38 replies to this topic

[OCD]

Hi ronmad02,

Just checking in to see if you still need help?

[ronmad02]

The computer is running the same at this time.
 
mbam scan

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/20/2014
Scan Time: 6:16:38 PM
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.20.06
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: emermadaidan SBR

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295984
Time Elapsed: 8 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-2732623329-3350868110-2686553765-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}, Quarantined, [6264d3ce0279a096a4858bd0788a3fc1],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-2732623329-3350868110-2686553765-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{66516A07-F617-488A-90CF-4E690CFB3C5F}, Quarantined, [f7cfddc4730857df2bff67f4cf33758b],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64, Quarantined, [b412ced3a2d94fe7c44e309114ee57a9],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-2732623329-3350868110-2686553765-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [56705f42c9b2072f1d2315b27f83748c],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CouponBar5.0.0.4, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.ShopAtHome.A, C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome, Quarantined, [f2d4990898e337ff9ade1bc8e81a18e8],
PUP.Optional.ShopAtHome.A, C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper, Quarantined, [f2d4990898e337ff9ade1bc8e81a18e8],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\chrome, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\firefox, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],

Files: 42
PUP.Optional.ShopAtHome.A, C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeAppInstaller_C103405576_D1_R1047127.exe, Quarantined, [23a30a973942e4520dd4d493b64bc53b],
PUP.Optional.InstallCore, C:\Users\emermadaidan SBR\Downloads\ultravnc.exe, Quarantined, [4581b4ed7a019c9ae8996e2fe1237888],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys, Quarantined, [b412ced3a2d94fe7c44e309114ee57a9],
PUP.Optional.ShopAtHome.A, C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\install.log, Quarantined, [f2d4990898e337ff9ade1bc8e81a18e8],
PUP.Optional.ShopAtHome.A, C:\Users\emermadaidan SBR\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\install.log, Quarantined, [f2d4990898e337ff9ade1bc8e81a18e8],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\arrow_refresh.png, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\basis.xml, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\cog.png, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\computer_delete.png, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\coupons.com.dll, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\dataLoader.js, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\icons3.bmp, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\info.txt, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\login.png, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\logo.png, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\lua5.1.dll, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\search.png, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\TbCommonUtils.dll, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\tbhelper.dll, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\TbHelper2.exe, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\todays_deals.png, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\uninstall.exe, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\update.exe, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\version.txt, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\chrome\coupons.com.crx, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\coupons.com.xpi, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\IRIMG1.BMP, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\IRIMG1.JPG, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\IRIMG10.BMP, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\IRIMG2.BMP, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\IRIMG2.JPG, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\IRIMG3.BMP, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\IRIMG3.JPG, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\IRIMG4.BMP, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\IRIMG5.BMP, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\IRIMG6.BMP, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\IRIMG7.BMP, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\IRIMG8.BMP, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\IRIMG9.BMP, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\uninstall.dat, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],
PUP.Optional.CouponBar.A, C:\Program Files (x86)\Coupons.com CouponBar\Uninstall\uninstall.xml, Quarantined, [8046663b5e1d84b2da394d5f16ec7f81],

Physical Sectors: 0
(No malicious items detected)


(end)


ESET scan


C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debut.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debutsetup_v1.82.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.66.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopad.exe.vir probably a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.04.exe.vir probably a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\emermadaidan SBR\Downloads\debutsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application


let me know what you think ...

Thanks for all your help.

[OCD]

Hi ronmad02,
 

The computer is running the same at this time.

Please keep in mind that I work on helping numerous people at any given time and when you can provide me with specific details it relieves me from having to go back through the logs and refresh myself.

Everything is in a quarantine folder and poses no threat, except this item. Please locate it and delete the file.

C:\Users\emermadaidan SBR\Downloads\debutsetup.exe

=========================

TFC

Download TFC to your desktop

• Close any open windows.
• Double click the TFC icon to run the program
  • Vista, Windows 7 & 8 Right click and select "Run as Administrator"
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean

=========================

Re-run OTL, but this time place a check mark in the box that reads Scan All Users.



=========================

In your next post please provide the following:

• TFC results
• Fresh OTL.txt
• Update on performance.

[ronmad02]

I just ran the scans. I will post later today after the wife has some time on the computer as to how it is running.

thanks


tfc results.

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: emermadaidan SBR
->Temp folder emptied: 13472055 bytes
->Temporary Internet Files folder emptied: 355278029 bytes
->Java cache emptied: 298166 bytes
->FireFox cache emptied: 32088703 bytes
->Flash cache emptied: 3471 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4191248 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 40120 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 1539136 bytes
Process complete!

Total Files Cleaned = 388.00 mb

otl.txt.

OTL logfile created on: 7/21/2014 11:34:18 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\emermadaidan SBR\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.27 Gb Available Physical Memory | 78.69% Memory free
15.93 Gb Paging File | 14.10 Gb Available in Paging File | 88.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.81 Gb Total Space | 534.88 Gb Free Space | 58.09% Space Free | Partition Type: NTFS
Drive D: | 10.61 Gb Total Space | 1.55 Gb Free Space | 14.65% Space Free | Partition Type: NTFS
Drive K: | 1397.26 Gb Total Space | 163.04 Gb Free Space | 11.67% Space Free | Partition Type: NTFS

Computer Name: EMERMADAIDANSBR | User Name: emermadaidan SBR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\emermadaidan SBR\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
PRC - C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
PRC - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Fitbit, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\emermadaidan SBR\AppData\Local\Apps\2.0\WWXXROJ8.6VK\RREV1G23.L7M\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\ZedgeTonesync.exe (Zedge.net)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
PRC - C:\Program Files (x86)\AirPrint\airprint.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)


========== Modules (No Company Name) ==========

MOD - c:\Users\emermadaidan SBR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuiixkj.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\801b632b8b7ef72f14333dbce41524b8\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\c2dde6ca38ddab8efae49654fbabc14c\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c233151b685c540524f87931632423a\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (Fitbit Connect) -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Fitbit, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (AirPrint) -- C:\Program Files (x86)\AirPrint\airprint.exe (Apple Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (debutfilter) -- C:\Windows\SysNative\drivers\debutfilterx64.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21F2E698-FFBB-451C-ACCF-09989B21AD75}
IE:64bit: - HKLM\..\SearchScopes\{21F2E698-FFBB-451C-ACCF-09989B21AD75}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{21F2E698-FFBB-451C-ACCF-09989B21AD75}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://matchup.io/players/reneeh [Binary data over 200 bytes]
IE - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.fitbit.com/
IE - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\..\SearchScopes,DefaultScope = {15B994C1-7C81-4213-8036-B570808B47EC}
IE - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\..\SearchScopes\{15B994C1-7C81-4213-8036-B570808B47EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\..\SearchScopes\CEA91451B19F485E8FB4AC583F6AAA13: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\EMERMA~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/05/26 10:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/10 23:54:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/10 23:54:21 | 000,000,000 | ---D | M]

[2013/07/10 22:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Extensions
[2014/07/08 08:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emermadaidan SBR\AppData\Roaming\Mozilla\Firefox\Profiles\56kb61y1.default\extensions
[2014/07/10 23:54:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/10 23:54:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/15 04:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKU\.DEFAULT..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-18..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000..\Run: [Google+ Auto Backup] "C:\Users\emermadaidan SBR\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart File not found
O4 - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000..\Run: [HP Photosmart 7520 series (NET)] C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000..\Run: [ZedgeToneSync] C:\Users\emermadaidan SBR\AppData\Local\Apps\2.0\Data\GB3Q3249.1TO\B49LW16T.Z52\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\emermadaidan SBR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\emermadaidan SBR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2732623329-3350868110-2686553765-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0957B116-D472-4D15-8F0C-3388D2620D49}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D6F904B-FF9A-475A-A5E2-DB3A8ACD50D6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/21 23:24:07 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\emermadaidan SBR\Desktop\TFC.exe
[2014/07/20 18:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/07/20 18:15:48 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/20 18:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/20 18:15:15 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/20 18:15:15 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/20 18:15:15 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/07/20 18:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/20 18:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/10 23:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/07/10 23:53:16 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\AppData\Roaming\Oracle
[2014/07/10 23:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/07/10 23:52:21 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/07/10 23:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/07/10 23:52:15 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/07/10 23:52:15 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/07/10 23:52:15 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/07/10 02:21:18 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/07/10 02:21:17 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/07/10 02:21:02 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/07/10 02:21:01 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/10 02:20:59 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/10 02:20:59 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/10 02:20:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/07/10 02:20:42 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/10 02:20:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/10 02:20:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/10 02:20:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/10 02:20:41 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/10 02:20:41 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/10 02:20:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/10 02:20:41 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/10 02:20:39 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/10 02:20:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/10 02:20:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/10 02:20:38 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/10 02:20:37 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/10 02:20:37 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/10 02:20:37 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/10 02:20:36 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/10 02:20:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/10 02:20:35 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/10 02:20:35 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/10 02:20:34 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/07/10 02:20:34 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/10 02:20:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/10 02:20:33 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/10 02:20:32 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/10 02:20:32 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/10 02:20:31 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/10 02:20:31 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/10 02:20:30 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/10 02:20:30 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/10 02:20:30 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/10 02:20:30 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/10 02:20:29 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/10 02:20:28 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/10 02:20:28 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/10 02:20:25 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/10 02:20:16 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/07/10 01:00:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/07 18:34:17 | 000,000,000 | ---D | C] -- C:\Users\emermadaidan SBR\AppData\Roaming\UltraVNC
[2014/07/07 18:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uvnc bvba
[2014/07/07 07:10:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/06 23:39:04 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Users\emermadaidan SBR\Desktop\aswMBR.exe
[2014/07/04 21:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\emermadaidan SBR\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2014/07/21 23:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/21 23:30:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/21 23:29:56 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/21 23:24:07 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\emermadaidan SBR\Desktop\TFC.exe
[2014/07/20 21:42:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/20 21:42:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/20 21:34:34 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForemermadaidan SBR.job
[2014/07/20 18:36:20 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/20 18:15:22 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/11 00:14:26 | 000,007,606 | ---- | M] () -- C:\Users\emermadaidan SBR\AppData\Local\Resmon.ResmonCfg
[2014/07/10 23:52:01 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/07/10 23:51:58 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/07/10 23:51:58 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/07/10 23:51:58 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/07/10 03:44:17 | 005,075,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/09 19:16:44 | 001,348,263 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\adwcleaner_3.215.exe
[2014/07/09 13:38:19 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/09 13:38:19 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/08 18:12:16 | 000,004,168 | ---- | M] () -- C:\Users\emermadaidan SBR\AppData\Roaming\wklnhst.dat
[2014/07/08 14:45:35 | 000,010,752 | ---- | M] () -- C:\Users\emermadaidan SBR\Documents\Front Fence List.wps
[2014/07/08 08:06:58 | 000,089,168 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\building-permit-application-12-23-13-fcl.pdf
[2014/07/06 23:39:19 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Users\emermadaidan SBR\Desktop\aswMBR.exe
[2014/07/06 23:38:44 | 000,854,390 | ---- | M] () -- C:\Users\emermadaidan SBR\Desktop\SecurityCheck.exe
[2014/07/04 21:28:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\emermadaidan SBR\Desktop\OTL.exe
[2014/06/30 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/06/29 22:09:33 | 000,519,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/29 22:04:49 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

========== Files Created - No Company Name ==========

[2014/07/20 18:15:22 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/11 00:14:10 | 000,007,606 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Local\Resmon.ResmonCfg
[2014/07/09 19:16:37 | 001,348,263 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\adwcleaner_3.215.exe
[2014/07/08 14:45:35 | 000,010,752 | ---- | C] () -- C:\Users\emermadaidan SBR\Documents\Front Fence List.wps
[2014/07/08 08:06:58 | 000,089,168 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\building-permit-application-12-23-13-fcl.pdf
[2014/07/06 23:38:44 | 000,854,390 | ---- | C] () -- C:\Users\emermadaidan SBR\Desktop\SecurityCheck.exe
[2014/05/08 23:55:53 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2014/05/08 23:55:51 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/07/27 17:04:17 | 000,011,776 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/21 00:08:50 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/07/19 13:13:10 | 000,004,168 | ---- | C] () -- C:\Users\emermadaidan SBR\AppData\Roaming\wklnhst.dat
[2013/07/13 09:06:54 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 

[ronmad02]

I had a chance to us the computer today, It is still running slow not as slow but slow. When I open a new program it takes a long time to load as the drive light stays on solid. once the light starts to flash the computer runs fine. The computer use to be very fast switching between programs now I click on a program any program and it takes upwards of 3 min to load. Then in the middle of using a program (ie explorer) it will freeze and at the top it will say not responding.

 

thanks for the help

[OCD]

Hi ronmad02,

• Which browser/s are you using?
• Have you added any new software recently?
• Any new browser extensions or add-ons?
• Do you notice the issue with any particular program/s?

=========================

Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Shut down your protection software now to avoid potential conflicts.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

=========================

MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.
Right click and select "Run as Administrator".

Check-mark the following check-boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

=========================

In your next post please provide the following:

• Answers to the questions asked.
• JRT.txt
• Result.txt

[ronmad02]

Good evening,

 

I am running scans tonight I will post the results tomorrow..

 

Thanks

[OCD]

[ronmad02]

1. I am using Internet Explorer for my browser.. I do use Firefox at times with no change.

2. No new software lately.

3. no new browser add on's , I have disabled all add on's  with no change.

4. The issue seems to be with the whole computer, any program I use. IE, Photoshop, MS Money, Windows Live Mail . The larger the program the worst it is.

 

What ever we did with the JRT and the  MINITOOLBOX it made it a whole lot worst. I almost gave up typing this post because it is taking so long. In the middle of typing it will just freeze.  

 

jrt.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by emermadaidan SBR on Fri 07/25/2014 at 23:35:27.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

 

~~~ FireFox

Emptied folder: C:\Users\emermadaidan SBR\AppData\Roaming\mozilla\firefox\profiles\56kb61y1.default\minidumps [17 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/25/2014 at 23:46:57.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

results.txt

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by emermadaidan SBR (administrator) on 25-07-2014 at 23:50:40
Running from "C:\Users\emermadaidan SBR\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : emermadaidanSBR
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E0-CB-4E-04-6A-F9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::50e4:8648:756:c915%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, July 23, 2014 7:14:36 AM
   Lease Expires . . . . . . . . . . : Saturday, July 26, 2014 7:14:43 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 244377274
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-6F-EE-22-E0-CB-4E-04-6A-F9
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4004:806::1005
   74.125.228.196
   74.125.228.197
   74.125.228.198
   74.125.228.199
   74.125.228.200
   74.125.228.201
   74.125.228.206
   74.125.228.192
   74.125.228.193
   74.125.228.194
   74.125.228.195

Pinging google.com [74.125.228.197] with 32 bytes of data:
Reply from 74.125.228.197: bytes=32 time=28ms TTL=49
Reply from 74.125.228.197: bytes=32 time=29ms TTL=49

Ping statistics for 74.125.228.197:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 29ms, Average = 28ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=101ms TTL=43
Reply from 206.190.36.45: bytes=32 time=100ms TTL=43

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 100ms, Maximum = 101ms, Average = 100ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...e0 cb 4e 04 6a f9 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.11     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.11    276
     192.168.1.11  255.255.255.255         On-link      192.168.1.11    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.11    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.11    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.11    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 10    276 fe80::50e4:8648:756:c915/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================
ACDSee 17 (HKLM-x32\...\{A47900DC-2011-46C8-8E07-5BDD9D83DE47}) (Version: 17.1.68 - ACD Systems International Inc.)
ACDSee Photo Manager 12 (HKLM-x32\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.342 - ACD Systems International Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.1.220 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Design Standard (HKLM-x32\...\{0327A4BF-62BF-48BB-8928-B971B749E9E1}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (x32 Version: 3.2.0 - Adobe Systems Incorporated) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.82 - NCH Software)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{65480649-2AA6-4C5C-AAE8-DB35335D98A7}) (Version:  - Microsoft)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.0.3 (HKLM-x32\...\{32D39568-3B77-11E3-88CE-00163E98E7D0}) (Version: 5.0.3.1614 - Evernote Corp.)
Express Burn (HKLM-x32\...\ExpressBurn) (Version:  - NCH Software)
Fitbit Connect (HKLM-x32\...\{6A7C2B2E-36A3-4EF5-96C6-708CD090A3AD}) (Version: 1.0.1.5127 - Fitbit Inc.)
Garmin Express (HKLM-x32\...\{aece03a3-686f-4b3c-9931-9dafb71829b7}) (Version: 3.2.9.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.9.0 - Garmin Ltd or its subsidiaries) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.1.3317 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3422 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2226 - Intel Corporation)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Jobulator (HKLM-x32\...\Jobulator) (Version: 4.01 - Frontline Technologies)
Jobulator (x32 Version: 4.01 - Frontline Technologies) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Money Shared Libraries (x32 Version: 17.0.0.3817 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Transfer App (HKLM-x32\...\com.erclab.air.phototransferapp) (Version: 2.0.0 - UNKNOWN)
Photo Transfer App (x32 Version: 2.0.0 - UNKNOWN) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden
Print@Home (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Repper Pro (HKLM-x32\...\com.ludens.RepperPro) (Version: 1.0.125 - Studio Ludens)
Repper Pro (x32 Version: 1.0.125 - Studio Ludens) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
ToneSync for Windows (HKCU\...\c2c9648a374f64d1) (Version: 1.2.3.309 - Zedge Europe AS)
TransferBigFiles Desktop Client (HKLM-x32\...\{AADBF2C6-CF3B-40DC-9939-E0FF3C74F193}) (Version: 1.3.5.1 - Axosoft, LLC)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{AC57CF13-C24E-4C00-969F-5394DAE589C5}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{A4EACEBA-1944-45DB-B547-8967AA7926B9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{07017577-FBD6-45E2-A796-659E8F428057}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{07017577-FBD6-45E2-A796-659E8F428057}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B23AED0C-4813-4B49-9870-2F0968824E87}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{56962EB1-4DD3-48BB-934B-EA4C4516D89A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{63AED158-0508-4738-A811-840B2053EF3B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUSR_{23073850-B916-414F-9204-AB0512524A6A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version:  - Microsoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.04 - NCH Software)
WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 8157.18 MB
Available physical RAM: 5892.1 MB
Total Pagefile: 16312.54 MB
Available Pagefile: 13949.1 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.48 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:920.81 GB) (Free:535.83 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.61 GB) (Free:1.55 GB) NTFS
8 Drive k: (Photos) (Fixed) (Total:1397.26 GB) (Free:162.4 GB) NTFS

========================= Users: ========================================

User accounts for \\EMERMADAIDANSBR

Administrator            emermadaidan SBR         Guest                   

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

[OCD]

Hi ronmad02,
 

What ever we did with the JRT and the MINITOOLBOX it made it a whole lot worst.

JRT removed a few minor pieces of junkware, and MiniToolBox doesn't make any changes to the system it is just a diagnostic tool. So I don't think they contributed to the issues you are encountering. Let's try a different approach.

Chkdsk in Vista/7

You must run the command prompt as an administrator or in an "elevated mode".

• Start menu, in the search bar type "cmd"
• Right-click the cmd icon, select "run as administrator"
  • If you have user account control (UAC) set up it may prompt you to accept that action.
• Then type in "chkdsk /r" (make note of the space between chkdsk and /)

=========================

To view results log:

• Open the Start Menu, and type eventvwr.msc in the search box and press enter.
• If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
• In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
• Copy and paste Chkdsk into the line, and click on Find Next.
• You will now see the system log for the scan results of Check Disk (chkdsk).
• In the right had menu select copy, open notepad and paste the chkdsk results into notepad
• Post in your next reply.

=========================

In your next post please provide the following:

• chkdsk results

[ronmad02]

 

 This is what it told me ... should I do it ?

Edited by ronmad02, 27 July 2014 - 08:33 PM.

[OCD]

Yes

[ronmad02]

Ok I did the check disk but it couldn't find a log of it.. The computer is running slow. Just wanted to update you..

[OCD]

Hi ronmad02,

System File Checker (SFC)

• Click on the Start button and in the Search programs and files box type the following:
  • command
• Don't press Enter, just let the search results populate above.
• In the search results, locate the Programs section.
• Locate the Command Prompt shortcut and right-click on it.
• Select Run as administrator.
• Click Yes on the User Account Control window that appears.
• Important: If you see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
• Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 for more information.
• An elevated Command Prompt window will appear.
  • Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter
• Let the check run to completion. DO NOT reboot the PC or close the cmd window.
• Copy & Paste the following command at the Command Prompt and press Enter:
  
  findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
• This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
• Copy and Paste the contents of the file into your next post.
• After the scan runs type exit to close the command prompt window

=========================

In your next post please provide the following:

• sfcdetails.txt

[ronmad02]

 

ok did it again...