Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer is taking much more time to boot up. Can someone look at my

boot up start scan

  • This topic is locked This topic is locked

#1
Positivelypt

Positivelypt

    Member

  • Member
  • PipPip
  • 16 posts

Thanks in advance.

 

OTL logfile created on: 8/23/2014 10:06:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Beth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.48 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 33.76% Memory free
6.95 Gb Paging File | 3.20 Gb Available in Paging File | 45.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.77 Gb Total Space | 308.74 Gb Free Space | 69.10% Space Free | Partition Type: NTFS
Drive D: | 14.83 Gb Total Space | 0.93 Gb Free Space | 6.30% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 0.01 Gb Free Space | 0.37% Space Free | Partition Type: FAT32
Drive G: | 1.84 Gb Total Space | 0.85 Gb Free Space | 45.96% Space Free | Partition Type: FAT
 
Computer Name: PPT | User Name: Beth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/23 10:05:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Beth\Downloads\OTL.exe
PRC - [2014/08/06 23:20:57 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/07/17 19:45:40 | 001,178,168 | ---- | M] (Spotify Ltd) -- C:\Users\Beth\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/07/11 02:39:16 | 000,511,872 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2013/03/27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/03/02 10:33:04 | 001,086,816 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/01/13 01:22:42 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/02/29 16:47:30 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2012/01/26 17:07:52 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/27 13:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/15 20:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2006/10/23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/15 04:51:25 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f8be9e33457f57805b4068f90099e428\mscorlib.ni.dll
MOD - [2014/08/06 23:20:55 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/08/06 23:20:54 | 014,669,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/08/06 23:20:53 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
MOD - [2014/08/06 23:20:49 | 000,718,152 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
MOD - [2014/08/06 23:20:47 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
MOD - [2014/08/06 23:20:46 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/07/27 11:41:48 | 008,892,576 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2014/04/19 05:00:36 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/04/19 05:00:30 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/04/19 05:00:12 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc417d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll
MOD - [2014/04/19 05:00:05 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/04/18 17:37:03 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/04/18 17:36:57 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/04/18 17:36:47 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/04/18 17:36:40 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/04/18 17:36:37 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/04/18 17:36:36 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/04/18 17:36:36 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/04/18 17:36:35 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/04/18 17:36:30 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/04/18 17:36:30 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/04/18 17:36:25 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/04/18 17:36:24 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/04/18 17:36:18 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/04/18 17:36:17 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/04/18 17:36:10 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/06 01:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/06 01:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/29 14:12:43 | 000,654,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2014/07/25 09:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 18:24:26 | 000,069,368 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe -- (gzserv)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/12/15 20:46:31 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/12/12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2011/12/08 21:06:31 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/28 07:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/07/09 10:02:29 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Stopped] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/02/06 05:58:26 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Beth\AppData\Local\Temp\7zS2B08\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2013/01/13 01:22:42 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/12/08 21:05:24 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/02 14:04:11 | 000,121,928 | ---- | M] (Bitdefender SRL) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2013/05/28 12:12:19 | 000,382,536 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013/04/22 13:21:00 | 000,148,696 | ---- | M] (BitDefender LLC) [File_System | System | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013/04/17 14:59:58 | 000,593,144 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013/04/17 14:59:56 | 000,718,840 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/24 18:49:52 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 20:46:31 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/12/08 21:10:53 | 000,425,064 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/12/08 21:06:38 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/12/08 21:06:35 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/12/08 21:06:34 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/12/08 21:06:34 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/12/08 21:06:31 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/08 21:06:31 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/12/08 21:05:24 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/07/23 16:35:56 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/23 16:35:56 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/09 22:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{D1DE6223-CC53-4EF3-A3DF-9BE8E6A0DA4B}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{D1DE6223-CC53-4EF3-A3DF-9BE8E6A0DA4B}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{B03DE96D-825C-4A27-9429-3A35E149EA7C}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
 
 
[2013/10/17 12:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: XKit = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd\7.4.3_0\
CHR - Extension: AmazonSmile 1Button for Chrome = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba\1.1.1_0\
CHR - Extension: Google Wallet = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.2.4_0\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Beth\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50B76F7D-1C96-4EFE-BAFF-B37C3E191B6C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ADF4075-13A5-488B-BEE9-3A319F3912CC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/21 06:50:38 | 000,261,056 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2014/08/16 06:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/08/16 06:14:32 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/08/16 06:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/08/16 06:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/08/09 22:58:24 | 000,000,000 | ---D | C] -- C:\Users\Beth\Desktop\weekly_photo
[2014/08/07 10:18:33 | 000,000,000 | ---D | C] -- C:\Users\Beth\Desktop\ELLM Materials
[2014/08/01 22:00:50 | 000,000,000 | ---D | C] -- C:\Users\Beth\Desktop\TeachersPayTeachers
[2014/08/01 21:52:20 | 000,000,000 | ---D | C] -- C:\Users\Beth\Documents\Flood2014
[2014/08/01 20:36:06 | 000,000,000 | ---D | C] -- C:\Users\Beth\Documents\Lesson Plans
[2014/08/01 20:34:27 | 000,000,000 | ---D | C] -- C:\Users\Beth\Documents\Pre-K Items
[2014/07/27 19:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GZ
[2014/07/27 18:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2 C:\Users\Beth\Documents\*.tmp files -> C:\Users\Beth\Documents\*.tmp -> ]
[2 C:\Users\Beth\Desktop\*.tmp files -> C:\Users\Beth\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/23 10:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/23 09:23:30 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/23 09:23:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/23 09:06:16 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBeth.job
[2014/08/23 05:52:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/23 05:52:57 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/23 05:43:15 | 000,445,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/23 05:43:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/23 05:40:53 | 2800,803,840 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/21 06:50:38 | 000,261,056 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2014/08/17 18:45:41 | 001,369,679 | ---- | M] () -- C:\Users\Beth\Documents\firstdaysign.pdf
[2014/08/16 07:42:53 | 000,006,693 | ---- | M] () -- C:\Windows\wininit.ini
[2014/08/16 06:14:42 | 000,001,335 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/08/15 20:23:50 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/13 21:29:21 | 001,953,889 | ---- | M] () -- C:\Users\Beth\Desktop\test.pdf
[2014/08/11 18:07:55 | 000,080,271 | ---- | M] () -- C:\Users\Beth\Desktop\directtv.JPG
[2014/08/10 13:57:07 | 000,029,630 | ---- | M] () -- C:\Users\Beth\Desktop\Capture111.JPG
[2014/08/09 23:52:47 | 000,001,069 | ---- | M] () -- C:\Users\Beth\Documents\Documents.lnk
[2014/08/06 20:54:53 | 000,018,871 | ---- | M] () -- C:\Users\Beth\Desktop\Capture.JPG
[2014/08/03 22:33:52 | 046,207,992 | ---- | M] () -- C:\Users\Beth\Documents\bethplanner2014.pdf
[2014/08/03 22:13:51 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/03 22:13:51 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/03 22:13:51 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/29 14:36:53 | 000,307,016 | ---- | M] () -- C:\Users\Beth\Documents\renewalhomeowners001.pdf
[2014/07/27 18:43:46 | 000,002,235 | ---- | M] () -- C:\Users\Beth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2 C:\Users\Beth\Documents\*.tmp files -> C:\Users\Beth\Documents\*.tmp -> ]
[2 C:\Users\Beth\Desktop\*.tmp files -> C:\Users\Beth\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/17 18:45:34 | 001,369,679 | ---- | C] () -- C:\Users\Beth\Documents\firstdaysign.pdf
[2014/08/16 07:42:38 | 000,006,693 | ---- | C] () -- C:\Windows\wininit.ini
[2014/08/16 06:14:42 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/08/16 06:14:42 | 000,001,335 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/08/13 21:29:12 | 001,953,889 | ---- | C] () -- C:\Users\Beth\Desktop\test.pdf
[2014/08/11 18:07:54 | 000,080,271 | ---- | C] () -- C:\Users\Beth\Desktop\directtv.JPG
[2014/08/10 13:57:06 | 000,029,630 | ---- | C] () -- C:\Users\Beth\Desktop\Capture111.JPG
[2014/08/09 23:52:47 | 000,001,069 | ---- | C] () -- C:\Users\Beth\Documents\Documents.lnk
[2014/08/06 20:54:48 | 000,018,871 | ---- | C] () -- C:\Users\Beth\Desktop\Capture.JPG
[2014/08/03 22:33:51 | 046,207,992 | ---- | C] () -- C:\Users\Beth\Documents\bethplanner2014.pdf
[2014/07/29 14:36:52 | 000,307,016 | ---- | C] () -- C:\Users\Beth\Documents\renewalhomeowners001.pdf
[2014/07/27 18:14:24 | 000,002,235 | ---- | C] () -- C:\Users\Beth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/07/27 18:14:24 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/22 01:57:29 | 000,215,078 | ---- | C] () -- C:\ProgramData\1406008142.bdinstall.bin
[2014/07/22 01:41:49 | 000,002,049 | ---- | C] () -- C:\ProgramData\1406007704.5136.bin
[2014/07/22 01:41:44 | 000,041,726 | ---- | C] () -- C:\ProgramData\1406007704.3172.bin
[2014/07/22 01:38:49 | 000,045,406 | ---- | C] () -- C:\ProgramData\1406007498.bdinstall.bin
[2014/07/19 18:39:50 | 000,000,017 | ---- | C] () -- C:\Users\Beth\AppData\Local\resmon.resmoncfg
[2014/04/02 19:03:59 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2014/04/02 18:38:23 | 000,000,045 | ---- | C] () -- C:\Windows\WF-2540.ini
[2013/01/13 02:31:17 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2013/01/13 01:53:08 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/09/07 21:41:33 | 000,196,128 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
 
========== ZeroAccess Check ==========
 
[2014/08/05 17:53:19 | 000,009,525 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-37731821-757379780-1568986102-1002\$RLPK8HZ\Rainbow Colors Alphabet\L.png
[2014/08/05 17:53:19 | 000,018,506 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-37731821-757379780-1568986102-1002\$RLPK8HZ\Rainbow Colors Alphabet\N.png
[2014/08/05 17:53:19 | 000,021,421 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-37731821-757379780-1568986102-1002\$RLPK8HZ\Rainbow Colors Alphabet\U.png
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/12/02 01:12:23 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Amazon
[2013/07/08 13:10:42 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Audacity
[2013/10/26 11:49:39 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\AVG2014
[2011/11/23 21:33:10 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Blio
[2013/03/11 21:26:03 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\e-academy Inc
[2014/04/05 09:47:01 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Epson
[2013/03/13 19:02:04 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Garmin
[2014/04/02 18:38:32 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Leadertech
[2012/01/28 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\OpenCandy
[2013/07/21 00:41:55 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\PrimoPDF
[2014/07/22 01:50:31 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\QuickScan
[2013/03/11 21:50:00 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\SoftGrid Client
[2013/07/21 00:54:02 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Softland
[2014/08/21 20:35:39 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Spotify
[2011/11/23 21:26:37 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Synaptics
[2011/11/23 21:51:14 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\TP
[2012/11/10 10:48:11 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\TuneUp Software
[2012/04/08 13:59:42 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to check it out for you.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.
 



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performaning any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 


- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

Thanks for the OTL log. When you ran the tool there should be another file named Extras.txt that would have been saved to the same location that you ran the tool from. Can you post the contents of this as well? Thank you.

 

 


  • 0

#3
Positivelypt

Positivelypt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Here is the Extras.txt:

 

OTL Extras logfile created on: 8/23/2014 10:06:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Beth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.48 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 33.76% Memory free
6.95 Gb Paging File | 3.20 Gb Available in Paging File | 45.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.77 Gb Total Space | 308.74 Gb Free Space | 69.10% Space Free | Partition Type: NTFS
Drive D: | 14.83 Gb Total Space | 0.93 Gb Free Space | 6.30% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 0.01 Gb Free Space | 0.37% Space Free | Partition Type: FAT32
Drive G: | 1.84 Gb Total Space | 0.85 Gb Free Space | 45.96% Space Free | Partition Type: FAT
 
Computer Name: PPT | User Name: Beth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0716D938-603E-4BC6-AB60-CB34DB910CC4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{07C1FE71-FE74-4E06-A6F5-C73E9071088D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0AB03997-06C6-493B-B1DC-013BC90A0945}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0AE19BB6-4044-45EB-8565-8A78DDECD2EF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{0CBE29B7-18D3-425D-81A0-5EE74E0884F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{153CBA5D-707E-43F8-A9CF-DA7395782984}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{272ED6A6-EBA5-4332-9701-9FB8F85600CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{2E696524-EBD5-40F9-885C-3069BBB8CEBE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3F94BDB4-597F-441E-A795-50B88062A72B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{40134A58-48A2-483C-A67B-BB0B5BEDB925}" = lport=445 | protocol=6 | dir=in | app=system | 
"{424F2311-B6DA-4521-822B-09B24C01B44D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{4647CA71-DCC1-43ED-A61F-7BF72DF4CB23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4950ED03-3633-4551-9527-8C9592DC7A8E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{504A2363-3B4F-4E86-BD67-8062F72C9A9F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6070C9A8-EF01-4139-B303-88D5CB60BBAE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{62A3A3B8-2C8B-4423-A5D7-A7A3EEF83A77}" = rport=445 | protocol=6 | dir=out | app=system | 
"{62E53ECE-9168-41E6-AEEA-B01C968396C6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{659A4CA7-E8F6-4156-891B-67FA4968703E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{70B393AB-E20F-4A1E-8F64-CC899020D3C4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{70BD5C88-155F-4912-91C5-8409335636E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{77D94F0E-B8EE-4E3B-B89A-E9C5C73EC520}" = lport=138 | protocol=17 | dir=in | app=system | 
"{81721D7E-6A99-4602-8A99-BCDBD1DF201A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8F4841C9-A17F-40EA-B038-E263497C7183}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C28414B2-5918-4FA6-B7F0-8C7774C81B4E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C89530E3-4D20-414F-B952-810753E5E7FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E33EE678-2D65-480C-A968-D8F3FE8C4121}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3A7C7BE-E747-4B49-A09F-BC9942F61DDA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F84ECBE6-E670-4F52-AF4D-CFD6CFBFD2B3}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027C9F4B-24F3-450A-83FA-1C41B9EFC9B8}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"{06A30E58-FF67-497D-A8EB-988F71861B9E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{137353F0-48F9-4EF3-BCFE-8B6E42D854F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{13FC63F8-E437-408B-81A8-328D94772488}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{150E1819-6FCD-4373-8CFA-B743340F354E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{19ABE6C5-C65E-4B1F-8108-C1F36A23A547}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{1AC09CB3-9DEE-4E95-8AC7-7BAEE9720C98}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{1C0AF2C9-E5F6-4015-ABF9-62A798A12608}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{28520F4F-95CD-42CD-8BAF-DA99B03B9919}" = protocol=17 | dir=in | app=f:\common\epsonnet setup\eneasyapp.exe | 
"{3508DC44-C686-4746-B1EC-5D10231EB8D0}" = protocol=58 | dir=out | [email protected],-28546 | 
"{3527AA98-4204-433B-9A26-60B4A0637858}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{3B8C4B96-6724-4855-BDE5-89FDE6E8AAB4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3F365E89-CFB9-43FD-910B-77FAE70CCC43}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3FAA7830-F426-4248-8A35-83C52EAE4B29}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4417C92B-0C32-4A4C-AC74-8E49207BB297}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4B075864-A893-4CF7-9736-5E6DF87316B4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{4C30B963-AD91-4355-A144-400FB336D383}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{4C67807F-9D6E-4329-A272-AA5219FCDC61}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe | 
"{4D9AADBC-A3C1-47F0-A4EE-7B83CE85DEFE}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe | 
"{5009E044-0456-4EE3-A37A-9E762E66DDAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{55C12FCC-CD8F-4C4C-8182-7EE69B08890F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{577CF0F6-3E6B-4C93-B6BC-A3089AB190A7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{59CA5D7D-E4E0-42F7-822F-AC4DCCEC19C3}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{5B9E97D5-643C-4696-888D-CCF2D709EB65}" = protocol=58 | dir=in | [email protected],-28545 | 
"{646C81F3-0221-4DF1-9D9B-D92D22937190}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{693E16C6-E4AF-4296-8626-DDDE5A255D85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6E795F8A-58F1-4489-A903-9CC553A025CA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{6FCDFAB9-C4C5-496F-AD14-85721EE3EAC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{70174A77-01E1-4857-87D5-1EA3D823A097}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"{705331AD-49BA-46ED-8F0C-C700C0411462}" = protocol=6 | dir=out | app=system | 
"{72C0F6FA-2E35-42D8-BFEA-13ECB3770889}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{74AD6835-B46A-41C1-8AD9-EC0401E3A331}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{796A3229-4AF8-4C72-BCAF-EC872F23CE8A}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{7F841CCF-C1F9-4D20-8927-6E4CA70A9993}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{83E485D1-9E36-44F9-BC5F-AF99870F4AE6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{87189928-B37B-44B1-8C11-BB0EDA904E9E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8E01F157-649C-4F40-B621-D7531B20A8FA}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 
"{931C2BAA-D0FE-4902-9AB8-26F50FE8604A}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe | 
"{96B41F1D-52A8-4C35-BC0E-2409C597BD39}" = protocol=17 | dir=in | app=c:\users\beth\appdata\local\temp\7zs2b08\hppiw.exe | 
"{A7C1479E-AF2A-4C3A-907B-A587ECBE25A2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{A9815C06-EBF2-423A-8EA5-0B4F0592F1A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AAC0620D-7AD2-4EB0-8BA5-8711AB75C893}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B0080F7D-57A6-46B8-93D1-D8C48B54824B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B09AB8D4-ED28-4F6E-80F1-BEB9B6A07363}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B65C1F90-A043-46CC-A0FB-5802DB3AEBC1}" = protocol=1 | dir=in | [email protected],-28543 | 
"{B6BD1D98-F3F0-4CD7-A4B1-1AEC72B666D2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{BD68C36E-A25B-4D40-954F-39B9F9CA3EFE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C3CC8D93-56B5-44BD-A9AC-691A292BA102}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{C6976E0C-E106-429E-8042-15AAFBAAE10D}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"{CEA818E0-A52F-4403-BC0F-DDEED9F73E1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D1900036-DD4C-4DB9-B0F0-9F34317E5AA5}" = protocol=6 | dir=in | app=f:\common\epsonnet setup\eneasyapp.exe | 
"{D3DEDE8C-ED38-468D-81C6-C5E513F889A0}" = protocol=6 | dir=in | app=c:\users\beth\appdata\local\temp\7zs2b08\hppiw.exe | 
"{DEBFABE3-61C4-417F-B1B2-BF0479696ED8}" = protocol=1 | dir=out | [email protected],-28544 | 
"{E397C508-ED50-495B-8898-78F15B667906}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{E609E249-B229-4BA0-A4EF-5A0CE74E1413}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{E6488FB3-718E-4E8E-9FBE-50F3A3887DE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E7C3C3FB-961B-4A14-9622-B8E91EB85573}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EE12189A-3AA1-43F7-A06E-89C7AC914702}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{F256E7B8-A414-4D0C-9369-BAA40BC66465}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{FBF80B97-DC37-4CC4-9936-295BE28CDB74}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{FC832C95-B52D-415A-8E70-5E592947F740}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{FD259BB4-30A4-42DE-A904-45849098A3C3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"TCP Query User{71271267-B47D-4750-BB13-CC6ACE12E163}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe | 
"TCP Query User{C9994477-F58D-491B-B852-53D2126F47A3}C:\users\beth\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\beth\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{EB73D6AE-51D5-4082-AB03-5C93315C7148}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{FE8F7668-11FF-4101-A4C3-803135858808}C:\users\beth\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\beth\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{1B8A7223-661B-4222-B58D-C8472C1B9872}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{3A4EA735-8CB3-4A7D-96D3-AB40BEB810CE}C:\users\beth\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\beth\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{580316BD-BEDF-42A6-B786-78DAAF024315}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe | 
"UDP Query User{A6092751-3161-4D87-AB7B-F45FEB375BA0}C:\users\beth\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\beth\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2FD3DC87-EC8D-78D2-1D3A-F4D6E7531BAF}" = AMD Fuel
"{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}" = iTunes
"{45726347-6D97-4613-9F89-A9635ACBD34D}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6ECDAC2F-12C1-E49B-448E-6002368967E0}" = AMD Steady Video Plug-In 
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ACD449FA-9DF3-779D-DA68-11D486963225}" = AMD Catalyst Install Manager
"{BF92729B-1505-55D8-DAD4-4727CDB02FF6}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"BitDefender Gonzales" = Bitdefender Antivirus Free Edition
"doPDF 7 printer_is1" = doPDF 7.3 printer
"EPSON WF-2540 Series" = EPSON WF-2540 Series Printer Uninstall
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0535D679-6FFB-2CAB-F7FF-7B05D6D6CAB5}" = CCC Help Chinese Standard
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{16F1B95A-F813-7600-EFA5-A97CB11222BC}" = CCC Help French
"{17A5CB1F-712A-41D2-FBBB-4A881EBA9B17}" = CCC Help Polish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20DBF540-DF10-0A5C-7443-F139A84CC1F5}" = CCC Help Dutch
"{21CC6030-B1EA-3E53-DF36-38054A1596B4}" = CCC Help Turkish
"{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Apple Application Support
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25F3EC6C-BB03-4CEB-B36C-E656A9DD149E}" = HP Documentation
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 65
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29819186-C15B-D50E-AB2E-8C24E2619273}" = CCC Help Portuguese
"{314F8264-25FB-C833-1017-3A0E0846112C}" = CCC Help Hungarian
"{3167966F-9811-30EF-6093-B7B95E2F19B7}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{346DAD45-38D4-B63C-C372-1E2BC136DE69}" = CCC Help Finnish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A83B36C-17B9-4832-445A-7A9DF377BB12}" = CCC Help Swedish
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4144F415-7434-4501-97DE-CED4FAF64E7D}" = AMD System Monitor
"{44F72193-F59C-4303-BAE8-E3E4BC1C122C}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}" = Evernote v. 4.6.3
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58A2F6F8-6009-CC35-2A83-DB5F922003DE}" = CCC Help Czech
"{5E21F3A1-9E84-DC22-1C62-0DB056EC7344}" = CCC Help Japanese
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718B4606-2FEF-411B-B96E-4FC53B91EBC0}" = Secure Download Manager
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81C9D048-B677-3CDD-7E20-3AF8DBFC4A0A}" = Catalyst Control Center Localization All
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{870163D1-4D3A-198C-5414-889F1F4347AE}" = CCC Help Korean
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93335AAC-9F8B-54DF-7DB5-2C98D0DC2111}" = CCC Help Chinese Traditional
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{999164B6-5B78-4DD3-BACE-7292640AD0DD}" = HP QuickWeb
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.11) MUI
"{AD0AAA4D-9A81-8B10-EB28-3C1372987DE7}" = CCC Help Italian
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4F17D6A-12A3-5403-6050-32A5B4A31F31}" = Catalyst Control Center InstallProxy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}" = Software Updater
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C55C2A19-BAD2-287A-1D7A-9D5FF5FD526E}" = AMD VISION Engine Control Center
"{C5AC39F1-001D-4338-84C6-35109525588A}" = TweetDeck
"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46914D5-CA39-1A40-3CEC-9368E9C28568}" = CCC Help Greek
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA477E5-F916-973D-E1AB-3CDC735FDB58}" = CCC Help Norwegian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA0E4DD2-7CD7-9583-0BE6-AFF3DF09E3E4}" = CCC Help Thai
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0A76517-2D1D-8DE3-F3B7-121B6A1990E8}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F35C5FE9-57EC-9936-5738-D7EB3EA73B28}" = CCC Help Spanish
"{F4708461-A1E0-0657-1FC6-FACFEEA55CBE}" = CCC Help Russian
"{F4EB5AE1-0065-0752-FF11-1E45ABCD443A}" = CCC Help Danish
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FC2150C5-A1AF-6238-9632-E5BB8739C0BC}" = CCC Help German
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Boardmaker Plus!" = Boardmaker Plus!
"EPSON Connect_is1" = EPSON Connect version 1.0
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"SpeedFan" = SpeedFan (remove only)
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/23/2014 9:13:07 AM | Computer Name = PPT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/23/2014 9:13:07 AM | Computer Name = PPT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1030
 
Error - 8/23/2014 9:13:07 AM | Computer Name = PPT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1030
 
Error - 8/23/2014 9:13:08 AM | Computer Name = PPT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/23/2014 9:13:08 AM | Computer Name = PPT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2481
 
Error - 8/23/2014 9:13:08 AM | Computer Name = PPT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2481
 
Error - 8/23/2014 9:13:09 AM | Computer Name = PPT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/23/2014 9:13:09 AM | Computer Name = PPT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3479
 
Error - 8/23/2014 9:13:09 AM | Computer Name = PPT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3479
 
Error - 8/23/2014 9:23:23 AM | Computer Name = PPT | Source = Application Error | ID = 1000
Description = Faulting application name: googledrivesync.exe, version: 1.17.7290.4094,
 time stamp: 0x509418e4  Faulting module name: ntdll.dll, version: 6.1.7601.18247,
 time stamp: 0x521ea8e7  Exception code: 0xc0000005  Fault offset: 0x0002dfe4  Faulting
 process id: 0x1130  Faulting application start time: 0x01cfbeb6e3c45ef7  Faulting application
 path: C:\Program Files (x86)\Google\Drive\googledrivesync.exe  Faulting module path:
 C:\Windows\SysWOW64\ntdll.dll  Report Id: a7aecd1a-2ac8-11e4-92ae-101f74b5dacd
 
[ Hewlett-Packard Events ]
Error - 6/21/2012 6:19:16 PM | Computer Name = PPT | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 6/21/2012 6:19:34 PM | Computer Name = PPT | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 7/26/2012 5:49:26 PM | Computer Name = PPT | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 9/6/2012 6:41:08 PM | Computer Name = PPT | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Object '/a862a92e_41e5_45f5_b666_b2ee1c627cab/sdm3luanwhn9m10rgt5hsqxl_5.rem' has
 been disconnected or does not exist at the server.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3561  Ram Utilization:   TargetSite: Void UpdateDetail(System.String)  
 
Error - 10/4/2012 5:02:40 PM | Computer Name = PPT | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3561  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 10/11/2012 5:59:12 PM | Computer Name = PPT | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3561  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 10/18/2012 5:13:56 PM | Computer Name = PPT | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3561  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 10/25/2012 5:37:51 PM | Computer Name = PPT | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3561  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 11/1/2012 7:22:05 PM | Computer Name = PPT | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3561  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 11/8/2012 6:40:58 PM | Computer Name = PPT | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3561  Ram Utilization: 60  TargetSite: Void UpdateAndDetect()  
 
[ HP Software Framework Events ]
Error - 4/27/2012 3:47:41 PM | Computer Name = PPT | Source = CaslWmi | ID = 5
Description = 2012/04/27 15:47:41.639|00000604|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 4/27/2012 3:47:43 PM | Computer Name = PPT | Source = CaslWmi | ID = 5
Description = 2012/04/27 15:47:43.852|00000EEC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/3/2012 5:13:34 PM | Computer Name = PPT | Source = CaslWmi | ID = 5
Description = 2012/05/03 17:13:34.789|000006B8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/3/2012 5:13:38 PM | Computer Name = PPT | Source = CaslWmi | ID = 5
Description = 2012/05/03 17:13:38.586|00000594|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/10/2012 5:24:07 PM | Computer Name = PPT | Source = CaslWmi | ID = 5
Description = 2012/05/10 17:24:07.619|00000888|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/10/2012 5:26:47 PM | Computer Name = PPT | Source = CaslWmi | ID = 5
Description = 2012/05/10 17:26:47.903|00000EB4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/10/2012 5:26:49 PM | Computer Name = PPT | Source = CaslWmi | ID = 5
Description = 2012/05/10 17:26:49.950|000013E4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/10/2012 5:26:54 PM | Computer Name = PPT | Source = CaslWmi | ID = 5
Description = 2012/05/10 17:26:54.154|00000F64|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/10/2012 5:26:55 PM | Computer Name = PPT | Source = CaslWmi | ID = 5
Description = 2012/05/10 17:26:55.831|00000B70|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/10/2012 5:27:00 PM | Computer Name = PPT | Source = CaslWmi | ID = 5
Description = 2012/05/10 17:27:00.151|00000D3C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ System Events ]
Error - 8/21/2014 7:14:20 PM | Computer Name = PPT | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the HPWMISVC service.
 
Error - 8/22/2014 6:36:34 AM | Computer Name = PPT | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126  
 
Error - 8/22/2014 6:37:46 AM | Computer Name = PPT | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Garmin
 Core Update Service service to connect.
 
Error - 8/22/2014 6:37:46 AM | Computer Name = PPT | Source = Service Control Manager | ID = 7000
Description = The Garmin Core Update Service service failed to start due to the 
following error:   %%1053
 
Error - 8/22/2014 8:34:07 PM | Computer Name = PPT | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126  
 
Error - 8/23/2014 5:41:48 AM | Computer Name = PPT | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126  
 
Error - 8/23/2014 5:43:01 AM | Computer Name = PPT | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Garmin
 Core Update Service service to connect.
 
Error - 8/23/2014 5:43:01 AM | Computer Name = PPT | Source = Service Control Manager | ID = 7000
Description = The Garmin Core Update Service service failed to start due to the 
following error:   %%1053
 
Error - 8/23/2014 7:17:22 AM | Computer Name = PPT | Source = DCOM | ID = 10010
Description = 
 
Error - 8/23/2014 7:17:27 AM | Computer Name = PPT | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Overall your machine looks clean of malware however there are a few things we should clean up and some recommendations that I have to speed up your startup. Please follow the instructions below.

 

Step#1 - AVG Uninstallers
It looks like you may have had AVG 2012, 2013 & 2014 in the past and now have Bitdefender. I would like to ensure any remnants of AVG are gone as it could cause conflicts if there are.

 

1. Please download the uninstallers for 2012, 2013 & 2014 and save each one to your Desktop

2. Run one at a time by right-clicking on the file and choosing Run as administrator. When asked if you wish to continue please answer Yes. If you are asked to reboot, please do.

3. Please ensure you run each one.
 

Step#2 - Uninstalls

1. I see that you have Spybot - Search & Destroy installed. We don't recommend this program anymore as it's not as effective as it once was. I highly recommend

    you uninstall this program.

    a) Go to Programs and Features (Start...Control Panel...Uninstall a Program)

    b) Select Spybot - Search & Destroy

    c) Click the Uninstall/Change button and remove it. Please reboot if you are asked to.

   
 2. I also see a program called Software Updater. Please uninstall this one as well. If you wish to have a program on your machine that keeps your programs updated I will have some

     recommendations for you when we are done working on your machine.

 

Step#3 - OTL Fix

Note: if you are not removing Spybot Search & Destroy, do NOT do Step#3 and move on to Step#4. Just let me know please.

1. Please move OTL to your desktop. This will help our cleanup efforts later. You can do this by right-clicking on it and choosing cut and then right-click on the desktop and choose paste.

2. Right click on OTL.exe and choose Run as administrator.

3. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.

:Commands

[CreateRestorePoint]

 

:OTL
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
IE - HKCU\..\URLSearchHook: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - No CLSID value found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
[2014/08/16 06:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/08/16 06:14:32 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/08/16 06:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/08/16 06:14:42 | 000,001,335 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

 

:Files
C:\Program Files (x86)\Spybot - Search & Destroy 2

 

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"=-
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"=-
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"=-
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"=-
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"=-
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"=-
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"=-
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13FC63F8-E437-408B-81A8-328D94772488}"=-
"{19ABE6C5-C65E-4B1F-8108-C1F36A23A547}"=-
"{1AC09CB3-9DEE-4E95-8AC7-7BAEE9720C98}"=-
"{83E485D1-9E36-44F9-BC5F-AF99870F4AE6}"=-
"{A7C1479E-AF2A-4C3A-907B-A587ECBE25A2}"=-
"{B6BD1D98-F3F0-4CD7-A4B1-1AEC72B666D2}"=-
"{F256E7B8-A414-4D0C-9369-BAA40BC66465}"=-
"{FC832C95-B52D-415A-8E70-5E592947F740}"=-
"{FD259BB4-30A4-42DE-A904-45849098A3C3}"=-

 

:Commands

[EmptyTemp]

 

4. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.

5. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can

    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,

    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

Step#4 - Adware Scan
 
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-Click on AdwCleaner.exe and select Run as administrator to run the tool. Click Yes if asked to allow the program from an unknown publisher.
4. Click I Agree on the Terms of Use screen.
5. Click on Scan.
6. After the scan is complete click on "Clean"
7. Confirm each time with Ok on the messages that follow.
8. Your computer will be rebooted automatically. A text file will open after the restart.
9. Please post the content of that logfile with your next answer.
10. You can find the logfile at C:\AdwCleaner[S0].txt as well.

 

 

Step#5 - FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the 64-bit Version so please ensure you download that one.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Step#6 - Startup Programs

You have many programs that are configured to startup when your machine boots and most of them are optional. You can search most of these on http://www.bleepingc...r.com/startups/ to determine if you would like to keep them or remove them. Let me know which ones you would like to remove and we can take care of that.

 

Acrobat Assistant 8.0

Reader_sl.exe

APSDaemon

EEventManager

FUFAXRCV

FUFAXSTM

HPMSGSVC.exe

HPOSD

HPQuickWebProxy

StartCCC

GarminExpressTrayApp

GoogleDriveSync

iCloudServices

Spotify Web Helper

Adobe Gamma Loader.exe

EvernoteClipper.exe

 

 

 

Items for your next post

1. Contents of the OTL fix log

2. Contents of the AdwCleaner log.

3. Contents of the FRST log and Addition log

4. Which startup programs you would like to remove or any questions you have regarding these


  • 0

#5
Positivelypt

Positivelypt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Step #3  Log: 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named SDUpdSvc.exe was found!
No active process named SDTray.exe was found!
No active process named SDFSSvc.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SDTray not found.
File C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\ not found.
File C:\Windows\SysNative\sdnclean64.exe not found.
C:\ProgramData\Spybot - Search & Destroy\Quarantine folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Cleaning folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
File C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk not found.
========== FILES ==========
C:\Program Files (x86)\Spybot - Search & Destroy 2 folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13FC63F8-E437-408B-81A8-328D94772488} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13FC63F8-E437-408B-81A8-328D94772488}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19ABE6C5-C65E-4B1F-8108-C1F36A23A547} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19ABE6C5-C65E-4B1F-8108-C1F36A23A547}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1AC09CB3-9DEE-4E95-8AC7-7BAEE9720C98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC09CB3-9DEE-4E95-8AC7-7BAEE9720C98}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83E485D1-9E36-44F9-BC5F-AF99870F4AE6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83E485D1-9E36-44F9-BC5F-AF99870F4AE6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A7C1479E-AF2A-4C3A-907B-A587ECBE25A2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7C1479E-AF2A-4C3A-907B-A587ECBE25A2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6BD1D98-F3F0-4CD7-A4B1-1AEC72B666D2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6BD1D98-F3F0-4CD7-A4B1-1AEC72B666D2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F256E7B8-A414-4D0C-9369-BAA40BC66465} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F256E7B8-A414-4D0C-9369-BAA40BC66465}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC832C95-B52D-415A-8E70-5E592947F740} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC832C95-B52D-415A-8E70-5E592947F740}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD259BB4-30A4-42DE-A904-45849098A3C3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD259BB4-30A4-42DE-A904-45849098A3C3}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Beth
 
 
Next steps coming -- I have to go to bed soon, so if I don't post them tonight I will tomorrow.  Tomorrow is the 2nd week of school and we have a staff meeting in the morning!

Edited by Positivelypt, 24 August 2014 - 07:15 PM.

  • 0

#6
Positivelypt

Positivelypt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Adware Scan: 

 

# AdwCleaner v3.308 - Report created 24/08/2014 at 21:27:54
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Beth - PPT
# Running from : C:\Users\Beth\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Beth\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Beth\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Beth\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Beth\Documents\Updater
File Deleted : C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.allmodern.com/keyword.php?keyword={searchTerms}&ust=&command=dosearch&new_keyword_search=true
Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://www.wayfair.com/keyword.php?keyword={searchTerms}&ust=&command=dosearch&new_keyword_search=true
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [4947 octets] - [24/08/2014 21:17:25]
AdwCleaner[S0].txt - [5028 octets] - [24/08/2014 21:27:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5088 octets] ##########

  • 0

#7
Positivelypt

Positivelypt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
FRST scan
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by Beth (administrator) on PPT on 24-08-2014 21:37:38
Running from C:\Users\Beth\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Spotify Ltd) C:\Users\Beth\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-12-15] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-27] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKU\S-1-5-21-37731821-757379780-1568986102-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-37731821-757379780-1568986102-1002\...\Run: [Spotify Web Helper] => C:\Users\Beth\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-17] (Spotify Ltd)
HKU\S-1-5-21-37731821-757379780-1568986102-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-37731821-757379780-1568986102-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {D1DE6223-CC53-4EF3-A3DF-9BE8E6A0DA4B} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {D1DE6223-CC53-4EF3-A3DF-9BE8E6A0DA4B} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - Comcast URL = http://search.xfinit...art_tech_search
SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcas...q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {D1DE6223-CC53-4EF3-A3DF-9BE8E6A0DA4B} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Drive) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (XKit) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-01-18]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-07-23]
CHR Extension: (Google Wallet) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Evernote Web Clipper) - C:\Users\Beth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-04-12]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Beth\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-12-25]
CHR HKCU\...\Chrome\Extension: [fgkbmedckhcibhkdhaokebnllokeokek] - C:\Users\Beth\AppData\Local\CRE\fgkbmedckhcibhkdhaokebnllokeokek.crx [2012-09-19]
CHR HKLM-x32\...\Chrome\Extension: [fgkbmedckhcibhkdhaokebnllokeokek] - C:\Users\Beth\AppData\Local\CRE\fgkbmedckhcibhkdhaokebnllokeokek.crx [2012-09-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-13] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-13] (Macrovision Europe Ltd.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-12-08] (Realsil Microelectronics Inc.) [File not signed]
S2 HPSLPSVC; C:\Users\Beth\AppData\Local\Temp\7zS2B08\hpslpsvc64.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-08-21] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 21:37 - 2014-08-24 21:39 - 00022323 _____ () C:\Users\Beth\Desktop\FRST.txt
2014-08-24 21:37 - 2014-08-24 21:37 - 00000000 ____D () C:\FRST
2014-08-24 21:35 - 2014-08-24 21:36 - 02103296 _____ (Farbar) C:\Users\Beth\Desktop\FRST64.exe
2014-08-24 21:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-24 21:17 - 2014-08-24 21:28 - 00000000 ____D () C:\AdwCleaner
2014-08-24 21:16 - 2014-08-24 21:16 - 01364531 _____ () C:\Users\Beth\Desktop\AdwCleaner.exe
2014-08-24 20:48 - 2014-08-24 20:48 - 00000000 ____D () C:\_OTL
2014-08-24 16:43 - 2014-08-24 17:22 - 00626569 _____ () C:\Users\Beth\Desktop\avgremover.log
2014-08-23 10:26 - 2014-08-23 10:26 - 00099320 _____ () C:\Users\Beth\Downloads\Extras.Txt
2014-08-23 10:23 - 2014-08-23 10:23 - 00111794 _____ () C:\Users\Beth\Downloads\OTL.Txt
2014-08-23 10:05 - 2014-08-23 10:05 - 00602112 _____ (OldTimer Tools) C:\Users\Beth\Desktop\OTL.exe
2014-08-21 06:50 - 2014-08-21 06:50 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-08-20 19:09 - 2014-08-20 19:09 - 00014573 ____H () C:\Users\Beth\Downloads\~WRL0004.tmp
2014-08-20 16:13 - 2014-08-20 16:13 - 00660480 _____ () C:\Users\Beth\Downloads\Rainy Day Dismissal 14-15.ppt
2014-08-16 07:42 - 2014-08-24 17:23 - 00006743 _____ () C:\Windows\wininit.ini
2014-08-16 06:15 - 2014-08-16 06:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-16 06:05 - 2014-08-16 06:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Beth\Downloads\spybot-2.4.exe
2014-08-14 20:58 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 20:58 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 20:58 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 20:58 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 20:58 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 20:58 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 20:57 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 20:57 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 06:50 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 06:50 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 06:49 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 06:49 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 06:49 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 06:49 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 06:49 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 06:49 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 06:49 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 06:49 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 06:49 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 06:49 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 06:49 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 06:49 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 06:49 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 06:49 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 06:49 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 06:49 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 06:49 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 06:49 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 06:49 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 06:49 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 06:49 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 06:49 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 06:49 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 06:49 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 06:49 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 06:49 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 06:49 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 06:49 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 06:49 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 06:49 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 06:49 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 06:49 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 06:49 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 06:49 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 06:49 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 06:49 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 06:49 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 06:49 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 06:49 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 06:49 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 06:49 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 06:49 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 06:49 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 06:49 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 06:49 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 06:49 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 06:49 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 06:49 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 06:49 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 06:49 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 06:49 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 06:49 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 06:49 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 06:49 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 06:49 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 06:49 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 06:49 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 06:49 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 06:49 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 06:49 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 06:49 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 06:49 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 06:49 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 06:49 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 06:49 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 06:49 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 06:49 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 06:49 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 06:49 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 06:49 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 06:49 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 06:49 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 06:49 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 06:49 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 06:49 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 06:49 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 06:49 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 06:49 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 06:49 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 06:49 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 06:49 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 06:48 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 06:48 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 06:48 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 06:48 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 21:40 - 2014-08-24 21:34 - 00004934 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PPT-Beth PPT
2014-08-10 02:02 - 2014-08-10 02:02 - 00386048 _____ () C:\Users\Beth\Downloads\poem.pub
2014-08-10 01:30 - 2014-08-10 01:30 - 12086784 _____ () C:\Users\Beth\Downloads\Snake_letters__shapes__numbers__colors_1.pub
2014-08-10 00:46 - 2014-08-10 00:46 - 02289152 _____ () C:\Users\Beth\Downloads\Shoes_for_Drama-_OL_1_.pub
2014-08-10 00:46 - 2014-08-10 00:46 - 00905728 _____ () C:\Users\Beth\Downloads\Retell_the_Story-The_Giraffe_Made_Her_La.pub
2014-08-09 23:52 - 2014-08-09 23:52 - 00001069 _____ () C:\Users\Beth\Documents\Documents.lnk
2014-08-09 22:58 - 2014-08-09 23:03 - 00000000 ____D () C:\Users\Beth\Desktop\weekly_photo
2014-08-07 23:10 - 2014-08-07 23:10 - 00213087 _____ () C:\Users\Beth\Documents\brownbar_wordcards.pptx
2014-08-07 10:18 - 2014-08-10 00:08 - 00000000 ____D () C:\Users\Beth\Desktop\ELLM Materials
2014-08-06 12:08 - 2014-08-06 12:10 - 94040106 _____ () C:\Users\Beth\Downloads\FREEDigitalBackgroundsLateSummerIslandintheSandEdition.zip
2014-08-06 11:48 - 2014-08-06 11:48 - 03081400 _____ () C:\Users\Beth\Downloads\BACKSCHOOLFREEBIEDotPapers.zip
2014-08-06 11:47 - 2014-08-06 11:47 - 01588139 _____ () C:\Users\Beth\Downloads\GinghamPatternDigitalPaper.zip
2014-08-03 22:18 - 2014-08-03 22:18 - 09903353 _____ () C:\Users\Beth\Desktop\bethplanner2014.pptx
2014-08-01 22:00 - 2014-08-05 10:52 - 00000000 ____D () C:\Users\Beth\Desktop\TeachersPayTeachers
2014-08-01 21:52 - 2014-08-01 21:52 - 00000000 ____D () C:\Users\Beth\Documents\Flood2014
2014-08-01 20:36 - 2014-08-21 19:52 - 00000000 ____D () C:\Users\Beth\Documents\Lesson Plans
2014-08-01 20:34 - 2014-08-16 09:34 - 00000000 ____D () C:\Users\Beth\Documents\Pre-K Items
2014-07-27 19:04 - 2014-07-27 19:04 - 00000000 ____D () C:\ProgramData\GZ
2014-07-27 18:14 - 2014-08-15 20:23 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-27 18:14 - 2014-07-27 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 21:39 - 2014-08-24 21:37 - 00022323 _____ () C:\Users\Beth\Desktop\FRST.txt
2014-08-24 21:37 - 2014-08-24 21:37 - 00000000 ____D () C:\FRST
2014-08-24 21:36 - 2014-08-24 21:35 - 02103296 _____ (Farbar) C:\Users\Beth\Desktop\FRST64.exe
2014-08-24 21:36 - 2011-09-15 04:43 - 01911426 _____ () C:\Windows\WindowsUpdate.log
2014-08-24 21:34 - 2014-08-13 21:40 - 00004934 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PPT-Beth PPT
2014-08-24 21:33 - 2013-01-23 20:07 - 00000000 ___RD () C:\Users\Beth\Google Drive
2014-08-24 21:31 - 2012-12-29 14:58 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 21:31 - 2009-07-14 00:45 - 00445400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-24 21:30 - 2010-11-20 23:47 - 00949690 _____ () C:\Windows\PFRO.log
2014-08-24 21:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 21:30 - 2009-07-14 00:51 - 00165015 _____ () C:\Windows\setupact.log
2014-08-24 21:28 - 2014-08-24 21:17 - 00000000 ____D () C:\AdwCleaner
2014-08-24 21:19 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 21:19 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 21:16 - 2014-08-24 21:16 - 01364531 _____ () C:\Users\Beth\Desktop\AdwCleaner.exe
2014-08-24 21:16 - 2012-12-29 14:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-24 21:02 - 2013-08-01 15:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-24 20:48 - 2014-08-24 20:48 - 00000000 ____D () C:\_OTL
2014-08-24 20:35 - 2012-04-24 20:00 - 00000000 ____D () C:\Users\Beth\AppData\Roaming\Spotify
2014-08-24 17:23 - 2014-08-16 07:42 - 00006743 _____ () C:\Windows\wininit.ini
2014-08-24 17:22 - 2014-08-24 16:43 - 00626569 _____ () C:\Users\Beth\Desktop\avgremover.log
2014-08-23 10:26 - 2014-08-23 10:26 - 00099320 _____ () C:\Users\Beth\Downloads\Extras.Txt
2014-08-23 10:23 - 2014-08-23 10:23 - 00111794 _____ () C:\Users\Beth\Downloads\OTL.Txt
2014-08-23 10:05 - 2014-08-23 10:05 - 00602112 _____ (OldTimer Tools) C:\Users\Beth\Desktop\OTL.exe
2014-08-23 09:23 - 2011-12-19 07:36 - 00000000 ____D () C:\Users\Beth\AppData\Local\CrashDumps
2014-08-23 09:06 - 2013-12-21 09:06 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBeth
2014-08-23 09:06 - 2012-07-12 18:31 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForBeth.job
2014-08-21 19:52 - 2014-08-01 20:36 - 00000000 ____D () C:\Users\Beth\Documents\Lesson Plans
2014-08-21 17:51 - 2011-12-08 18:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-21 17:50 - 2011-12-15 20:01 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-21 06:50 - 2014-08-21 06:50 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-08-20 21:14 - 2012-04-03 22:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-20 21:13 - 2013-03-11 23:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-20 19:09 - 2014-08-20 19:09 - 00014573 ____H () C:\Users\Beth\Downloads\~WRL0004.tmp
2014-08-20 18:45 - 2012-04-24 20:00 - 00000000 ____D () C:\Users\Beth\AppData\Local\Spotify
2014-08-20 16:13 - 2014-08-20 16:13 - 00660480 _____ () C:\Users\Beth\Downloads\Rainy Day Dismissal 14-15.ppt
2014-08-18 20:01 - 2013-01-23 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-17 11:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-16 09:34 - 2014-08-01 20:34 - 00000000 ____D () C:\Users\Beth\Documents\Pre-K Items
2014-08-16 06:15 - 2014-08-16 06:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-16 06:05 - 2014-08-16 06:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Beth\Downloads\spybot-2.4.exe
2014-08-15 20:23 - 2014-07-27 18:14 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 04:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 21:17 - 2013-07-30 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 21:11 - 2011-11-25 22:04 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 20:57 - 2014-05-06 21:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-10 02:02 - 2014-08-10 02:02 - 00386048 _____ () C:\Users\Beth\Downloads\poem.pub
2014-08-10 01:30 - 2014-08-10 01:30 - 12086784 _____ () C:\Users\Beth\Downloads\Snake_letters__shapes__numbers__colors_1.pub
2014-08-10 00:46 - 2014-08-10 00:46 - 02289152 _____ () C:\Users\Beth\Downloads\Shoes_for_Drama-_OL_1_.pub
2014-08-10 00:46 - 2014-08-10 00:46 - 00905728 _____ () C:\Users\Beth\Downloads\Retell_the_Story-The_Giraffe_Made_Her_La.pub
2014-08-10 00:08 - 2014-08-07 10:18 - 00000000 ____D () C:\Users\Beth\Desktop\ELLM Materials
2014-08-09 23:52 - 2014-08-09 23:52 - 00001069 _____ () C:\Users\Beth\Documents\Documents.lnk
2014-08-09 23:03 - 2014-08-09 22:58 - 00000000 ____D () C:\Users\Beth\Desktop\weekly_photo
2014-08-07 23:10 - 2014-08-07 23:10 - 00213087 _____ () C:\Users\Beth\Documents\brownbar_wordcards.pptx
2014-08-07 19:38 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-06 22:06 - 2014-08-14 06:48 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-14 06:48 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 12:10 - 2014-08-06 12:08 - 94040106 _____ () C:\Users\Beth\Downloads\FREEDigitalBackgroundsLateSummerIslandintheSandEdition.zip
2014-08-06 11:48 - 2014-08-06 11:48 - 03081400 _____ () C:\Users\Beth\Downloads\BACKSCHOOLFREEBIEDotPapers.zip
2014-08-06 11:47 - 2014-08-06 11:47 - 01588139 _____ () C:\Users\Beth\Downloads\GinghamPatternDigitalPaper.zip
2014-08-05 17:35 - 2011-11-23 21:25 - 00114408 _____ () C:\Users\Beth\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-05 10:52 - 2014-08-01 22:00 - 00000000 ____D () C:\Users\Beth\Desktop\TeachersPayTeachers
2014-08-03 22:18 - 2014-08-03 22:18 - 09903353 _____ () C:\Users\Beth\Desktop\bethplanner2014.pptx
2014-08-03 22:13 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 23:41 - 2012-01-22 09:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-01 23:41 - 2011-11-23 21:56 - 00000000 ____D () C:\Users\Beth\AppData\Local\Google
2014-08-01 21:52 - 2014-08-01 21:52 - 00000000 ____D () C:\Users\Beth\Documents\Flood2014
2014-08-01 19:35 - 2012-04-03 22:39 - 00000000 ____D () C:\Users\Beth\AppData\Local\Microsoft Help
2014-07-31 19:41 - 2014-08-14 06:49 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-14 06:49 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-27 19:04 - 2014-07-27 19:04 - 00000000 ____D () C:\ProgramData\GZ
2014-07-27 18:14 - 2014-07-27 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-25 10:52 - 2014-08-14 06:49 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 10:02 - 2014-08-14 06:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 10:01 - 2014-08-14 06:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 09:51 - 2014-08-14 06:49 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 09:30 - 2014-08-14 06:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 09:28 - 2014-08-14 06:49 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 09:28 - 2014-08-14 06:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 09:25 - 2014-08-14 06:49 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 09:25 - 2014-08-14 06:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 09:11 - 2014-08-14 06:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 09:10 - 2014-08-14 06:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 09:04 - 2014-08-14 06:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 09:03 - 2014-08-14 06:49 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 09:00 - 2014-08-14 06:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 09:00 - 2014-08-14 06:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 08:59 - 2014-08-14 06:49 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 08:47 - 2014-08-14 06:49 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 08:40 - 2014-08-14 06:49 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 08:34 - 2014-08-14 06:49 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 08:34 - 2014-08-14 06:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 08:33 - 2014-08-14 06:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 08:30 - 2014-08-14 06:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 08:28 - 2014-08-14 06:49 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 08:28 - 2014-08-14 06:49 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 08:21 - 2014-08-14 06:49 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 08:19 - 2014-08-14 06:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 08:18 - 2014-08-14 06:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 08:17 - 2014-08-14 06:49 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 08:17 - 2014-08-14 06:49 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 08:12 - 2014-08-14 06:49 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 08:10 - 2014-08-14 06:49 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 08:10 - 2014-08-14 06:49 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 08:08 - 2014-08-14 06:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 08:06 - 2014-08-14 06:49 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 07:52 - 2014-08-14 06:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 07:47 - 2014-08-14 06:49 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 07:43 - 2014-08-14 06:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 07:42 - 2014-08-14 06:49 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 07:39 - 2014-08-14 06:49 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 07:39 - 2014-08-14 06:49 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 07:36 - 2014-08-14 06:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 07:34 - 2014-08-14 06:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 07:29 - 2014-08-14 06:49 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 07:23 - 2014-08-14 06:49 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 07:13 - 2014-08-14 06:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 07:07 - 2014-08-14 06:49 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 07:07 - 2014-08-14 06:49 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 07:03 - 2014-08-14 06:49 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 06:52 - 2014-08-14 06:49 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 06:26 - 2014-08-14 06:49 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 06:17 - 2014-08-14 06:49 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 06:09 - 2014-08-14 06:49 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 06:05 - 2014-08-14 06:49 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 06:00 - 2014-08-14 06:49 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
 
Some content of TEMP:
====================
C:\Users\Beth\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 11:13
 
==================== End Of Log ============================
 
 
Additional Log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by Beth at 2014-08-24 21:40:12
Running from C:\Users\Beth\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Amazon Add to Wish List IE Extension 1.2 (HKLM-x32\...\Amazon Add to Wish List IE Extension) (Version: 1.2 - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60928.0618 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 1.00.0000 - AMD) Hidden
AMD System Monitor (HKLM-x32\...\{4144F415-7434-4501-97DE-CED4FAF64E7D}) (Version: 1.0.6 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Boardmaker Plus! (HKLM-x32\...\Boardmaker Plus!) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.4119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E17BF11-A72D-4DA8-BFAA-DD262C17C2DE}) (Version:  - Microsoft)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Elevated Installer (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.6.3 (HKLM-x32\...\{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}) (Version: 4.6.3.8096 - Evernote Corp.)
Garmin Communicator Plugin (HKLM-x32\...\{8ED02445-D491-414C-A56D-2ED6BBB7239A}) (Version: 3.0.1 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}) (Version: 2.1.13 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{25F3EC6C-BB03-4CEB-B36C-E656A9DD149E}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{999164B6-5B78-4DD3-BACE-7292640AD0DD}) (Version: 3.1.0.9760 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Secure Download Manager (HKLM-x32\...\{718B4606-2FEF-411B-B96E-4FC53B91EBC0}) (Version: 3.1.01 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
TweetDeck (HKLM-x32\...\{C5AC39F1-001D-4338-84C6-35109525588A}) (Version: 1.0.0 - Twitter, Inc.)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{E2C51083-2E10-4E61-8F36-E6308DD0FA94}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E2C51083-2E10-4E61-8F36-E6308DD0FA94}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
02-07-2014 19:05:00 Windows Update
06-07-2014 15:27:26 Windows Update
06-07-2014 23:08:55 Windows Backup
06-07-2014 23:18:28 Windows Backup
09-07-2014 18:41:10 Windows Update
13-07-2014 06:41:54 Windows Update
13-07-2014 23:00:17 Windows Backup
15-07-2014 19:32:53 Windows Backup
16-07-2014 21:02:04 Windows Update
19-07-2014 23:16:57 Windows Backup
20-07-2014 00:24:32 Windows Backup
20-07-2014 04:12:56 Windows Update
20-07-2014 07:00:56 Windows Backup
20-07-2014 20:06:04 Installed Java 7 Update 65
20-07-2014 23:00:14 Windows Backup
24-07-2014 21:48:07 Windows Update
27-07-2014 23:00:14 Windows Backup
02-08-2014 03:43:05 Removed Google Drive
02-08-2014 15:04:05 Removed QuickTime 7
04-08-2014 00:17:31 Windows Backup
10-08-2014 23:00:26 Windows Backup
15-08-2014 00:55:57 Windows Update
17-08-2014 23:00:32 Windows Backup
21-08-2014 01:09:53 Windows Update
24-08-2014 23:00:22 Windows Backup
25-08-2014 00:49:15 OTL Restore Point - 8/24/2014 8:49:14 PM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1C6583CC-E56F-4E95-BDDF-4F9ED7F7BD51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {1F5E97BD-CD43-4EC7-9C17-521D2199115E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.)
Task: {24024C96-1EAD-4BEA-A168-3C284A5CAC3B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PPT-Beth PPT => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {257E887B-45D9-41DD-B335-85414074DEEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2AD65816-6433-41AC-A4A4-AEE36D6EF047} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {4ADF271F-8AFF-4EA0-9D6A-A88C3E5C316F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {55876714-F16E-4373-A5FE-50616AAF0CC5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {62BEB4B5-E9A7-4F48-986D-227CD8E1BD86} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {71255D65-618B-4D61-9A3E-80872A95C6BF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {9EE67ADB-CAFF-468B-AA51-2A91AF69BAFE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {A33A5142-30FB-407D-B1A6-6755BD7C93B4} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {A78B6307-9A82-45F8-89D1-68A745FBD362} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A979D87B-2ADA-44D0-A471-23BF35F436C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AF81F5DC-8EA0-41F8-B42F-07979321C9B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {BFC0059F-C0EC-4CB4-AF19-C8635E3D5641} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C4CF5D96-D824-44B8-BC59-0C8FFF90672A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {D5FE9D7C-F4E7-487A-8DE7-D70C27625CBA} - System32\Tasks\Amazon Music Helper => C:\Users\Beth\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
Task: {DF6AA2DE-AC06-4327-A3B3-A6F2FEEABB2A} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-27] ()
Task: {E7C87CB9-2766-4D89-8654-421F93B17029} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.)
Task: {FDF27547-272E-413F-9049-8914B8CEBA6F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {FEAAB4EB-480D-4E4A-A439-60D27CF13C33} - System32\Tasks\HPCeeScheduleForBeth => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBeth.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-22 01:54 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-07-22 01:54 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2011-09-28 07:19 - 2011-09-28 07:19 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-12-19 23:34 - 2011-12-19 23:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2011-09-28 07:19 - 2011-09-28 07:19 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-28 07:06 - 2011-09-28 07:06 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 14:42 - 2011-06-17 14:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-08-24 21:31 - 2014-08-24 21:31 - 00098816 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\win32api.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00110080 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\pywintypes27.dll
2014-08-24 21:31 - 2014-08-24 21:31 - 00364544 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\pythoncom27.dll
2014-08-24 21:31 - 2014-08-24 21:31 - 00045568 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\_socket.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 01160704 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\_ssl.pyd
2014-08-24 21:31 - 2014-08-24 21:31 - 00320512 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\win32com.shell.shell.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00713216 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\_hashlib.pyd
2014-08-24 21:31 - 2014-08-24 21:31 - 01175040 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\wx._core_.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00805888 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\wx._gdi_.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00811008 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\wx._windows_.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 01062400 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\wx._controls_.pyd
2014-08-24 21:31 - 2014-08-24 21:31 - 00735232 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\wx._misc_.pyd
2014-08-24 21:31 - 2014-08-24 21:31 - 00128512 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\_elementtree.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00127488 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\pyexpat.pyd
2014-08-24 21:31 - 2014-08-24 21:31 - 00557056 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\pysqlite2._sqlite.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00007168 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\hashobjs_ext.pyd
2014-08-24 21:31 - 2014-08-24 21:31 - 00087552 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\_ctypes.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00119808 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\win32file.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00108544 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\win32security.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00018432 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\win32event.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00038912 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\win32inet.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00070656 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\wx._html2.pyd
2014-08-24 21:31 - 2014-08-24 21:31 - 00167936 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\win32gui.pyd
2014-08-24 21:31 - 2014-08-24 21:31 - 00011264 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\win32crypt.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00027136 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\_multiprocessing.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00686080 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\unicodedata.pyd
2014-08-24 21:31 - 2014-08-24 21:31 - 00122368 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\wx._wizard.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00010240 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\select.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00024064 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\win32pipe.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00025600 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\win32pdh.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00525640 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\windows._lib_cacheinvalidation.pyd
2014-08-24 21:31 - 2014-08-24 21:31 - 00035840 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\win32process.pyd
2014-08-24 21:32 - 2014-08-24 21:32 - 00017408 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\win32profile.pyd
2014-08-24 21:31 - 2014-08-24 21:31 - 00022528 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\win32ts.pyd
2014-08-24 21:31 - 2014-08-24 21:31 - 00078336 _____ () C:\Users\Beth\AppData\Local\Temp\_MEI33402\wx._animate.pyd
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-15 20:23 - 2014-08-06 23:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-15 20:23 - 2014-08-06 23:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-15 20:23 - 2014-08-06 23:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-15 20:23 - 2014-08-06 23:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-15 20:23 - 2014-08-06 23:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-15 20:23 - 2014-08-06 23:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Beth\Desktop\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\Beth\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Beth\Desktop\OTL.exe:BDU
AlternateDataStreams: C:\Users\Beth\Downloads\spybot-2.4.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2014 09:32:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 09:11:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 07:11:06 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).
 
Error: (08/24/2014 05:27:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 05:23:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDFSSvc.exe, version: 2.4.40.217, time stamp: 0x535a5114
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xb9c
Faulting application start time: 0xSDFSSvc.exe0
Faulting application path: SDFSSvc.exe1
Faulting module path: SDFSSvc.exe2
Report Id: SDFSSvc.exe3
 
Error: (08/24/2014 04:47:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 04:09:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 01:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1023990
 
Error: (08/24/2014 01:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1023990
 
Error: (08/24/2014 01:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (08/24/2014 09:34:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (08/24/2014 09:30:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (08/24/2014 09:13:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (08/24/2014 09:10:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (08/24/2014 08:48:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ABBYY FineReader 9.0 Sprint Licensing Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/24/2014 05:26:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (08/24/2014 04:46:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (08/24/2014 04:07:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (08/24/2014 01:56:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
 
Error: (08/24/2014 00:39:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
 
Microsoft Office Sessions:
=========================
Error: (08/24/2014 09:32:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 09:11:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 07:11:06 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005)
 
Error: (08/24/2014 05:27:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 05:23:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDFSSvc.exe2.4.40.217535a5114unknown0.0.0.000000000c000000500000000b9c01cfbfdc7b0c2329C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeunknownf0c7968f-2bd4-11e4-b0d6-101f74b5dacd
 
Error: (08/24/2014 04:47:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 04:09:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 01:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1023990
 
Error: (08/24/2014 01:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1023990
 
Error: (08/24/2014 01:56:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-3300M APU with Radeon™ HD Graphics
Percentage of memory in use: 58%
Total physical RAM: 3561.41 MB
Available physical RAM: 1489.64 MB
Total Pagefile: 7120.99 MB
Available Pagefile: 4084.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:446.77 GB) (Free:308.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.83 GB) (Free:0.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.01 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 533D6125)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ====

  • 0

#8
Positivelypt

Positivelypt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

From Start Up, I'd like to remove:

Acrobat Assistant 8.0

Reader_sl.exe

FUFAXRCV

FUFAXSTM

HPMSGSVC.exe

HPOSD

HPQuickWebProxy

StartCCC

GarminExpressTrayApp

GoogleDriveSync

iCloudServices

Spotify Web Helper

Adobe Gamma Loader.exe


  • 0

#9
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Excellent Job! Things are looking good. Please follow the next steps below.

 

Step#1 - Software Updater
Did you by chance overlook bullet#2 on Step#2 from the last post? It was to uninstall a program called Software Updater. Please do this or let me know why you decided not to. Thank you.

 

Step#2 - FRST Fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   2.35KB   109 downloads
    NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).

2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - Rootkit Scan

1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.

3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

Step#4 - Malwarebytes Scan

 

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

Step#5 - Security Check

 

1. Download Security Check from here or here.

2. Save it to your Desktop.

3. Right-click on SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.

4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

 

 

Step#6 - How's your machine running?

1. Reboot your machine and let me know how your startup is now.

2. Any other concerns with the machine?

 

 

 

Items for your next post

1. Contents of the FRST Fix log 

2. Contents of the Rootkit Scan log

3. Contents of the Malwarebytes log

4. Contents of the Security Check log

5. How's your machine running?


  • 0

#10
Positivelypt

Positivelypt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

I think I removed update.   Here is Step #2's Log --- still working on the rest.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03
Ran by Beth at 2014-08-26 18:14:07 Run:1
Running from C:\Users\Beth\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-27] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-37731821-757379780-1568986102-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-37731821-757379780-1568986102-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-37731821-757379780-1568986102-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-37731821-757379780-1568986102-1002\...\Run: [Spotify Web Helper] => C:\Users\Beth\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-17] (Spotify Ltd)
Startup: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
BootExecute: autocheck autochk * sdnclean64.exe
SearchScopes: HKCU - {D1DE6223-CC53-4EF3-A3DF-9BE8E6A0DA4B} URL = 
2014-08-16 06:15 - 2014-08-16 06:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-16 06:05 - 2014-08-16 06:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Beth\Downloads\spybot-2.4.exe
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FUFAXRCV => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FUFAXSTM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Quick Launch => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HPOSD => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HPQuickWebProxy => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\StartCCC => value deleted successfully.
HKU\S-1-5-21-37731821-757379780-1568986102-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GarminExpressTrayApp => value deleted successfully.
HKU\S-1-5-21-37731821-757379780-1568986102-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleDriveSync => value deleted successfully.
HKU\S-1-5-21-37731821-757379780-1568986102-1002\Software\Microsoft\Windows\CurrentVersion\Run\\iCloudServices => value deleted successfully.
HKU\S-1-5-21-37731821-757379780-1568986102-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify Web Helper => Value not found.
C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk => Moved successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1DE6223-CC53-4EF3-A3DF-9BE8E6A0DA4B}" => Key deleted successfully.
"HKCR\CLSID\{D1DE6223-CC53-4EF3-A3DF-9BE8E6A0DA4B}" => Key not found.
C:\Windows\System32\Tasks\Safer-Networking => Moved successfully.
C:\Users\Beth\Downloads\spybot-2.4.exe => Moved successfully.
 
==== End of Fixlog ====

  • 0

Advertisements


#11
Positivelypt

Positivelypt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Step # 3 Log:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-26 18:17:03
-----------------------------
18:17:03.882    OS Version: Windows x64 6.1.7601 Service Pack 1
18:17:03.882    Number of processors: 2 586 0x100
18:17:03.883    ComputerName: PPT  UserName: 
18:17:06.147    Initialize success
18:17:06.251    VM: initialized successfully
18:17:06.407    VM: Amd CPU BiosDisabled 
18:17:10.715    VM: supported disk I/O storport.sys
18:19:51.509    The log file has been saved successfully to "C:\Users\Beth\Desktop\aswMBR.txt"
18:20:14.252    AVAST engine defs: 14082601
18:20:20.612    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
18:20:20.619    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
18:20:20.768    Disk 0 MBR read successfully
18:20:20.776    Disk 0 MBR scan
18:20:20.915    Disk 0 Windows 7 default MBR code
18:20:20.919    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
18:20:20.923    Disk 0 default boot code
18:20:20.946    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       457489 MB offset 409600
18:20:20.979    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15187 MB offset 937347072
18:20:21.004    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     4063 MB offset 968450048
18:20:21.079    Disk 0 scanning C:\Windows\system32\drivers
18:20:36.706    Service scanning
18:20:41.207    Service bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5
18:21:07.115    Modules scanning
18:21:07.130    Disk 0 trace - called modules:
18:21:07.161    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys 
18:21:07.167    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045ee2a0]
18:21:07.173    3 CLASSPNP.SYS[fffff88001b4b43f] -> nt!IofCallDriver -> [0xfffffa80040eb830]
18:21:07.179    5 amd_xata.sys[fffff880010a2b3f] -> nt!IofCallDriver -> [0xfffffa80040e84a0]
18:21:07.186    7 ACPI.sys[fffff88000f497a1] -> nt!IofCallDriver -> \Device\00000067[0xfffffa80040e86c0]
18:21:08.846    AVAST engine scan C:\Windows
18:21:12.613    AVAST engine scan C:\Windows\system32
18:25:49.135    AVAST engine scan C:\Windows\system32\drivers
18:26:05.201    AVAST engine scan C:\Users\Beth
18:39:10.483    AVAST engine scan C:\ProgramData
18:42:49.529    Scan finished successfully
19:17:54.196    Disk 0 MBR has been saved successfully to "C:\Users\Beth\Desktop\MBR.dat"
19:17:54.207    The log file has been saved successfully to "C:\Users\Beth\De

  • 0

#12
Positivelypt

Positivelypt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/26/2014
Scan Time: 7:22:46 PM
Logfile: anti-malware-log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.26.09
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Beth
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311454
Time Elapsed: 18 min, 29 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-37731821-757379780-1568986102-1002\$r4xngtd.exe.4945.gzquar, , [270ac605097257dfa0abb1a97a879f61], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#13
Positivelypt

Positivelypt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Bitdefender Antivirus Free Edition   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Antivirus Free Edition gzserv.exe  
 Bitdefender Antivirus Free Edition gziface.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 

  • 0

#14
Positivelypt

Positivelypt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Start up is still slow with black screens and just the pointer at different stages of start up.

 

Java keeps asking to update, I say yes, and then it pops up again later.

 

Also, keeps telling me out of disc space for back ups -- but it has said that since I got the computer (new).  Is there a way to increase the memory used for that so I don't have to use a DVD?

 

Thank you very much for your time.


  • 0

#15
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Start up is still slow with black screens and just the pointer at different stages of start up.

 
I just want to confirm that this is still doing this after our fixes. So if you reboot right now you still have the same symptoms and the startup isn't any faster than it was. Please confirm.
 

Java keeps asking to update, I say yes, and then it pops up again later.

When you say pops up later...do you mean a few minutes later or a day or a week? The reason I ask is that Java is heavily exploited so is updated often. It's not uncommon to have to update this program monthly and sometimes more. You are nearly current with your version so I have to assume it has been updating when you were allowing it.
 

Also, keeps telling me out of disc space for back ups -- but it has said that since I got the computer (new).  Is there a way to increase the memory used for that so I don't have to use a DVD?

 
I will need more information on this in order to help you. Windows 7 doesn't have the best built-in backup...it has limitations. Please answer the questions below.


  • What is your goal with backups? Is it to back up your entire computer every time so that if the hard drive dies you can restore the entire thing in totality and be working again? Or is it just to back up your data. If you just back up your data and your hard drive dies, you would have to reload the Windows operating system and then restore your data to it.
  • Did you set up the backup yourself?
  • Is the backup on a schedule or do you just run it on demand when you want?
  • It appears you are backing up to DVD and would like to be able to backup to disk, is this correct?

Thank you.


  • 0






Similar Topics


Also tagged with one or more of these keywords: boot up, start, scan

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP