 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2014/04/10 14:30:14 | 000,202,248 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
    SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012/07/13 05:02:15 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2012/06/18 15:32:00 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2012/06/18 15:31:58 | 001,333,184 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2012/06/18 15:31:48 | 001,095,616 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2012/01/20 17:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012/01/20 17:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012/01/20 12:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2014/01/06 17:04:55 | 000,165,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
    DRV:64bit: - [2014/01/06 17:04:53 | 005,443,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2014/01/06 17:04:53 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
    DRV:64bit: - [2014/01/06 17:04:52 | 000,022,632 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/10/24 16:50:28 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2012/10/15 23:23:20 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2012/10/15 23:23:20 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2012/10/15 23:23:20 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2012/09/19 01:46:20 | 000,447,864 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2012/09/05 15:40:42 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2012/06/15 01:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2012/05/21 09:39:12 | 000,111,104 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2014/01/06 17:01:11 | 000,033,664 | ---- | M] (Zeal SoftStudio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\memacc.sys -- (MEMACC)
    DRV - [2014/01/06 17:01:11 | 000,013,880 | ---- | M] (Zeal SoftStudio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\zntport.sys -- (zntport)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/yhs/web?hs...SP,204,0_0,StartPage,20141044,20029,0,31,6944
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 EE F7 A5 CC 0E CF 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {2261B886-D855-4A5E-9E9B-B421D6C73F60}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{2261B886-D855-4A5E-9E9B-B421D6C73F60}: "URL" = https://search.yahoo.com/search?p={...e=W3i_DS,136,0_0,Search,20141044,20028,0,31,0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


    [2014/10/30 20:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NORDEMAN\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========

    CHR - default_search_provider: (Enabled)
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 7 U51 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
    CHR - Extension: No name found = C:\Users\NORDEMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    CHR - Extension: No name found = C:\Users\NORDEMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

    O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKCU..\Run: [DellSystemDetect] C:\Users\NORDEMAN\AppData\Local\Apps\2.0\ZVL7NHCM.8GK\LLZ6M6GD.5HV\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe (Dell)
    O4 - HKCU..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe (NTeWORKS)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
    O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5D20147-9C6B-4A7A-9A5F-CD70B7013135}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{dd877572-f402-11e3-b0b4-c01885c368e4}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd877572-f402-11e3-b0b4-c01885c368e4}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/11/01 10:07:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\NORDEMAN\Desktop\OTL.exe
    [2014/10/31 19:36:10 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
    [2014/10/30 20:28:11 | 000,000,000 | ---D | C] -- C:\Users\NORDEMAN\AppData\Roaming\Mozilla
    [2014/10/30 20:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2014/10/29 07:35:56 | 000,000,000 | ---D | C] -- C:\0a75fbb53bddc22621bc9b
    [2014/10/28 21:47:21 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
    [2014/10/28 21:47:21 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/10/28 21:47:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
    [2014/10/28 21:47:21 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2014/10/28 21:47:20 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2014/10/28 21:47:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
    [2014/10/28 21:47:20 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    [2014/10/28 21:47:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
    [2014/10/28 21:47:20 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2014/10/28 21:47:19 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/10/28 21:47:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2014/10/28 21:47:18 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
    [2014/10/28 21:47:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
    [2014/10/28 21:47:17 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/10/28 21:47:17 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2014/10/28 21:47:17 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/10/28 21:47:16 | 002,108,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/10/28 21:47:16 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2014/10/28 21:47:15 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2014/10/28 21:47:15 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2014/10/28 21:47:15 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2014/10/28 21:47:15 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/10/28 21:47:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
    [2014/10/28 21:47:14 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/10/28 21:47:14 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2014/10/28 21:47:13 | 005,829,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/10/28 21:47:13 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2014/10/28 21:47:13 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2014/10/28 21:47:13 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
    [2014/10/28 21:47:13 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/10/28 21:47:13 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/10/28 21:47:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/10/28 21:47:12 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2014/10/28 21:47:12 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2014/10/28 21:47:12 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
    [2014/10/26 20:15:00 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2014/10/26 20:11:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
    [2014/10/26 20:11:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
    [2014/10/26 20:11:34 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
    [2014/10/26 20:11:34 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
    [2014/10/26 20:11:34 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
    [2014/10/26 20:11:34 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
    [2014/10/26 20:11:34 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
    [2014/10/26 20:11:34 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
    [2014/10/26 20:03:27 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
    [2014/10/26 20:03:27 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
    [2014/10/26 20:03:24 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
    [2014/10/26 19:44:18 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
    [2014/10/26 19:44:18 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
    [2014/10/26 19:44:12 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
    [2014/10/26 19:44:12 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsta.dll
    [2014/10/26 19:44:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
    [2014/10/26 19:42:02 | 006,584,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2014/10/26 19:42:01 | 005,703,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2014/10/19 18:49:11 | 000,000,000 | ---D | C] -- C:\Users\NORDEMAN\AppData\Local\Adobe

    ========== Files - Modified Within 30 Days ==========

    [2014/11/01 10:07:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NORDEMAN\Desktop\OTL.exe
    [2014/11/01 10:03:21 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/11/01 10:03:21 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/11/01 10:03:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/11/01 10:00:17 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/11/01 10:00:17 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/11/01 10:00:17 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/11/01 09:58:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/11/01 09:55:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/11/01 09:55:37 | 426,876,927 | -HS- | M] () -- C:\hiberfil.sys
    [2014/11/01 09:54:53 | 000,000,230 | ---- | M] () -- C:\Users\NORDEMAN\Desktop\Running terrible - Tech Support Guy.url
    [2014/11/01 09:52:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/10/31 19:33:44 | 001,375,089 | ---- | M] () -- C:\Users\NORDEMAN\Desktop\AdwCleaner.exe
    [2014/10/30 20:27:56 | 000,910,843 | ---- | M] () -- C:\Users\NORDEMAN\Desktop\manuals.pdf
    [2014/10/30 20:17:21 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/10/19 18:49:34 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/10/19 18:49:33 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    ========== Files Created - No Company Name ==========

    [2014/11/01 09:54:52 | 000,000,230 | ---- | C] () -- C:\Users\NORDEMAN\Desktop\Running terrible - Tech Support Guy.url
    [2014/10/31 19:33:44 | 001,375,089 | ---- | C] () -- C:\Users\NORDEMAN\Desktop\AdwCleaner.exe
    [2014/10/30 20:27:55 | 000,910,843 | ---- | C] () -- C:\Users\NORDEMAN\Desktop\manuals.pdf
    [2014/09/09 18:54:29 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
    [2014/01/06 17:10:22 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/12/14 03:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
    [2012/12/14 03:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2014/03/22 21:00:38 | 000,000,000 | ---D | M] -- C:\Users\NORDEMAN\AppData\Roaming\.minecraft
    [2014/01/06 20:52:13 | 000,000,000 | ---D | M] -- C:\Users\NORDEMAN\AppData\Roaming\AVG2014
    [2014/02/21 23:25:45 | 000,000,000 | ---D | M] -- C:\Users\NORDEMAN\AppData\Roaming\IDT
    [2014/09/05 18:09:17 | 000,000,000 | ---D | M] -- C:\Users\NORDEMAN\AppData\Roaming\Oracle
    [2014/10/26 19:23:34 | 000,000,000 | ---D | M] -- C:\Users\NORDEMAN\AppData\Roaming\PicPick
    [2014/01/06 20:51:33 | 000,000,000 | ---D | M] -- C:\Users\NORDEMAN\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========


    < End of report >








    Second one


    OTL Extras logfile created on: 11/1/2014 10:10:03 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NORDEMAN\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17358)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.86 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 70.84% Memory free
    11.73 Gb Paging File | 9.90 Gb Available in Paging File | 84.40% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 678.79 Gb Total Space | 551.08 Gb Free Space | 81.19% Space Free | Partition Type: NTFS

    Computer Name: NORDEMAN-PC | User Name: NORDEMAN | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{23A14B53-4373-4247-A731-51EDE9194D9D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{26948461-0A2D-4677-A4BB-8AD93E28A08A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{27A235F0-5A2D-4568-A64B-EE569B153254}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{332879C5-2D5D-4CF4-B282-719DAD0D696B}" = lport=21 | protocol=6 | dir=in | app=c:\program files\dell\dw wlan card\wfdtray.exe |
    "{39321C30-D89F-41EF-8BD4-754526BBDFA3}" = lport=23 | protocol=17 | dir=in | app=c:\program files\dell\dw wlan card\wfdtray.exe |
    "{50B5BB49-1872-4B5E-A073-12B8CA33CAAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{568A0BFF-D1D6-43CC-B7DC-80658E6BF0A1}" = lport=1027 | protocol=17 | dir=out | app=c:\program files\dell\dw wlan card\wfdtray.exe |
    "{6509C74B-8136-450F-9092-7FEC2471DA4D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{689F1347-3778-4E66-828A-51254488660A}" = lport=1024 | protocol=6 | dir=in | app=c:\program files\dell\dw wlan card\wfdtray.exe |
    "{6C23EDE3-C5E5-41CB-8233-9FE7DDB447C4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7AA28590-3E1D-48B4-9BDC-157FEE0CA1B7}" = rport=137 | protocol=17 | dir=out | app=system |
    "{7D1D5410-08C5-45FB-A529-5BFF2F9CBAE4}" = lport=137 | protocol=17 | dir=in | app=system |
    "{820213C8-4E7C-4457-B1CE-428D29E94F05}" = rport=139 | protocol=6 | dir=out | app=system |
    "{84B3C6BF-93A0-4E08-A604-96E02955EAA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{84E453D2-7A08-4F3D-92DC-7FE55495963E}" = lport=2060 | protocol=6 | dir=out | app=c:\program files\dell\dw wlan card\wfdsendtoexplorer.exe |
    "{8790E74C-1C84-4133-B1B2-F1E26973404A}" = lport=2048 | protocol=6 | dir=out | app=c:\program files\dell\dw wlan card\wfdsendtoexplorer.exe |
    "{8A245497-AA14-4D47-8EC7-32B3695C0339}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8AEEAC3D-5C11-47AC-9D11-97A05FB6FFAE}" = lport=2060 | protocol=6 | dir=out | app=c:\program files\dell\dw wlan card\wfdsendtoexplorer.exe |
    "{9414428E-4FE9-4692-8A0B-43CF2CA41625}" = lport=139 | protocol=6 | dir=in | app=system |
    "{94B4975C-9972-465A-818D-8373489EE033}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{9C157606-35BB-4D10-AE34-B79D16E843A6}" = lport=138 | protocol=17 | dir=in | app=system |
    "{AD022F93-5EBE-4029-AF5B-96E941C75259}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{CB1FCC2B-E505-476E-8E51-01FAAD6728FC}" = lport=21 | protocol=6 | dir=in | app=c:\program files\dell\dw wlan card\wfdtray.exe |
    "{CBE26D45-4321-42AB-9317-EE9825344B94}" = rport=138 | protocol=17 | dir=out | app=system |
    "{D020A4FB-AC22-4F06-B7A1-BDFA7A6E3132}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{D1450D04-F5B4-4984-AD73-F827127AAC32}" = rport=445 | protocol=6 | dir=out | app=system |
    "{DAF6ECD9-B367-4A32-9D14-58CA69516AD4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E0457108-59B7-49C1-970D-F70861D2389E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{E90E8B02-767D-4ACA-948B-1F745968ED9B}" = lport=23 | protocol=17 | dir=in | app=c:\program files\dell\dw wlan card\wfdtray.exe |
    "{EDA049E5-A17A-411E-884D-C9008C301EF5}" = lport=1027 | protocol=17 | dir=out | app=c:\program files\dell\dw wlan card\wfdtray.exe |
    "{EFC6BBD7-F68B-4E33-A5B5-B72784B6A870}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{F54D0F18-46A3-4FF5-B89C-2E85E781B837}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "{FBB50C47-0C1E-4169-ABED-F1ACECA364C5}" = lport=2048 | protocol=6 | dir=out | app=c:\program files\dell\dw wlan card\wfdsendtoexplorer.exe |
    "{FC690762-D1F3-453A-9A6D-433EF67D074D}" = lport=1024 | protocol=6 | dir=in | app=c:\program files\dell\dw wlan card\wfdtray.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07017F26-E50C-4928-B16C-74ED927A2DAB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{0A622D8F-510A-43E8-90C6-F7F3DD0ED462}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1B6ABAD0-D74C-46ED-B079-656ACABDE9AC}" = protocol=58 | dir=out | [email protected],-503 |
    "{27B2EE24-1DD7-43D4-A283-F53D79FAC21A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{33573210-ADD7-4F5A-9A6C-4E2ACDB55A4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3CE165C2-C14A-430E-AA90-6624DDA0292D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4451E91F-6417-4611-B84E-D55E6FF7FB97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{528FA5F8-702E-4A93-BCB7-31F348D4EDE9}" = protocol=58 | dir=in | [email protected],-28545 |
    "{54A972DF-0D3C-4066-97E2-CA0A7D506C7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5B16DB43-CBFC-4368-B475-AF36C366FCE5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{80BF6CD6-AC80-496D-AF2A-08DE61F50842}" = protocol=6 | dir=out | app=system |
    "{83415685-92B6-43B3-83CA-39A8CE5AFD8D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8D33DA73-F752-4583-9795-3F2A31BE5FF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{917B8734-63E9-40A7-B1BA-706A87E66812}" = protocol=1 | dir=out | [email protected],-28544 |
    "{A673CD57-39D2-41F8-86FE-22381843C3FC}" = protocol=1 | dir=in | [email protected],-28543 |
    "{AB24C5D0-0CC0-4AEC-BCDB-B7FD293741C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B46A11B2-3B8A-454A-AA6B-DEFE830403C1}" = protocol=58 | dir=out | [email protected],-28546 |
    "{D9BC9F6E-7155-4211-8920-C24582D93776}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DE5AD313-0FB0-4BC6-A11C-DD3FDD5A42E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E22E0E65-6416-4E31-B4B9-2EB297ACC8CC}" = protocol=58 | dir=in | app=system |
    "{F6C5CFBF-AB59-4AD9-8A49-E539F548D726}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{A15389B4-BB74-45D9-BAEA-6F0DB2550A3B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{3B1F1A9C-A961-45F0-929D-490CA87E3753}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
    "{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A10B1524-63B5-40F2-B272-D841CF671C16}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
    "D3D5243E35F0E912D4EBC814E30F950D23D4C15B" = Windows Driver Package - Broadcom (BcmVWL) Net (10/21/2011 6.20.55.1)
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "Microsoft Security Client" = Microsoft Security Essentials

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
    "{D850CB7E-72BC-4510-BA4F-48932BFAB295}" = Dell Digital Delivery
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
    "Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
    "CanonMyPrinter" = Canon My Printer
    "Google Chrome" = Google Chrome
    "PicPick" = PicPick

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "9204f5692a8faf3b" = Dell System Detect

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/5/2014 6:16:51 PM | Computer Name = NORDEMAN-PC | Source = MsiInstaller | ID = 1024
    Description =

    Error - 9/7/2014 1:33:44 PM | Computer Name = NORDEMAN-PC | Source = MsiInstaller | ID = 1024
    Description =

    Error - 9/9/2014 7:14:16 AM | Computer Name = NORDEMAN-PC | Source = System Restore | ID = 8210
    Description =

    Error - 9/16/2014 5:07:44 PM | Computer Name = NORDEMAN-PC | Source = MsiInstaller | ID = 1024
    Description =

    Error - 10/26/2014 7:01:31 PM | Computer Name = NORDEMAN-PC | Source = System Restore | ID = 8210
    Description =

    Error - 10/26/2014 7:15:36 PM | Computer Name = NORDEMAN-PC | Source = System Restore | ID = 8210
    Description =

    Error - 10/26/2014 7:34:43 PM | Computer Name = NORDEMAN-PC | Source = System Restore | ID = 8210
    Description =

    Error - 10/26/2014 7:49:51 PM | Computer Name = NORDEMAN-PC | Source = System Restore | ID = 8210
    Description =

    Error - 10/26/2014 7:55:26 PM | Computer Name = NORDEMAN-PC | Source = System Restore | ID = 8210
    Description =

    Error - 10/29/2014 7:02:33 PM | Computer Name = NORDEMAN-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: GoogleUpdate.exe, version: 1.3.21.103,
    time stamp: 0x4f3c6d6c Faulting module name: ntdll.dll, version: 6.1.7601.18247,
    time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x000223e0 Faulting
    process id: 0xb8c Faulting application start time: 0x01cff3cb3a446583 Faulting application
    path: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Faulting module path:
    C:\Windows\SysWOW64\ntdll.dll Report Id: a9cfe990-5fbf-11e4-8bf7-c01885c368e4

    Error - 10/30/2014 8:30:53 PM | Computer Name = NORDEMAN-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344,
    time stamp: 0x541b6f63 Faulting module name: ntdll.dll, version: 6.1.7601.18247,
    time stamp: 0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting
    process id: 0x116c Faulting application start time: 0x01cff4a1e4153f1e Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\Windows\SysWOW64\ntdll.dll Report Id: 2b8c52ff-6095-11e4-8763-c01885c368e4

    [ Broadcom Wireless LAN Events ]
    Error - 10/30/2014 8:19:56 PM | Computer Name = NORDEMAN-PC | Source = WLAN-Tray | ID = 0
    Description = 20:19:56, Thu, Oct 30, 14 Error - Unable to set enhanced country code

    Error - 10/30/2014 8:33:19 PM | Computer Name = NORDEMAN-PC | Source = WLAN-Tray | ID = 0
    Description = 20:33:19, Thu, Oct 30, 14 Error - Unable to set enhanced country code

    Error - 10/30/2014 8:33:19 PM | Computer Name = NORDEMAN-PC | Source = WLAN-Tray | ID = 0
    Description = 20:33:19, Thu, Oct 30, 14 Error - Unable to set enhanced country code

    Error - 10/31/2014 2:51:27 AM | Computer Name = NORDEMAN-PC | Source = WLAN-Tray | ID = 0
    Description = 02:51:27, Fri, Oct 31, 14 Error - Unable to set enhanced country code

    Error - 10/31/2014 7:01:10 PM | Computer Name = NORDEMAN-PC | Source = WLAN-Tray | ID = 0
    Description = 19:01:10, Fri, Oct 31, 14 Error - Unable to set enhanced country code

    Error - 10/31/2014 7:39:51 PM | Computer Name = NORDEMAN-PC | Source = WLAN-Tray | ID = 0
    Description = 19:39:51, Fri, Oct 31, 14 Error - Unable to set enhanced country code

    Error - 10/31/2014 7:39:51 PM | Computer Name = NORDEMAN-PC | Source = WLAN-Tray | ID = 0
    Description = 19:39:51, Fri, Oct 31, 14 Error - Unable to set enhanced country code

    Error - 11/1/2014 9:52:19 AM | Computer Name = NORDEMAN-PC | Source = WLAN-Tray | ID = 0
    Description = 09:52:19, Sat, Nov 01, 14 Error - Unable to set enhanced country code

    Error - 11/1/2014 9:56:06 AM | Computer Name = NORDEMAN-PC | Source = WLAN-Tray | ID = 0
    Description = 09:56:06, Sat, Nov 01, 14 Error - Unable to set enhanced country code

    Error - 11/1/2014 9:56:06 AM | Computer Name = NORDEMAN-PC | Source = WLAN-Tray | ID = 0
    Description = 09:56:06, Sat, Nov 01, 14 Error - Unable to set enhanced country code

    [ Media Center Events ]
    Error - 9/28/2014 6:01:43 PM | Computer Name = NORDEMAN-PC | Source = MCUpdate | ID = 0
    Description = 6:01:43 PM - Failed to retrieve MCESpotlight (Error: Unable to connect
    to the remote server)

    Error - 9/28/2014 6:01:44 PM | Computer Name = NORDEMAN-PC | Source = MCUpdate | ID = 0
    Description = 6:01:44 PM - Failed to retrieve MCEClientUX (Error: Unable to connect
    to the remote server)

    Error - 9/28/2014 6:01:45 PM | Computer Name = NORDEMAN-PC | Source = MCUpdate | ID = 0
    Description = 6:01:45 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
    to the remote server)

    Error - 9/28/2014 6:02:11 PM | Computer Name = NORDEMAN-PC | Source = MCUpdate | ID = 0
    Description = 6:01:59 PM - Failed to retrieve Broadband (Error: Unable to connect
    to the remote server)

    Error - 10/13/2014 7:52:15 PM | Computer Name = NORDEMAN-PC | Source = MCUpdate | ID = 0
    Description = 7:52:15 PM - Failed to retrieve Directory (Error: Unable to connect
    to the remote server)

    Error - 10/13/2014 7:52:25 PM | Computer Name = NORDEMAN-PC | Source = MCUpdate | ID = 0
    Description = 7:52:20 PM - Error connecting to the internet. 7:52:20 PM - Unable
    to contact server..

    Error - 10/23/2014 7:27:48 PM | Computer Name = NORDEMAN-PC | Source = MCUpdate | ID = 0
    Description = 7:27:48 PM - Failed to retrieve Directory (Error: Unable to connect
    to the remote server)

    Error - 10/23/2014 7:27:54 PM | Computer Name = NORDEMAN-PC | Source = MCUpdate | ID = 0
    Description = 7:27:54 PM - Failed to retrieve MCESpotlight (Error: Unable to connect
    to the remote server)

    Error - 10/23/2014 7:27:56 PM | Computer Name = NORDEMAN-PC | Source = MCUpdate | ID = 0
    Description = 7:27:56 PM - Failed to retrieve MCEClientUX (Error: Unable to connect
    to the remote server)

    Error - 10/23/2014 7:27:59 PM | Computer Name = NORDEMAN-PC | Source = MCUpdate | ID = 0
    Description = 7:27:58 PM - Failed to retrieve SportsV2 (Error: Unable to connect
    to the remote server)

    [ System Events ]
    Error - 10/30/2014 8:19:47 PM | Computer Name = NORDEMAN-PC | Source = Service Control Manager | ID = 7000
    Description = The MemPort service failed to start due to the following error: %%2

    Error - 10/30/2014 8:31:54 PM | Computer Name = NORDEMAN-PC | Source = DCOM | ID = 10010
    Description =

    Error - 10/30/2014 8:32:55 PM | Computer Name = NORDEMAN-PC | Source = Service Control Manager | ID = 7000
    Description = The IOPort service failed to start due to the following error: %%2

    Error - 10/30/2014 8:32:55 PM | Computer Name = NORDEMAN-PC | Source = Service Control Manager | ID = 7000
    Description = The MemPort service failed to start due to the following error: %%2

    Error - 10/30/2014 8:41:02 PM | Computer Name = NORDEMAN-PC | Source = Service Control Manager | ID = 7031
    Description = The AEHsflVnXcr service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 10/31/2014 7:39:04 PM | Computer Name = NORDEMAN-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe
    Acrobat Update Service service to connect.

    Error - 10/31/2014 7:39:05 PM | Computer Name = NORDEMAN-PC | Source = Service Control Manager | ID = 7000
    Description = The IOPort service failed to start due to the following error: %%2

    Error - 10/31/2014 7:39:20 PM | Computer Name = NORDEMAN-PC | Source = Service Control Manager | ID = 7000
    Description = The MemPort service failed to start due to the following error: %%2

    Error - 11/1/2014 9:55:57 AM | Computer Name = NORDEMAN-PC | Source = Service Control Manager | ID = 7000
    Description = The IOPort service failed to start due to the following error: %%2

    Error - 11/1/2014 9:55:59 AM | Computer Name = NORDEMAN-PC | Source = Service Control Manager | ID = 7000
    Description = The MemPort service failed to start due to the following error: %%2


    < End of report >
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    mordeman,
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Right click OTL on your desktop, and choose "Run as administrator" to open it.
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
      IE - HKCU\..\SearchScopes\{2261B886-D855-4A5E-9E9B-B421D6C73F60}: "URL" = https://search.yahoo.com/search?p={s...4,20028,0,31,0
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/yhs/web?hsp...0029,0,31,6944
      [2014/01/06 20:52:13 | 000,000,000 | ---D | M] -- C:\Users\NORDEMAN\AppData\Roaming\AVG2014
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • That is the FIX log file. Copy the contents of that file and post it in your next reply.
      It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    -------------------------------------------------------------------
    Download and Run Malwarebytes' Anti-Malware
    Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alternate downloads available here or here.
    If needed...User Guide in HTML or PDF formats. Be advised, many options are disabled in the free version.
    Make sure you are connected to the Internet, you'll need to check for updates.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and accept the License Agreement... Please use the original default settings during installation..
    • Leave both Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware checked, then click on Finish.
    • Since MBAM will automatically update itself after install, you can, press the OK button to close that box and the main program will show.
    • When installation has finished, you'll be presented with the MBAM interface.
    • If you see a separate message box to Update databases, click OK and allow it to update before Scanning.
    • On the Scanner tab, make sure the Perform Full Scan button is checked, then click on the Scan button to begin.
      This may take a while, so be patient.
    • When the Scan has finished, a message box will appear telling you the scan was completed. Click OK.
    • You will be moved back to the main screen. Click on the Show Results button.
    • A list of the detected malware will be shown. Click on Remove Selected.
    • While removing malware, MBAM may display a message that it needs to reboot.
      If so, Allow it to reboot, and sign in as normal when Windows restarts.
    • When finished, with or without a reboot, a Scan log will be displayed in Notepad.
    • Copy and paste the contents back here in a reply.
    • Then close MBAM.
    Log files can be found in this location: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

    So we are looking for the FIX log from OTL, and the log from Malwarebytes. Separate replies are fine.

    askey127
     
  7. rnordeman

    rnordeman Thread Starter

    Joined:
    Jul 9, 2013
    Messages:
    59
    Ok...Here is the Fix Log from OTL:


    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2261B886-D855-4A5E-9E9B-B421D6C73F60}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2261B886-D855-4A5E-9E9B-B421D6C73F60}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    C:\Users\NORDEMAN\AppData\Roaming\AVG2014\cfgall folder moved successfully.
    C:\Users\NORDEMAN\AppData\Roaming\AVG2014 folder moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\NORDEMAN\Desktop\cmd.bat deleted successfully.
    C:\Users\NORDEMAN\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NORDEMAN
    ->Temp folder emptied: 83455750 bytes
    ->Temporary Internet Files folder emptied: 2634656 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 47206923 bytes
    ->Flash cache emptied: 506 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10814 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 127.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11012014_185350
    Files\Folders moved on Reboot...
    C:\Users\NORDEMAN\AppData\Local\Temp\BIT9554.tmp moved successfully.
    C:\Users\NORDEMAN\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\NORDEMAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VA1F9WLI\container[1].htm moved successfully.
    C:\Users\NORDEMAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VA1F9WLI\si[1].htm moved successfully.
    C:\Users\NORDEMAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VA1F9WLI\zrt_lookup[1].htm moved successfully.
    C:\Users\NORDEMAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T60Q16EH\si[1].htm moved successfully.
    C:\Users\NORDEMAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T60Q16EH\si[2].htm moved successfully.
    C:\Users\NORDEMAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MG49EICD\1136426-running-terrible[1].htm moved successfully.
    C:\Users\NORDEMAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MG49EICD\si[1].htm moved successfully.
    C:\Users\NORDEMAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
    C:\Users\NORDEMAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\NORDEMAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  8. rnordeman

    rnordeman Thread Starter

    Joined:
    Jul 9, 2013
    Messages:
    59
    Here is the Malwarebytes log:


    <?xml version="1.0" encoding="UTF-8"?>
    @namespace html url(http://www.w3.org/1999/xhtml); :root { font:small Verdana; font-weight: bold; padding: 2em; padding-left:4em; } * { display: block; padding-left: 2em; } html|style { display: none; } html|span, html|a { display: inline; padding: 0; font-weight: normal; text-decoration: none; } html|span.block { display: block; } *[html|hidden], span.block[html|hidden] { display: none; } .expand { display: block; } .expand:before { content: '+'; color: red; position: absolute; left: -1em; } .collapse { display: block; } .collapse:before { content: '-'; color: red; position: absolute; left:-1em; } <mbam-log>
    <header><date>2014/11/01 19:04:12 -0400</date><logfile>mbam-log-2014-11-01 (19-04-11).xml</logfile><isadmin>yes</isadmin></header><engine><version>2.00.3.1025</version><malware-database>v2014.11.01.09</malware-database><rootkit-database>v2014.11.01.02</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>NORDEMAN</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>300375</objects><time>823</time><processes>0</processes><modules>0</modules><keys>0</keys><values>0</values><datas>0</datas><folders>0</folders><files>4</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items><file><path>C:\Users\NORDEMAN\Downloads\InstallConverter_TSV47P23P.exe</path><vendor>PUP.Optional.ClientConnect</vendor><action>success</action><hash>9ffe62d4a7d58fa7892f299eee1323dd</hash></file><file><path>C:\Users\NORDEMAN\Downloads\atf cleaner setup.exe</path><vendor>PUP.Optional.Soft32.A</vendor><action>success</action><hash>cbd2270fef8d132354cbbe91936eb050</hash></file><file><path>C:\Users\NORDEMAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljmibnagodajacnnbifpamhggcohblip_0.localstorage</path><vendor>PUP.Optional.Vbates.A</vendor><action>success</action><hash>316c9d9953295adc34e80c2f2ed54cb4</hash></file><file><path>C:\Users\NORDEMAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljmibnagodajacnnbifpamhggcohblip_0.localstorage-journal</path><vendor>PUP.Optional.Vbates.A</vendor><action>success</action><hash>fe9fe254d7a59a9ccf4dc47740c33ac6</hash></file></items></mbam-log>
     
  9. rnordeman

    rnordeman Thread Starter

    Joined:
    Jul 9, 2013
    Messages:
    59
    Sorry about that....Let me try again.
    Malwarebytes Log:


    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 11/1/2014
    Scan Time: 7:04:12 PM
    Logfile: malwarebuyteslog2.txt
    Administrator: Yes
    Version: 2.00.3.1025
    Malware Database: v2014.11.01.09
    Rootkit Database: v2014.11.01.02
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: NORDEMAN
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 300375
    Time Elapsed: 13 min, 43 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 4
    PUP.Optional.ClientConnect, C:\Users\NORDEMAN\Downloads\InstallConverter_TSV47P23P.exe, Quarantined, [9ffe62d4a7d58fa7892f299eee1323dd],
    PUP.Optional.Soft32.A, C:\Users\NORDEMAN\Downloads\atf cleaner setup.exe, Quarantined, [cbd2270fef8d132354cbbe91936eb050],
    PUP.Optional.Vbates.A, C:\Users\NORDEMAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljmibnagodajacnnbifpamhggcohblip_0.localstorage, Quarantined, [316c9d9953295adc34e80c2f2ed54cb4],
    PUP.Optional.Vbates.A, C:\Users\NORDEMAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ljmibnagodajacnnbifpamhggcohblip_0.localstorage-journal, Quarantined, [fe9fe254d7a59a9ccf4dc47740c33ac6],
    Physical Sectors: 0
    (No malicious items detected)

    (end)
     
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    mordeman,
    ------------------------------------------------------------
    Java Issue
    You may want to read here before you decide whether to keep Java on your system:
    http://www.zdnet.com/a-close-look-a...eptive-software-with-java-updates-7000010038/

    If You Decide to Keep it,
    Download and Install the latest versions of Java Runtime Environment
    from here :
    http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html, and install them to your computer.
    If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
    Check the button to agree to the license.
    Select the links for your Platform, both jre-8u20-windows-i586.exe and jre-8u20-windows-x64.exe
    Click them one at a time, download each and save them to your desktop.
    Then doubleclick each on your desktop, and they will install the newest versions of Java for you to use.

    During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
    When it finishes, you can remove the Installer(s) from your desktop.
    (I don't have any Java on my system).

    -------------------------------------------------------------
    Download MyDefrag from here and Install it : http://www.mydefrag.com/
    (The download button is on the left).
    After Installation, run MyDefrag in System Disk Monthly Mode on the C: drive
    (Click System Disk Monthly and then check C: drive, click Run)
    Wait for it. It goes through 6 Zones. The Window will be labeled Finished at the top when it is done.
    Going forward, you can run it in System Disk Daily mode, but once every week or two is sufficient.
    It will finish quite a bit faster in the ensuing runs.

    Tell me how it's running.
    askey127
     
  11. rnordeman

    rnordeman Thread Starter

    Joined:
    Jul 9, 2013
    Messages:
    59
    Seems to be running somewhat better. I'm going to use it for awhile and see how it goes. I do have one additional question though....when I'm typing in an email or a response to you...my cursor jumps around and I end up typing in the middle of words, etc.....Any suggestions on how to trouble shoot that?


    Thank you for your help!
    Rosemary
     
  12. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,720
    mordeman,
    Don't know what is making cursor jump. We have taken care of most of the basic settings.
    Let's check RAM for any possible defects.
    -----------------------------------------------------------
    Run Windows 7 Memory Diagnostic
    I would suggest printing out these instructions before you begin, since you will not have access during this test.

    Start your machine and tap the F8 key as it boots up.
    From the black screen Menu, choose Repair Your Computer at the top.
    Choose the keyboard type/country
    Enter your usual Username and Password
    Click on Windows Memory Diagnostic
    Click on Restart Now and Check For Problems
    You can see status while it's running. Wait until it finishes and restarts the machine for you.
    If any issues are found, results will be displayed when you log back in.

    If the memory test looks good, the next suspect would be the graphics card.
    You can open Internet Explorer, go to Tools > Windows Updates and see if there are any optional updates for the graphics card driver.

    askey127
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1136426

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice