WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

computer freezes [Closed]

Started by ronmad02 , Jul 04 2014 08:04 PM

This topic is locked

38 replies to this topic

#1 ronmad02

Authentic Member

Authentic Member
108 posts

Posted 04 July 2014 - 08:04 PM

my pc keeps freezing when loading ant web site or other programs doesn't really matter what I try to start. It will say not responding. here are the otl scans.

otl.txt

OTL logfile created on: 7/4/2014 9:33:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\emermadaidan SBR\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.63 Gb Available Physical Memory | 70.73% Memory free
15.93 Gb Paging File | 13.68 Gb Available in Paging File | 85.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.81 Gb Total Space | 538.53 Gb Free Space | 58.48% Space Free | Partition Type: NTFS
Drive D: | 10.61 Gb Total Space | 1.55 Gb Free Space | 14.65% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 2487.30 Gb Free Space | 89.01% Space Free | Partition Type: NTFS
Drive I: | 999.61 Mb Total Space | 713.58 Mb Free Space | 71.39% Space Free | Partition Type: FAT
Drive K: | 1397.26 Gb Total Space | 162.99 Gb Free Space | 11.66% Space Free | Partition Type: NTFS

Computer Name: EMERMADAIDANSBR | User Name: emermadaidan SBR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\emermadaidan SBR\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
PRC - C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe (ShopAtHome.com)
PRC - C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe (ShopAtHome.com)
PRC - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
PRC - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Fitbit, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\emermadaidan SBR\AppData\Local\Apps\2.0\WWXXROJ8.6VK\RREV1G23.L7M\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\ZedgeTonesync.exe (Zedge.net)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe ()
PRC - C:\Program Files (x86)\AirPrint\airprint.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

========== Modules (No Company Name) ==========

MOD - c:\Users\emermadaidan SBR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnz3rma.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\801b632b8b7ef72f14333dbce41524b8\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\c2dde6ca38ddab8efae49654fbabc14c\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c233151b685c540524f87931632423a\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Fitbit Connect) -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Fitbit, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (AirPrint) -- C:\Program Files (x86)\AirPrint\airprint.exe (Apple Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (debutfilter) -- C:\Windows\SysNative\drivers\debutfilterx64.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21F2E698-FFBB-451C-ACCF-09989B21AD75}
IE:64bit: - HKLM\..\SearchScopes\{21F2E698-FFBB-451C-ACCF-09989B21AD75}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
IE - HKLM\..\SearchScopes,DefaultScope = {21F2E698-FFBB-451C-ACCF-09989B21AD75}
IE - HKLM\..\SearchScopes\{21F2E698-FFBB-451C-ACCF-09989B21AD75}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://matchup.io/players/reneeh [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.fitbit.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {15B994C1-7C81-4213-8036-B570808B47EC}
IE - HKCU\..\SearchScopes\{15B994C1-7C81-4213-8036-B570808B47EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...arcSearchScopes
IE - HKCU\..\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\CEA91451B19F485E8FB4AC583F6AAA13: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.bing.com/...079DF&PC=U079="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\EMERMA~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/05/26 10:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2013/07/15 13:54:55 | 000,185,164 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/26 10:04:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/26 10:04:46 | 000,000,000 | ---D | M]

[2013/07/10 22:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Extensions
[2014/04/08 08:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Firefox\Profiles\56kb61y1.default\extensions
[2013/12/28 13:39:18 | 000,002,273 | ---- | M] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Firefox\Profiles\56kb61y1.default\searchplugins\bingp.xml
[2014/03/07 21:01:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/07 21:02:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/15 04:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKLM..\Run: [ShopAtHomeUpdater] C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe (ShopAtHome.com)
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe (ShopAtHome.com)
O4 - HKCU..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [Google+ Auto Backup] "C:\Users\emermadaidan SBR\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart File not found
O4 - HKCU..\Run: [HP Photosmart 7520 series (NET)] C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [PrinterProDesktop] C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe ()
O4 - HKCU..\Run: [ZedgeToneSync] C:\Users\emermadaidan SBR\AppData\Local\Apps\2.0\Data\GB3Q3249.1TO\B49LW16T.Z52\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: dealerconnection.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ford.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: installshield.com ([updates] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0957B116-D472-4D15-8F0C-3388D2620D49}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D6F904B-FF9A-475A-A5E2-DB3A8ACD50D6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.ACDV - File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/07/04 21:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\emermadaidan SBR\Desktop\OTL.exe
[2014/06/15 22:52:36 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\Desktop\SHOPKICK BARCODES
[2014/06/15 22:34:05 | 000,000,000 | R--D | C] -- C:\Users\emermadaidan SBR\Dropbox
[2014/06/15 22:33:03 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\AppData\Roaming\DropboxMaster
[2014/06/15 22:32:41 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/06/15 22:30:54 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox
[2014/06/12 05:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2014/06/10 21:30:17 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/10 21:30:16 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/10 21:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/10 21:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/10 21:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/10 21:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/10 21:30:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/06/10 21:30:13 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/06/10 21:30:11 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/10 21:30:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/10 21:30:11 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/10 21:30:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/10 21:30:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/10 21:30:10 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/10 21:30:09 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/10 21:30:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/10 21:30:08 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/10 21:30:08 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/10 21:30:08 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/10 21:30:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/10 21:30:07 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/10 21:30:07 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/10 21:30:07 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/10 21:30:06 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/10 21:30:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/10 21:30:05 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/10 21:30:05 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/10 21:30:05 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/10 21:30:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/10 21:30:04 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/10 21:30:04 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/10 21:30:03 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/10 21:30:03 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/10 21:30:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/10 21:30:02 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/10 21:30:02 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/10 21:30:02 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/10 21:30:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/10 21:30:01 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/10 21:30:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/10 21:30:00 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/10 21:29:42 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/10 21:29:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

========== Files - Modified Within 30 Days ==========

[2014/07/04 21:38:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/04 21:28:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\emermadaidan SBR\Desktop\OTL.exe
[2014/07/04 07:31:59 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForemermadaidan SBR.job
[2014/06/30 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/06/29 02:31:54 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/29 02:31:54 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/28 18:12:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/28 18:12:06 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/19 15:31:27 | 000,012,288 | ---- | M] () -- C:\Users\emermadaidan SBR\Documents\TPS letter of resignation.wps
[2014/06/19 15:31:27 | 000,003,702 | ---- | M] () -- C:\Users\emermadaidan SBR\AppData\Roaming\wklnhst.dat
[2014/06/15 22:34:05 | 000,001,061 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\Dropbox.lnk
[2014/06/15 22:33:18 | 000,001,071 | ---- | M] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/06/12 05:00:44 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2014/06/08 05:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/08 05:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

========== Files Created - No Company Name ==========

[2014/06/19 15:25:53 | 000,012,288 | ---- | C] () -- C:\Users\emermadaidan SBR\Documents\TPS letter of resignation.wps
[2014/06/15 22:34:05 | 000,001,061 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\Dropbox.lnk
[2014/06/15 22:33:18 | 000,001,071 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/06/12 05:00:44 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2014/06/07 20:08:24 | 002,484,476 | ---- | C] () -- C:\Users\emermadaidan SBR\Documents\IMG_3862.JPG
[2014/06/07 20:08:24 | 002,477,251 | ---- | C] () -- C:\Users\emermadaidan SBR\Documents\IMG_3860.JPG
[2014/06/07 20:08:24 | 002,279,104 | ---- | C] () -- C:\Users\emermadaidan SBR\Documents\IMG_3859.JPG
[2014/06/07 20:08:24 | 002,263,709 | ---- | C] () -- C:\Users\emermadaidan SBR\Documents\IMG_3861.JPG
[2014/05/08 23:55:53 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2014/05/08 23:55:51 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/07/27 17:04:17 | 000,011,776 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/21 00:08:50 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/07/19 13:13:10 | 000,003,702 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\wklnhst.dat
[2013/07/13 09:06:54 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/20 22:48:01 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\ACD Systems
[2014/01/24 01:21:30 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\Catalina – Print Savings
[2013/12/19 11:49:09 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\chc
[2013/07/22 14:43:09 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/08/29 15:44:11 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\com.erclab.air.phototransferapp
[2013/07/27 08:13:21 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\com.ludens.RepperPro
[2014/07/04 00:00:47 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox
[2014/07/04 00:00:46 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\DropboxMaster
[2014/04/12 21:28:53 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\Garmin
[2013/08/27 17:58:41 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\Jobulator
[2013/07/10 21:44:24 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\PictureMover
[2014/04/28 10:50:23 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome
[2013/07/22 11:10:12 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/05/09 00:45:13 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\SumatraPDF
[2013/07/19 13:13:12 | 000,000,000 | ---D | M] -- C:\Users\emermadaidan SBR\AppData\Roaming\Template

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2009/07/13 22:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 16:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2009/10/06 02:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 02:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 02:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 01:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 22:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 22:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 22:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 22:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2014/07/04 00:00:48 | 000,174,376 | ---- | M] () MD5=D07133ECCA57EB40FBA1E4241D9DB44D -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: IEXPLORE.EXE >
[2013/03/04 00:49:09 | 000,672,928 | ---- | M] (Microsoft Corporation) MD5=050A612C1CE0C7095CAD64EA32C570DB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21484_none_1a42c5438bf82907\iexplore.exe
[2014/03/07 21:59:00 | 000,811,728 | ---- | M] (Microsoft Corporation) MD5=0667ED9F8E905E1F73DB60ACCEDCBCA7 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_858ffb5bf711c81f\iexplore.exe
[2013/11/19 04:03:06 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2013/07/26 02:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
[2013/08/10 02:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
[2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2013/07/11 08:15:58 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[2013/08/10 02:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/08/10 00:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013/10/12 17:42:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=39D0074C59F6D1A62731942C7FA8B60B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_167ae4781e4936f5\iexplore.exe
[2014/03/01 18:02:17 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=3A3BEA53F039CE2E997A918E26E30B1D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_8557e945f73c23ff\iexplore.exe
[2013/10/12 05:49:48 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=3C8C00380462B1023C9F8EA2A9A7A137 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_ffa340aa37f7ff34\iexplore.exe
[2014/02/06 18:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) MD5=4263F6C131E513CEA1AE82B5B81A4E1A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_85564983f73dbe0f\iexplore.exe
[2013/08/10 01:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[2014/06/02 02:03:18 | 000,810,200 | ---- | M] (Microsoft Corporation) MD5=4F2AA3E7BD7257E4937E071E3700819E -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/06/02 02:03:18 | 000,810,200 | ---- | M] (Microsoft Corporation) MD5=4F2AA3E7BD7257E4937E071E3700819E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17126_none_7b2e0ea1c2bb6f8c\iexplore.exe
[2013/03/02 01:06:58 | 000,672,912 | ---- | M] (Microsoft Corporation) MD5=58D926F3B2113BF849162C9C26FE21DC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17267_none_19d1c74872c7a039\iexplore.exe
[2014/06/02 00:43:13 | 000,812,248 | ---- | M] (Microsoft Corporation) MD5=60F88F6CA6303E8273AF7AAA9AAFECAC -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2014/06/02 00:43:13 | 000,812,248 | ---- | M] (Microsoft Corporation) MD5=60F88F6CA6303E8273AF7AAA9AAFECAC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17126_none_8582b8f3f71c3187\iexplore.exe
[2013/07/25 23:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[2014/03/01 18:33:45 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=84BCBFB752B96543307E6602E669A95A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_7b033ef3c2db6204\iexplore.exe
[2010/11/20 09:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/07/26 01:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
[2013/07/11 08:15:56 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
[2013/10/12 03:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_09f7eafc6c58c12f\iexplore.exe
[2013/03/02 01:50:08 | 000,696,480 | ---- | M] (Microsoft Corporation) MD5=AFB0FE34A9B7F1B7A70276B9C1A78114 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17267_none_0f7d1cf63e66de3e\iexplore.exe
[2013/07/10 22:44:24 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=AFF2C99AD2C599108B6BD9E77C24B463 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16496_none_0d0dec99809dccc9\iexplore.exe
[2013/03/04 01:42:51 | 000,696,464 | ---- | M] (Microsoft Corporation) MD5=B1B17B56E0F9AE84A1F75E757217154E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21484_none_0fee1af15797670c\iexplore.exe
[2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2014/02/06 18:55:10 | 000,806,104 | ---- | M] (Microsoft Corporation) MD5=C6E1178294BDEAB1CACF50427688DF05 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_7b019f31c2dcfc14\iexplore.exe
[2013/11/19 04:03:08 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[2013/09/22 19:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013/10/12 03:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_20cf8eca52a9f8f0\iexplore.exe
[2013/09/22 20:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/07/26 01:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[2013/09/22 21:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2014/03/07 22:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation) MD5=EA8386CA87165460D39A1D29FF11080B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_7b3b5109c2b10624\iexplore.exe
[2013/07/10 22:44:25 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=EE12BA876C4190532A4085994BA9B616 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16496_none_176296ebb4fe8ec4\iexplore.exe
[2009/07/13 21:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2013/09/22 21:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2013/11/19 04:03:08 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/19 04:03:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/19 04:03:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui
[2013/11/19 04:03:08 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui
[2013/07/10 22:44:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2013/07/10 22:44:25 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/07/11 08:15:56 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/07/11 08:15:58 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/13 22:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 22:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 22:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/13 22:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-4B6C9213.PF >
[2014/07/04 21:27:43 | 000,367,642 | ---- | M] () MD5=E768F848902022EC48255B30A3FD7D4B -- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf

< MD5 for: IEXPLORE.EXE-908C99F8.PF >
[2014/07/04 21:17:39 | 000,147,878 | ---- | M] () MD5=422922EF279AC00AD5FAC71903053FD2 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.AIP >
[2012/11/21 01:09:36 | 000,476,824 | ---- | M] (Adobe Systems Incorporated) MD5=456C45B1A2ECE8814987C4A4EA786413 -- C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Plug-ins\Extensions\Services.aip
[2012/11/21 00:37:22 | 000,382,616 | ---- | M] (Adobe Systems Incorporated) MD5=87ACA12B41F894A8CAFD264A1FC9D1F0 -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.ASFX >
[2014/05/08 07:22:22 | 000,002,704 | ---- | M] () MD5=035013E7F79BADD1F10795E724F03257 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx
[2014/05/08 07:22:20 | 000,002,675 | ---- | M] () MD5=7049E9BE957E8F4F4385F705C7F7CCD3 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2014/05/08 09:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2014/05/08 07:22:20 | 000,559,489 | ---- | M] () MD5=E829329E4886E9A3540C62114FC8E145 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg
[2010/10/25 15:13:46 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2014/03/28 22:30:36 | 000,000,313 | ---- | M] () MD5=564809C9EE555F612B3B7526A3E8E3C2 -- C:\Users\emermadaidan SBR\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6LEYQUWT\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: WINLOGON.ADML >
[2009/07/13 22:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 17:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/03/04 07:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 05:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 05:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 09:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 09:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 22:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.EXE-B020DC41.PF >
[2014/07/03 23:04:06 | 000,033,902 | ---- | M] () MD5=F806D156C5E175036C4F79375716E1C1 -- C:\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf

< MD5 for: WINLOGON.MFL >
[2009/07/13 22:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 22:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 16:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 16:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2014/06/28 18:12:06 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 03:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2014/06/28 18:12:07 | 4258,455,551 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 16:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is HP
Volume Serial Number is 38F7-E988
Directory of C:\
07/14/2009 01:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009 01:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users
07/14/2009 01:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009 01:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009 01:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\emermadaidan SBR
07/10/2013 09:39 PM    <JUNCTION>     Application Data [C:\Users\emermadaidan SBR\AppData\Roaming]
07/10/2013 09:39 PM    <JUNCTION>     Cookies [C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Cookies]
07/10/2013 09:39 PM    <JUNCTION>     Local Settings [C:\Users\emermadaidan SBR\AppData\Local]
07/10/2013 09:39 PM    <JUNCTION>     My Documents [C:\Users\emermadaidan SBR\Documents]
07/10/2013 09:39 PM    <JUNCTION>     NetHood [C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/10/2013 09:39 PM    <JUNCTION>     PrintHood [C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/10/2013 09:39 PM    <JUNCTION>     Recent [C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Recent]
07/10/2013 09:39 PM    <JUNCTION>     SendTo [C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\SendTo]
07/10/2013 09:39 PM    <JUNCTION>     Start Menu [C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu]
07/10/2013 09:39 PM    <JUNCTION>     Templates [C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\emermadaidan SBR\AppData\Local
07/10/2013 09:39 PM    <JUNCTION>     Application Data [C:\Users\emermadaidan SBR\AppData\Local]
07/10/2013 09:39 PM    <JUNCTION>     History [C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\History]
07/10/2013 09:39 PM    <JUNCTION>     Temporary Internet Files [C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\emermadaidan SBR\AppData\LocalLow
08/17/2013 08:27 PM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
Directory of C:\Users\emermadaidan SBR\Documents
07/10/2013 09:39 PM    <JUNCTION>     My Music [C:\Users\emermadaidan SBR\Music]
07/10/2013 09:39 PM    <JUNCTION>     My Pictures [C:\Users\emermadaidan SBR\Pictures]
07/10/2013 09:39 PM    <JUNCTION>     My Videos [C:\Users\emermadaidan SBR\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              51 Dir(s) 578,114,564,096 bytes free

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/07/10 23:58:27 | 000,000,221 | -HS- | M] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2014/07/04 21:28:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\emermadaidan SBR\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

extra.txt

OTL Extras logfile created on: 7/4/2014 9:33:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\emermadaidan SBR\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.63 Gb Available Physical Memory | 70.73% Memory free
15.93 Gb Paging File | 13.68 Gb Available in Paging File | 85.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.81 Gb Total Space | 538.53 Gb Free Space | 58.48% Space Free | Partition Type: NTFS
Drive D: | 10.61 Gb Total Space | 1.55 Gb Free Space | 14.65% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 2487.30 Gb Free Space | 89.01% Space Free | Partition Type: NTFS
Drive I: | 999.61 Mb Total Space | 713.58 Mb Free Space | 71.39% Space Free | Partition Type: FAT
Drive K: | 1397.26 Gb Total Space | 162.99 Gb Free Space | 11.66% Space Free | Partition Type: NTFS

Computer Name: EMERMADAIDANSBR | User Name: emermadaidan SBR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CF43153-BD30-4628-88B2-E2ECC5CA13B3}" = lport=33300 | protocol=6 | dir=in | name=printerprodesktop |
"{0EB867B9-F0BE-46AB-A5D3-BD8596DEEEA7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{19C1D024-1F06-4581-AA64-36CEE84B071C}" = lport=138 | protocol=17 | dir=in | app=system |
"{2F650E1E-BEF2-4724-8608-965568726970}" = lport=2869 | protocol=6 | dir=in | app=system |
"{32010D36-6E63-4F20-A6EC-D9E84499BC03}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{338BD765-043A-478A-B020-FBD592D7911F}" = rport=445 | protocol=6 | dir=out | app=system |
"{3F81DE1C-260B-4B07-BB17-63DA4B79ADA8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe |
"{56B2BCE3-C04D-4476-AA01-89E0510F0F30}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B27FD3D-D1D5-44B4-B8F6-DB0B0A3A5866}" = rport=137 | protocol=17 | dir=out | app=system |
"{8A45D6DC-E0AE-404B-8AE2-2ADD21A63AA7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E6934D9-378C-4052-91F4-4F4527A4B45D}" = lport=137 | protocol=17 | dir=in | app=system |
"{8F85D2E6-A0D4-45E2-8EBF-6D94A88450ED}" = lport=139 | protocol=6 | dir=in | app=system |
"{948D6376-C28F-4A7D-89A9-36FB85F2C195}" = lport=445 | protocol=6 | dir=in | app=system |
"{94F25A42-F205-4E7D-B04E-45CC722A2815}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9C1B37C0-3553-415B-9103-F332A9410F43}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A03B3B04-F81F-45F2-8532-59018098EC71}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A300F665-6CCC-4D09-9EDD-99F887D37BF8}" = rport=138 | protocol=17 | dir=out | app=system |
"{A9ED969B-C645-4B08-BA60-B9D88D4EAFC3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3C1FD08-462D-4228-817A-46AE09BC4277}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C3EDD0F7-6A91-452C-8EB0-E8B8D3091629}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D1BE432A-4B3E-469B-8B38-58ABC3C281CA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DBFFFB31-736A-4D33-A069-8D96D56D4BB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB32C944-60E2-4A75-B9E6-C25763CCB0CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F111ACE0-6629-4B1F-816D-D6025DD873EC}" = rport=139 | protocol=6 | dir=out | app=system |
"{F3067CCC-29C4-4326-8961-5937C99D0015}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE289F61-6449-42F5-9C18-921D8349C03B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FF8B0511-116F-496B-9136-348A9083B281}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07AA29FC-167E-4CA4-B427-A71EDEA6E6A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{080BFD4F-5C72-4E02-9655-F113C092FD04}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{10C7C0F4-1D95-4F3D-B3E5-2758CE3D7D3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10E21924-E9CC-4C0B-A91B-8862DC39D51C}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicatorcom.exe |
"{1D37F126-E89C-41E2-BD87-EA532AB310AE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{1EAE918D-A049-46B9-8687-5FD248C852C9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{211749AF-3FF7-48FB-8107-AFADA1EEF72B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B143F17-849F-4C54-BD66-45E0605AAC98}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{2F4E5E0C-040D-4FC1-95FC-B0CBEEAE923A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{2F912F3C-FFA3-4D92-873E-1FFD999B9468}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{31D2CF65-8590-4C48-BE9D-FD3D94F25920}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{33FEAEC7-2C0B-4B93-9E6E-C37D7D8685B5}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\digitalwizards.exe |
"{372D5875-3B6B-4179-809F-A3D7EFB51CF8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40A002C1-D9ED-416D-B216-7C98FD54758A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4B11CDA6-198F-402B-B2BA-E34FD9F8F889}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\sendafax.exe |
"{59BDB081-D239-43A4-9BFD-CEE66929822F}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\hpnetworkcommunicator.exe |
"{606EDFC1-54E4-4027-950B-C4EDC491F741}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6178B5C9-301E-4089-912F-C6E86D2307F3}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{63B4EAF8-31BD-42AF-87A3-9B8774ECEB73}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{68B4E572-28D8-49DA-9A91-F4B33A9B9F48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7025BE7D-3137-4E19-874E-034F8DDB5B2A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A0B32D7-0E7A-43D6-8C24-4065E3215928}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7E399E71-D7BB-48C2-826D-E145A86A8C3E}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\devicesetup.exe |
"{7E6A5978-5151-4C64-9016-9FF1D250278D}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{7F34C847-6499-4386-BC26-C3AF3971A94D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |
"{861044D8-63D5-4A82-90DD-3A46D2772B77}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{898275A2-522A-4937-B2AE-7CC2DB64DDED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B9C7ACB-F40A-4615-AA5D-36B096946FD5}" = protocol=6 | dir=in | app=c:\users\emermadaidan sbr\appdata\roaming\dropbox\bin\dropbox.exe |
"{8EF06F70-6E2E-4006-AF2F-22D9FA2A6464}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98B88FE6-C407-455F-BB8C-9CD662FAD893}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{9B25FCC6-AC10-4639-BD45-4DD50F7CF909}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{A10C3894-3F0A-42E9-B75B-771DC1EF5A4E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8558BF2-ABDF-4C25-BEFE-E009B1D92F59}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"{AC0593E5-7591-4B26-A54B-4B40C2A77A64}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD814F1F-1D68-4587-A441-B8658BBA9BAC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B5499836-541A-4257-97AF-A12C9C417D45}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{B8FA346B-B5E9-4F33-A497-BF8883A84FCB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{BC69A7D2-A8D4-4505-BB4D-E5338E92268B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BF07B227-A871-408F-B7A1-040A3B75BF42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C904700A-4C69-489E-8FD0-2CF5E7DA34AC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{CC298314-1ADB-44D1-A99E-22A6589A8284}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCA1519B-AB55-4FAC-9493-3DCCF3A13913}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D3AE420C-B768-4119-9007-845D138C06A7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D4A3766C-5CEB-4B65-AAFC-1D99B5D98156}" = protocol=6 | dir=out | app=system |
"{D7173C77-CD4B-46D0-80E0-78F604F66044}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{DC4A5F7A-F2E3-4965-87E0-01F560D972D4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{DE91092F-5C9E-4105-9B70-2EC1BC72DE84}" = dir=in | app=c:\program files\hp\hp photosmart 7520 series\bin\faxapplications.exe |
"{DFC59299-2D64-4E53-89BD-F4B47A1709F6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{E9C66DA2-FD41-45E3-BAEA-19DA8A048D08}" = protocol=17 | dir=in | app=c:\users\emermadaidan sbr\appdata\roaming\dropbox\bin\dropbox.exe |
"{F685B3B2-0B56-4B51-9F78-7AF97219280D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{F742B87C-00AF-4581-9281-DF13649C8767}" = protocol=6 | dir=in | app=c:\program files (x86)\printer pro desktop\printerprodesktop.exe |
"{F7C47527-78F8-444B-81B4-F5DE57604B23}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F8E17F45-ABDF-4490-9312-34D4511442D2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FC37E6B7-6F0B-4FF5-9354-8C419DB3B677}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |
"TCP Query User{5A42C332-9A88-4493-BCD9-F6E1E1FDC3A7}C:\program files (x86)\airprint\airprint.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airprint\airprint.exe |
"TCP Query User{F613941D-7EC4-488C-A4C8-153C40B6764C}C:\users\emermadaidan sbr\appdata\local\temp\rar$exa0.351\airprint.exe" = protocol=6 | dir=in | app=c:\users\emermadaidan sbr\appdata\local\temp\rar$exa0.351\airprint.exe |
"UDP Query User{1552F1D9-889F-4E0B-8D05-E5C53F040706}C:\users\emermadaidan sbr\appdata\local\temp\rar$exa0.351\airprint.exe" = protocol=17 | dir=in | app=c:\users\emermadaidan sbr\appdata\local\temp\rar$exa0.351\airprint.exe |
"UDP Query User{4DCAD3F0-913A-47FE-A11A-CD87089B2355}C:\program files (x86)\airprint\airprint.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airprint\airprint.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{1A72EC9A-8D86-4E32-86DF-FEF901B821FE}" = ANT Drivers Installer x64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{27ABA988-D480-4F44-B0FD-45E5656D2CFE}" = HP Photosmart 7520 series Basic Device Software
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013
"{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
"F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft Security Client" = Microsoft Security Essentials
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR 5.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02160E66-3A64-4047-8E88-D2B5D43A0575}" = Garmin Express
"{0327A4BF-62BF-48BB-8928-B971B749E9E1}" = Adobe Creative Suite 6 Design Standard
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{123D4082-3194-4191-9139-067E9157C2B2}" = Print@Home
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2B460966-D9B9-4365-87E5-C55E2720A8DB}" = Garmin Express Tray
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{32D39568-3B77-11E3-88CE-00163E98E7D0}" = Evernote v. 5.0.3
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}" = Garmin Express
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6A7C2B2E-36A3-4EF5-96C6-708CD090A3AD}" = Fitbit Connect
"{6F32C067-9C89-938F-FF0F-9E2DC02956AE}" = Repper Pro
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77D0B84F-384D-4AE6-72D1-75EAA11A53D3}" = Jobulator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E44D023-7032-5F3C-C14B-833915E11A4A}" = Adobe® Content Viewer
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADBF2C6-CF3B-40DC-9939-E0FF3C74F193}" = TransferBigFiles Desktop Client
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D5122AC8-C885-3E48-1831-0A4E988226B0}" = Photo Transfer App
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DEA1CC63-5A71-4014-9816-40750C4F4823}" = Elevated Installer
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"com.erclab.air.phototransferapp" = Photo Transfer App
"com.ludens.RepperPro" = Repper Pro
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"CouponBar5.0.0.4" = CouponBar
"Debut" = Debut Video Capture Software
"ExpressBurn" = Express Burn
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Jobulator" = Jobulator
"Money2008b" = Microsoft Money Plus
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"Picasa 3" = Picasa 3
"PrinterProDesktop" = Printer Pro Desktop
"ShopAtHome.com Helper" = ShopAtHome.com Helper
"ShopAtHome.com Toolbar" = ShopAtHome.com Toolbar
"VideoPad" = VideoPad Video Editor
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"c2c9648a374f64d1" = ToneSync for Windows
"Dropbox" = Dropbox
"HuluDesktop" = Hulu Desktop

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/21/2014 1:07:06 PM | Computer Name = emermadaidanSBR | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 15

Error - 6/21/2014 1:07:06 PM | Computer Name = emermadaidanSBR | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 16

Error - 6/21/2014 1:07:06 PM | Computer Name = emermadaidanSBR | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17

Error - 6/21/2014 1:07:06 PM | Computer Name = emermadaidanSBR | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18

Error - 6/21/2014 1:07:06 PM | Computer Name = emermadaidanSBR | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 6/21/2014 1:07:06 PM | Computer Name = emermadaidanSBR | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 6/21/2014 1:07:06 PM | Computer Name = emermadaidanSBR | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 6/21/2014 1:07:06 PM | Computer Name = emermadaidanSBR | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 6/21/2014 1:07:06 PM | Computer Name = emermadaidanSBR | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 6/21/2014 1:07:06 PM | Computer Name = emermadaidanSBR | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

[ HP Software Framework Events ]
Error - 3/4/2014 8:57:17 PM | Computer Name = emermadaidanSBR | Source = CaslSmBios | ID = 5
Description = 2014/03/04 19:57:17.012|000006E4|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

Error - 3/4/2014 8:57:23 PM | Computer Name = emermadaidanSBR | Source = CaslSmBios | ID = 5
Description = 2014/03/04 19:57:23.501|000006E4|Error      |[CaslWmi]CommandDiags::A{hpCasl.enReturnCode(System.DateTime&)}|Error
executing wmiBIOS.ExecMethodClient, eRetCode: 597

Error - 3/4/2014 8:57:27 PM | Computer Name = emermadaidanSBR | Source = CaslSmBios | ID = 5
Description = 2014/03/04 19:57:27.573|000006E4|Error      |[CaslWmi]CommandDiags::A{hpCasl.enReturnCode(System.DateTime&)}|Error
executing wmiBIOS.ExecMethodClient, eRetCode: 597

Error - 4/5/2014 4:50:37 PM | Computer Name = emermadaidanSBR | Source = CaslSmBios | ID = 5
Description = 2014/04/05 16:50:37.654|000046FC|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

Error - 4/5/2014 4:50:44 PM | Computer Name = emermadaidanSBR | Source = CaslSmBios | ID = 5
Description = 2014/04/05 16:50:44.112|000046FC|Error      |[CaslWmi]CommandDiags::A{hpCasl.enReturnCode(System.DateTime&)}|Error
executing wmiBIOS.ExecMethodClient, eRetCode: 597

Error - 5/5/2014 5:34:31 PM | Computer Name = emermadaidanSBR | Source = CaslSmBios | ID = 5
Description = 2014/05/05 17:34:30.742|000016F0|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state

[ System Events ]
Error - 7/2/2014 3:05:26 PM | Computer Name = emermadaidanSBR | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 7/2/2014 3:05:26 PM | Computer Name = emermadaidanSBR | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 7/2/2014 3:05:26 PM | Computer Name = emermadaidanSBR | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 7/2/2014 5:26:14 PM | Computer Name = emermadaidanSBR | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 252.

Error - 7/2/2014 5:26:14 PM | Computer Name = emermadaidanSBR | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 252.

Error - 7/2/2014 9:22:43 PM | Computer Name = emermadaidanSBR | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 7/2/2014 9:22:43 PM | Computer Name = emermadaidanSBR | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 7/2/2014 9:22:43 PM | Computer Name = emermadaidanSBR | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 7/2/2014 9:22:43 PM | Computer Name = emermadaidanSBR | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 7/4/2014 12:00:44 AM | Computer Name = emermadaidanSBR | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

< End of report >

Ronmad02

Advertisements

Register to Remove

#2 OCD

SuperHelper

Malware Team
5,574 posts

Posted 06 July 2014 - 11:40 AM

Hi ronmad02,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

aswMBR

Download aswMBR.exe and save it to your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

Please download AdwCleaner by Xplode and save to your Desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that log file in your next reply.
A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.

=========================

In your next post please provide the following:

checkup.txt
aswMBR.txt
attach MBR.zip
AdwCleaner[R0].txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#3 ronmad02

Authentic Member

Authentic Member
108 posts

Posted 07 July 2014 - 05:45 AM

Thanks OCD for the help. Here is the security check scan and the aswmbr scans the adwcleaner is taking forever so I will post it after work. I have also attached the mbr file.

thanks

ronmad02

checkup.txt

Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 13.0.0.214 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox 27.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

aswmbr.txt

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-06 23:47:51
-----------------------------
23:47:51.119    OS Version: Windows x64 6.1.7601 Service Pack 1
23:47:51.119    Number of processors: 4 586 0x170A
23:47:51.119    ComputerName: EMERMADAIDANSBR UserName:
23:47:53.412    Initialize success
23:47:53.475    VM: initialized successfully
23:47:53.584    VM: Intel CPU BiosDisabled
23:48:01.823    VM: supported disk I/O ataport.SYS
23:51:19.413    AVAST engine defs: 14070601
23:52:06.228    Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-2
23:52:06.228    Disk 0 Vendor: ST3000DM001-9YN166 CC46 Size: 2861588MB BusType: 3
23:52:06.228    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
23:52:06.228    Disk 1 Vendor: WDC_WD10EADS-65M2B0 01.00A01 Size: 953869MB BusType: 3
23:52:06.338    Disk 1 MBR read successfully
23:52:06.338    Disk 1 MBR scan
23:52:06.400    Disk 1 unknown MBR code
23:52:06.400    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:52:06.400    Disk 1 default boot code
23:52:06.431    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       942905 MB offset 206848
23:52:06.494    Disk 1 Partition 3 00     07    HPFS/NTFS NTFS        10862 MB offset 1931276288
23:52:06.603    Disk 1 scanning C:\Windows\system32\drivers
23:52:20.128    Service scanning
23:52:47.974    Modules scanning
23:52:47.974    Disk 1 trace - called modules:
23:52:47.990    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
23:52:48.005    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80077ab060]
23:52:48.005    3 CLASSPNP.SYS[fffff8800198143f] -> nt!IofCallDriver -> [0xfffffa800719b580]
23:52:48.005    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800719d060]
23:52:50.174    AVAST engine scan C:\Windows
23:52:53.543    AVAST engine scan C:\Windows\system32
00:03:00.634    AVAST engine scan C:\Windows\system32\drivers
00:03:17.903    AVAST engine scan C:\Users\emermadaidan SBR
00:40:16.355    AVAST engine scan C:\ProgramData
00:47:25.810    Scan finished successfully
07:04:52.073    Disk 1 MBR has been saved successfully to "C:\Users\emermadaidan SBR\Desktop\MBR.dat"
07:04:52.136    The log file has been saved successfully to "C:\Users\emermadaidan SBR\Desktop\aswMBR.txt"

thanks again .

Attached Files

MBR.zip 526bytes 172 downloads

Ronmad02

#4 ronmad02

Authentic Member

Authentic Member
108 posts

Posted 07 July 2014 - 04:17 PM

ok here is the other log you wanted..

Thanks

# AdwCleaner v3.214 - Report created 07/07/2014 at 07:10:54
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : emermadaidan SBR - EMERMADAIDANSBR
# Running from : C:\Users\emermadaidan SBR\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Firefox\Profiles\56kb61y1.default\searchplugins\bingp.xml
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\NCH Software
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\Users\emermadaidan SBR\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\emermadaidan SBR\AppData\Roaming\NCH Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8660E5B3-6C41-44DE-8503-98D99BBECD41}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8660E5B3-6C41-44DE-8503-98D99BBECD41}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Firefox\Profiles\56kb61y1.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [9372 octets] - [07/07/2014 07:10:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9432 octets] ##########

Ronmad02

#5 ronmad02

Authentic Member

Authentic Member
108 posts

Posted 07 July 2014 - 04:19 PM

duplicate log....

Edited by ronmad02, 07 July 2014 - 04:37 PM.

Ronmad02

#6 OCD

SuperHelper

Malware Team
5,574 posts

Posted 09 July 2014 - 03:20 AM

Hi ronmad02,

Re- run AdwCleaner

It should be on your desktop

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Re-run OTL (it should be located on your desktop).

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:

AdwCleaner[S0].txt
OTL.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#7 ronmad02

Authentic Member

Authentic Member
108 posts

Posted 09 July 2014 - 07:31 PM

ok did what you asked here are the scans.

otl.txt

OTL logfile created on: 7/9/2014 7:28:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\emermadaidan SBR\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.16 Gb Available Physical Memory | 77.28% Memory free
15.93 Gb Paging File | 13.97 Gb Available in Paging File | 87.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.81 Gb Total Space | 533.76 Gb Free Space | 57.97% Space Free | Partition Type: NTFS
Drive D: | 10.61 Gb Total Space | 1.55 Gb Free Space | 14.65% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 2487.30 Gb Free Space | 89.01% Space Free | Partition Type: NTFS
Drive K: | 1397.26 Gb Total Space | 163.04 Gb Free Space | 11.67% Space Free | Partition Type: NTFS

Computer Name: EMERMADAIDANSBR | User Name: emermadaidan SBR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\emermadaidan SBR\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
PRC - C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe (ShopAtHome.com)
PRC - C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe (ShopAtHome.com)
PRC - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
PRC - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Fitbit, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\emermadaidan SBR\AppData\Local\Apps\2.0\WWXXROJ8.6VK\RREV1G23.L7M\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\ZedgeTonesync.exe (Zedge.net)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
PRC - C:\Program Files (x86)\uvnc bvba\UltraVnc\winvnc.exe (UltraVNC)
PRC - C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe ()
PRC - C:\Program Files (x86)\AirPrint\airprint.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

========== Modules (No Company Name) ==========

MOD - c:\Users\emermadaidan SBR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi5kmjj.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\801b632b8b7ef72f14333dbce41524b8\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\c2dde6ca38ddab8efae49654fbabc14c\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c233151b685c540524f87931632423a\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Fitbit Connect) -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Fitbit, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (uvnc_service) -- C:\Program Files (x86)\uvnc bvba\UltraVnc\winvnc.exe (UltraVNC)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (AirPrint) -- C:\Program Files (x86)\AirPrint\airprint.exe (Apple Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - ({6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64) -- C:\Windows\SysNative\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys (StdLib)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (debutfilter) -- C:\Windows\SysNative\drivers\debutfilterx64.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21F2E698-FFBB-451C-ACCF-09989B21AD75}
IE:64bit: - HKLM\..\SearchScopes\{21F2E698-FFBB-451C-ACCF-09989B21AD75}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{21F2E698-FFBB-451C-ACCF-09989B21AD75}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://matchup.io/players/reneeh [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.fitbit.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{15B994C1-7C81-4213-8036-B570808B47EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\CEA91451B19F485E8FB4AC583F6AAA13: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\EMERMA~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/05/26 10:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2013/07/15 13:54:55 | 000,185,164 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/26 10:04:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/26 10:04:46 | 000,000,000 | ---D | M]

[2013/07/10 22:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Extensions
[2014/07/08 08:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Firefox\Profiles\56kb61y1.default\extensions
[2014/03/07 21:01:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/07 21:02:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/15 04:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKLM..\Run: [ShopAtHomeUpdater] C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe (ShopAtHome.com)
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe (ShopAtHome.com)
O4 - HKCU..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [Google+ Auto Backup] "C:\Users\emermadaidan SBR\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart File not found
O4 - HKCU..\Run: [HP Photosmart 7520 series (NET)] C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [PrinterProDesktop] C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe ()
O4 - HKCU..\Run: [ZedgeToneSync] C:\Users\emermadaidan SBR\AppData\Local\Apps\2.0\Data\GB3Q3249.1TO\B49LW16T.Z52\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: dealerconnection.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ford.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: installshield.com ([updates] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0957B116-D472-4D15-8F0C-3388D2620D49}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D6F904B-FF9A-475A-A5E2-DB3A8ACD50D6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/07 19:33:19 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
[2014/07/07 18:34:17 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\AppData\Roaming\UltraVNC
[2014/07/07 18:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uvnc bvba
[2014/07/07 07:10:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/06 23:39:04 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Users\emermadaidan SBR\Desktop\aswMBR.exe
[2014/07/04 21:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\emermadaidan SBR\Desktop\OTL.exe
[2014/06/15 22:52:36 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\Desktop\SHOPKICK BARCODES
[2014/06/15 22:34:05 | 000,000,000 | R--D | C] -- C:\Users\emermadaidan SBR\Dropbox
[2014/06/15 22:33:03 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\AppData\Roaming\DropboxMaster
[2014/06/15 22:32:41 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/06/15 22:30:54 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox
[2014/06/12 05:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2014/06/10 21:30:17 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/10 21:30:16 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/10 21:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/10 21:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/10 21:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/10 21:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/10 21:30:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/06/10 21:30:13 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/06/10 21:30:11 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/10 21:30:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/10 21:30:11 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/10 21:30:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/10 21:30:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/10 21:30:10 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/10 21:30:09 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/10 21:30:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/10 21:30:08 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/10 21:30:08 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/10 21:30:08 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/10 21:30:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/10 21:30:07 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/10 21:30:07 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/10 21:30:07 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/10 21:30:06 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/10 21:30:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/10 21:30:05 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/10 21:30:05 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/10 21:30:05 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/10 21:30:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/10 21:30:04 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/10 21:30:04 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/10 21:30:03 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/10 21:30:03 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/10 21:30:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/10 21:30:02 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/10 21:30:02 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/10 21:30:02 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/10 21:30:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/10 21:30:01 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/10 21:30:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/10 21:30:00 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/10 21:29:42 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/10 21:29:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

========== Files - Modified Within 30 Days ==========

[2014/07/09 19:34:24 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForemermadaidan SBR.job
[2014/07/09 19:26:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/09 19:26:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/09 19:19:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/09 19:19:15 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/09 19:16:44 | 001,348,263 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\adwcleaner_3.215.exe
[2014/07/09 18:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/09 13:38:19 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/09 13:38:19 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/08 18:12:16 | 000,004,168 | ---- | M] () -- C:\Users\emermadaidan SBR\AppData\Roaming\wklnhst.dat
[2014/07/08 14:45:35 | 000,010,752 | ---- | M] () -- C:\Users\emermadaidan SBR\Documents\Front Fence List.wps
[2014/07/08 08:06:58 | 000,089,168 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\building-permit-application-12-23-13-fcl.pdf
[2014/07/07 11:36:38 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
[2014/07/07 07:11:58 | 000,000,526 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\MBR.zip
[2014/07/07 07:04:52 | 000,000,512 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\MBR.dat
[2014/07/06 23:39:19 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Users\emermadaidan SBR\Desktop\aswMBR.exe
[2014/07/06 23:38:44 | 000,854,390 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\SecurityCheck.exe
[2014/07/04 21:28:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\emermadaidan SBR\Desktop\OTL.exe
[2014/06/30 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/06/19 15:31:27 | 000,012,288 | ---- | M] () -- C:\Users\emermadaidan SBR\Documents\TPS letter of resignation.wps
[2014/06/15 22:34:05 | 000,001,061 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\Dropbox.lnk
[2014/06/15 22:33:18 | 000,001,071 | ---- | M] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/06/12 05:00:44 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk

========== Files Created - No Company Name ==========

[2014/07/09 19:16:37 | 001,348,263 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\adwcleaner_3.215.exe
[2014/07/08 14:45:35 | 000,010,752 | ---- | C] () -- C:\Users\emermadaidan SBR\Documents\Front Fence List.wps
[2014/07/08 08:06:58 | 000,089,168 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\building-permit-application-12-23-13-fcl.pdf
[2014/07/07 18:31:34 | 000,003,103 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVnc Server Settings.lnk
[2014/07/07 18:31:34 | 000,003,085 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVNC Server.lnk
[2014/07/07 18:31:34 | 000,003,053 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVNC Viewer.lnk
[2014/07/07 18:31:34 | 000,002,092 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVNC Folder.lnk
[2014/07/07 07:11:58 | 000,000,526 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\MBR.zip
[2014/07/07 07:04:52 | 000,000,512 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\MBR.dat
[2014/07/06 23:38:44 | 000,854,390 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\SecurityCheck.exe
[2014/06/19 15:25:53 | 000,012,288 | ---- | C] () -- C:\Users\emermadaidan SBR\Documents\TPS letter of resignation.wps
[2014/06/15 22:34:05 | 000,001,061 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\Dropbox.lnk
[2014/06/15 22:33:18 | 000,001,071 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/06/12 05:00:44 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2014/05/08 23:55:53 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2014/05/08 23:55:51 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/07/27 17:04:17 | 000,011,776 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/21 00:08:50 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/07/19 13:13:10 | 000,004,168 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\wklnhst.dat
[2013/07/13 09:06:54 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

adwcleaner[s0].txt

# AdwCleaner v3.215 - Report created 09/07/2014 at 19:17:47
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : emermadaidan SBR - EMERMADAIDANSBR
# Running from : C:\Users\emermadaidan SBR\Desktop\adwcleaner_3.215.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\EMERMA~1\AppData\Local\Temp\NetCrawl
Folder Deleted : C:\Users\emermadaidan SBR\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\emermadaidan SBR\AppData\Roaming\NCH Software
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Firefox\Profiles\56kb61y1.default\searchplugins\bingp.xml
File Deleted : C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Firefox\Profiles\56kb61y1.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8660E5B3-6C41-44DE-8503-98D99BBECD41}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8660E5B3-6C41-44DE-8503-98D99BBECD41}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8660E5B3-6C41-44DE-8503-98D99BBECD41}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Firefox\Profiles\56kb61y1.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [9592 octets] - [07/07/2014 07:10:54]
AdwCleaner[R1].txt - [10907 octets] - [09/07/2014 19:17:18]
AdwCleaner[S0].txt - [10109 octets] - [09/07/2014 19:17:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10170 octets] ##########

thanks

Ronmad02

#8 OCD

SuperHelper

Malware Team
5,574 posts

Posted 09 July 2014 - 08:26 PM

Hi ronmad02,

Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

ShopAtHome.com Helper
ShopAtHome.com Toolbar

=========================

Clear Browser Cache in IE9

Close all Internet Explorer and Windows Explorer windows that are currently open.
Open Internet Explorer.
Click the Tools button , and then expand theSafety menu, then select Delete browsing history.
Select the check box next to each of the following categories.
- Temporary Internet files and website files
- History
Click Delete

=========================

Run OTL.exe

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
PRC - C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe (ShopAtHome.com)
PRC - C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe (ShopAtHome.com)
IE:64bit: - HKLM\..\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
IE - HKLM\..\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2013/07/15 13:54:55 | 000,185,164 | ---- | M] ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O4 - HKLM..\Run: [ShopAtHomeUpdater] C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe (ShopAtHome.com)
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe (ShopAtHome.com)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: dealerconnection.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ford.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: installshield.com ([updates] http in Trusted sites)

:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

In your next post please provide the following:

OTL fix log
Fresh OTL.txt
How is the computer running at the moment, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#9 ronmad02

Authentic Member

Authentic Member
108 posts

Posted 09 July 2014 - 11:27 PM

ok here are the fix logs and the new scan.

Computer seems to run better but at times my hard drive light stays on and then the computer slows way down.when I open any program it will say not responding and if I wait it will catch up and start to run fine for a while my internet seems to run a lot better. I can let you know more tomorrow after I have some time on it.

Fix log

All processes killed
========== OTL ==========
No active process named ShopAtHomeWatcher.exe was found!
No active process named ShopAtHomeUpdater.exe was found!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75A173AC-EBC0-4BC6-A8AF-03EBC2A94E26}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\ not found.
File C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2013/07/15 13:54:55 | 000,185,164 | ---- | M] not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}\ not found.
C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ not found.
File C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeUpdater deleted successfully.
File C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher deleted successfully.
File C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@surf.mar@/\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dealerconnection.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ford.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\installshield.com\updates\ deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: emermadaidan SBR
->Temp folder emptied: 1006411499 bytes
->Temporary Internet Files folder emptied: 81379830 bytes
->Java cache emptied: 33947094 bytes
->FireFox cache emptied: 58322096 bytes
->Flash cache emptied: 155523 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 540711140 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42305994 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,682.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 07102014_010028

Files\Folders moved on Reboot...
C:\Users\emermadaidan SBR\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAAPGZ6D not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAAPMVFQ not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAAS5FOO not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAASFAT9 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAAWV63J not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAAWXFO1 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAAYLDDO not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAB13SM2 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAB3009S not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAF0WG18 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAF6OHU5 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAF7A1IV not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAFAMPRD not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAFCQS09 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAFD5LKI not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAFFI8NR not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAFGCJ3M not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAFGJ7R5 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAFRCUAX not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAFUNKRY not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAFVMYL2 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAFW9PXR not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAFWG3AR not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAG00M66 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAG0EPEJ not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAG2DQS9 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAG46AB0 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAG5YAI8 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAG94UY6 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAG9LZ4O not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAGAJA0Y not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAGAWHRG not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAGCE2MQ not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAGCNBN9 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAGD7F2H not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAGJ1NU0 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAGJ4ZRC not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAGJDAHB not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAGJSGRD not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAGR5X88 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAGTUU6C not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAGW0IUX not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAH28GF9 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAH4XDO8 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\CAH6UTS5 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\EL5RIO6W not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\ELMU33EB not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\ELV0RSQE not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\EMJ3EGAO not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\EO66D4OG not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\EOI4WTFP not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\ESGND9NB not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\F01D3EH0 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\F5T9RFJ5 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\F98LVOQH not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\F9Y1WAQM not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[1].gif not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[1].htm not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[1].jpg not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[1].png not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[2].gif not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[2].htm not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[2].jpg not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[2].png not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[3].gif not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[3].htm not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[3].png not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[4].gif not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[4].htm not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[4].png not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[5].htm not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[5].png not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[6].png not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[7].png not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[8].png not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\favicon[9].png not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\FD9R19V8 not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\FGFRTVRX not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk22C0.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk231A.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2343.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2384.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk23F3.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk243A.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2458.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2522.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2546.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk256C.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk25A2.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk25CA.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk25ED.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk25F2.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk25F4.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2641.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk26E6.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2702.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk272E.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2732.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2742.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2768.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2799.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2801.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2899.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk28AA.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk28B.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk28C4.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk28C9.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2900.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2937.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk2950.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk29CD.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk29DB.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk751A.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk754F.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk755.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk75A7.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk764C.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7677.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7686.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk76A.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk76A3.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7711.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk77B.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk77DA.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk77E6.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7802.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7827.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk785C.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7879.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7908.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7942.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk797.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk798D.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7996.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7A70.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7ABD.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7AC1.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7ADB.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7AF0.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7AF5.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7BEB.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7BEC.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7CC1.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7CEB.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7D1D.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbk7D26.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC695.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC697.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC6AF.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC6C.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC6D7.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC6F6.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC6FC.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC77.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC7DB.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC7E3.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC81D.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC860.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC8E4.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC9A8.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkC9B9.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCA0.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCA14.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCA2A.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCA59.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCA82.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCA86.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCB9A.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCC0D.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCC36.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCC7A.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCCE.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCCFA.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCD0F.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCD59.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCD65.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCD68.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCE13.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCE5.tmp not found!
File\Folder C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7P3PRCJ\wbkCEB0.tmp not found!
C:\Users\emermadaidan SBR\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

fresh otl.txt

OTL logfile created on: 7/10/2014 1:10:30 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\emermadaidan SBR\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 5.45 Gb Available Physical Memory | 68.35% Memory free
15.93 Gb Paging File | 13.44 Gb Available in Paging File | 84.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.81 Gb Total Space | 537.20 Gb Free Space | 58.34% Space Free | Partition Type: NTFS
Drive D: | 10.61 Gb Total Space | 1.55 Gb Free Space | 14.65% Space Free | Partition Type: NTFS
Drive F: | 2794.39 Gb Total Space | 2487.30 Gb Free Space | 89.01% Space Free | Partition Type: NTFS
Drive K: | 1397.26 Gb Total Space | 163.04 Gb Free Space | 11.67% Space Free | Partition Type: NTFS

Computer Name: EMERMADAIDANSBR | User Name: emermadaidan SBR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\emermadaidan SBR\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
PRC - C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
PRC - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Fitbit, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\emermadaidan SBR\AppData\Local\Apps\2.0\WWXXROJ8.6VK\RREV1G23.L7M\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\ZedgeTonesync.exe (Zedge.net)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
PRC - C:\Program Files (x86)\uvnc bvba\UltraVnc\winvnc.exe (UltraVNC)
PRC - C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe ()
PRC - C:\Program Files (x86)\AirPrint\airprint.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

========== Modules (No Company Name) ==========

MOD - c:\Users\emermadaidan SBR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4bsiz4.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\801b632b8b7ef72f14333dbce41524b8\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\c2dde6ca38ddab8efae49654fbabc14c\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c233151b685c540524f87931632423a\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Fitbit Connect) -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Fitbit, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (uvnc_service) -- C:\Program Files (x86)\uvnc bvba\UltraVnc\winvnc.exe (UltraVNC)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (AirPrint) -- C:\Program Files (x86)\AirPrint\airprint.exe (Apple Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - ({6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64) -- C:\Windows\SysNative\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys (StdLib)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (debutfilter) -- C:\Windows\SysNative\drivers\debutfilterx64.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21F2E698-FFBB-451C-ACCF-09989B21AD75}
IE:64bit: - HKLM\..\SearchScopes\{21F2E698-FFBB-451C-ACCF-09989B21AD75}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{21F2E698-FFBB-451C-ACCF-09989B21AD75}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://matchup.io/players/reneeh [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.fitbit.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {15B994C1-7C81-4213-8036-B570808B47EC}
IE - HKCU\..\SearchScopes\{15B994C1-7C81-4213-8036-B570808B47EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\CEA91451B19F485E8FB4AC583F6AAA13: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\EMERMA~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/05/26 10:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/26 10:04:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/26 10:04:46 | 000,000,000 | ---D | M]

[2013/07/10 22:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Extensions
[2014/07/08 08:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Firefox\Profiles\56kb61y1.default\extensions
[2014/03/07 21:01:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/07 21:02:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/15 04:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKCU..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [Google+ Auto Backup] "C:\Users\emermadaidan SBR\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart File not found
O4 - HKCU..\Run: [HP Photosmart 7520 series (NET)] C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [PrinterProDesktop] C:\Program Files (x86)\Printer Pro Desktop\PrinterProDesktop.exe ()
O4 - HKCU..\Run: [ZedgeToneSync] C:\Users\emermadaidan SBR\AppData\Local\Apps\2.0\Data\GB3Q3249.1TO\B49LW16T.Z52\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0957B116-D472-4D15-8F0C-3388D2620D49}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D6F904B-FF9A-475A-A5E2-DB3A8ACD50D6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/10 01:00:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/07 19:33:19 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
[2014/07/07 18:34:17 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\AppData\Roaming\UltraVNC
[2014/07/07 18:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uvnc bvba
[2014/07/07 07:10:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/06 23:39:04 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Users\emermadaidan SBR\Desktop\aswMBR.exe
[2014/07/04 21:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\emermadaidan SBR\Desktop\OTL.exe
[2014/06/15 22:52:36 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\Desktop\SHOPKICK BARCODES
[2014/06/15 22:34:05 | 000,000,000 | R--D | C] -- C:\Users\emermadaidan SBR\Dropbox
[2014/06/15 22:33:03 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\AppData\Roaming\DropboxMaster
[2014/06/15 22:32:41 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/06/15 22:30:54 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox
[2014/06/12 05:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2014/06/10 21:30:17 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/10 21:30:16 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/10 21:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/10 21:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/10 21:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/10 21:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/10 21:30:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014/06/10 21:30:13 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014/06/10 21:30:11 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/10 21:30:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/10 21:30:11 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/10 21:30:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/10 21:30:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/10 21:30:10 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/10 21:30:09 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/10 21:30:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/10 21:30:08 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/10 21:30:08 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/10 21:30:08 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/10 21:30:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/10 21:30:07 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/10 21:30:07 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/10 21:30:07 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/10 21:30:06 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/10 21:30:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/10 21:30:05 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/10 21:30:05 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/10 21:30:05 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/10 21:30:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/10 21:30:04 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/10 21:30:04 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/10 21:30:03 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/10 21:30:03 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/10 21:30:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/10 21:30:02 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/10 21:30:02 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/10 21:30:02 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/10 21:30:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/10 21:30:01 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/10 21:30:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/10 21:30:00 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/10 21:29:42 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/10 21:29:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

========== Files - Modified Within 30 Days ==========

[2014/07/10 01:05:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/10 01:05:02 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/10 00:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/09 19:34:24 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForemermadaidan SBR.job
[2014/07/09 19:26:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/09 19:26:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/09 19:16:44 | 001,348,263 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\adwcleaner_3.215.exe
[2014/07/09 13:38:19 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/09 13:38:19 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/08 18:12:16 | 000,004,168 | ---- | M] () -- C:\Users\emermadaidan SBR\AppData\Roaming\wklnhst.dat
[2014/07/08 14:45:35 | 000,010,752 | ---- | M] () -- C:\Users\emermadaidan SBR\Documents\Front Fence List.wps
[2014/07/08 08:06:58 | 000,089,168 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\building-permit-application-12-23-13-fcl.pdf
[2014/07/07 11:36:38 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
[2014/07/07 07:11:58 | 000,000,526 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\MBR.zip
[2014/07/07 07:04:52 | 000,000,512 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\MBR.dat
[2014/07/06 23:39:19 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Users\emermadaidan SBR\Desktop\aswMBR.exe
[2014/07/06 23:38:44 | 000,854,390 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\SecurityCheck.exe
[2014/07/04 21:28:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\emermadaidan SBR\Desktop\OTL.exe
[2014/06/30 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/06/19 15:31:27 | 000,012,288 | ---- | M] () -- C:\Users\emermadaidan SBR\Documents\TPS letter of resignation.wps
[2014/06/15 22:34:05 | 000,001,061 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\Dropbox.lnk
[2014/06/15 22:33:18 | 000,001,071 | ---- | M] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/06/12 05:00:44 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk

========== Files Created - No Company Name ==========

[2014/07/09 19:16:37 | 001,348,263 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\adwcleaner_3.215.exe
[2014/07/08 14:45:35 | 000,010,752 | ---- | C] () -- C:\Users\emermadaidan SBR\Documents\Front Fence List.wps
[2014/07/08 08:06:58 | 000,089,168 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\building-permit-application-12-23-13-fcl.pdf
[2014/07/07 18:31:34 | 000,003,103 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVnc Server Settings.lnk
[2014/07/07 18:31:34 | 000,003,085 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVNC Server.lnk
[2014/07/07 18:31:34 | 000,003,053 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVNC Viewer.lnk
[2014/07/07 18:31:34 | 000,002,092 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraVNC Folder.lnk
[2014/07/07 07:11:58 | 000,000,526 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\MBR.zip
[2014/07/07 07:04:52 | 000,000,512 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\MBR.dat
[2014/07/06 23:38:44 | 000,854,390 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\SecurityCheck.exe
[2014/06/19 15:25:53 | 000,012,288 | ---- | C] () -- C:\Users\emermadaidan SBR\Documents\TPS letter of resignation.wps
[2014/06/15 22:34:05 | 000,001,061 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\Dropbox.lnk
[2014/06/15 22:33:18 | 000,001,071 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/06/12 05:00:44 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2014/05/08 23:55:53 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2014/05/08 23:55:51 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/07/27 17:04:17 | 000,011,776 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/21 00:08:50 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/07/19 13:13:10 | 000,004,168 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\wklnhst.dat
[2013/07/13 09:06:54 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Ronmad02

#10 OCD

SuperHelper

Malware Team
5,574 posts

Posted 10 July 2014 - 12:23 AM

Java 7 Update 51
Adobe Flash Player 13.0.0.214

=========================

Update Java

Get the current version of Java (Version 7 Update 60) by going to http://java.com/en/d...d/installed.jsp
Select the Verify Java Version button and follow the onscreen instructions to update if necessary.

=========================

Adobe Flash Player:

Go to http://get.adobe.com...player/?no_ab=1

Remove the check mark from the box "Install Google Drive"
Click the Download button, and follow the onscreen directions to complete the installation.

Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.

=========================

Update Firefox

In the upper left corner of your monitor screen you will see an orange Firefox button
Click the dropdown menu, slide your mouse cursor over to the Help sub menu.
Wait for the Help menu to expand, then click on About Firefox
A small window will open similar to the one below.

Click on the Update button as shown in the image above.
Allow Mozilla Firefox to update, reboot if instructed to do so.

=========================

Launch the Command Prompt as an Administrator.

Click on the Start menu, then selecting All Programs, and then Accessories.
You will now see a shortcut labeled Command Prompt.
Right-click on it and select Run as administrator as shown below.

When you select Run as administrator a User Account Control prompt will appear asking if you would like to allow the Command Prompt to be able to make changes on your computer.

Click on the Yes button and you will now be at the Elevated Command Prompt as shown below.

Type "ipconfig/flushdns" (without quotes), hit Enter
Close the Command Prompt

=========================

Reboot

=========================

In your next post please provide the following:

Check for any improvement in performance.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

Advertisements

Register to Remove

#11 OCD

SuperHelper

Malware Team
5,574 posts

Posted 13 July 2014 - 08:24 AM

Hi ronmad02,

Just checking in to see if you still need help?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#12 ronmad02

Authentic Member

Authentic Member
108 posts

Posted 13 July 2014 - 09:36 PM

I am sorry this weekend was busy. The computer is still acting up. I will post a reply tomorrow after work. Thanks!

Ronmad02

#13 OCD

SuperHelper

Malware Team
5,574 posts

Posted 14 July 2014 - 11:28 AM

:thumbup:

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#14 ronmad02

Authentic Member

Authentic Member
108 posts

Posted 16 July 2014 - 05:37 AM

Ok sorry for the delay been so busy I haven't sat down at the computer. I have done everything you asked. The computer still freezes. I am not sure if its infected or if I have some software issue. What I noticed is that the hard drive light stays on all the time. I can monitor the resource status and the hard drive is at 100 percent most of the time. I just cant tell what's eating up all the resources. When the light is on it runs very slow and freezes when the light goes out computer runs fine till the light comes back on. I have three hard drives on this computer I have unhooked the two back up drives and I have the same issue. I my be going in the wrong direction but this is what I noticed.

Thanks

Ron

Ronmad02

#15 OCD

SuperHelper

Malware Team
5,574 posts

Posted 16 July 2014 - 08:24 PM

Hi ronmad02,

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Select Scan tab.
Select type of scan to perform:
- Threat Scan < --- Select this type of scan
- Custom Scan
- Hyper Scan
Next click the Scan button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

ESET Online Scanner

*Note:

It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.

=========================

In your next post please provide the following:

MBAM log
ESET's log.txt
How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

Body Background

skin color theme

computer freezes [Closed]

#1 ronmad02

Advertisements

Register to Remove

#2 OCD

#3 ronmad02

Attached Files

#4 ronmad02

#5 ronmad02

#6 OCD

#7 ronmad02

#8 OCD

#9 ronmad02

#10 OCD

Advertisements

Register to Remove

#11 OCD

#12 ronmad02

#13 OCD

#14 ronmad02

#15 OCD

Related Topics

1 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

computer freezes [Closed]

#1 ronmad02

Advertisements Register to Remove

#2 OCD

#3 ronmad02

Attached Files

#4 ronmad02

#5 ronmad02

#6 OCD

#7 ronmad02

#8 OCD

#9 ronmad02

#10 OCD

Advertisements Register to Remove

#11 OCD

#12 ronmad02

#13 OCD

#14 ronmad02

#15 OCD

Related Topics

1 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove