OTL Extras logfile created on: 1/29/2014 4:00:17 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DADDY-O\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19489) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.50 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 55.28% Memory free 7.23 Gb Paging File | 5.74 Gb Available in Paging File | 79.45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195.31 Gb Total Space | 1.11 Gb Free Space | 0.57% Space Free | Partition Type: NTFS Drive O: | 244.14 Gb Total Space | 68.85 Gb Free Space | 28.20% Space Free | Partition Type: NTFS Drive P: | 259.19 Gb Total Space | 175.76 Gb Free Space | 67.81% Space Free | Partition Type: NTFS Drive X: | 74.50 Gb Total Space | 38.94 Gb Free Space | 52.26% Space Free | Partition Type: NTFS Computer Name: ANDERSON-FAMILY | User Name: DADDY-O | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3096217455-2040595721-2619135751-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2B53D3F7-1A2D-48F8-83FD-DE77687D3C53}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2D76DE47-ECE4-4BDC-B170-18747261CF69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2EE0C8FF-5DCE-41B1-9B46-9B8DA6CFAB43}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{300BE177-0C76-48D2-9253-52CA48668E11}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{33EB8D4F-F159-4DE5-8CB6-8E3809B2BE82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{366E5912-2626-4F2E-8830-8E8292C610BC}" = lport=445 | protocol=6 | dir=in | app=system | "{370D2BA2-548E-4E87-A316-AECE15F1990D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{39619021-D48C-40F1-A7EA-BF8F3B5F96AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3CD68AA6-3724-4CBC-B827-10358A8A9244}" = lport=139 | protocol=6 | dir=in | app=system | "{52F6893B-8081-42C2-81BF-171ED18D2773}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | "{5437A658-B01A-4510-B94F-2C9B85A17703}" = rport=10243 | protocol=6 | dir=out | app=system | "{56E7D1F0-6BB7-4555-8A5B-F2C8C1460E56}" = rport=445 | protocol=6 | dir=out | app=system | "{6108D5A9-04CD-4389-99AD-FA052FCA4722}" = lport=138 | protocol=17 | dir=in | app=system | "{70A81C5D-F864-4CF2-A4D9-C210E5A7C954}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{73195DDC-0830-46FA-A1F0-7BB4646B4F10}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{7CF852F5-9F17-4F71-8BFA-C18EE69FB4A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8A486FC2-94C2-4F89-BA08-B70E3F8EF330}" = rport=137 | protocol=17 | dir=out | app=system | "{936A068F-0FB4-453C-B018-6C1CC05383C2}" = lport=2869 | protocol=6 | dir=in | app=system | "{975E5E24-60AB-45FC-8282-7C0904A80152}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A29D3181-DFC0-4CD4-BE7B-171F16B13C95}" = lport=137 | protocol=17 | dir=in | app=system | "{A6DD8974-1ACB-4BD9-AE93-E079317CA28D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B21B3056-CFD1-4233-A444-1E0982C8BBE6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B4D8BF7C-B4AE-4847-B669-99449AD23B7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B8027437-C272-4197-86EB-83CA46D8E595}" = rport=138 | protocol=17 | dir=out | app=system | "{B8A69DF7-0455-4FB6-895B-DADD9628C494}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BA81C6EE-A1F6-4821-8F63-3AE2A43068B2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C3795D34-955C-40EF-BA0E-48BF4F79D925}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | "{CA527BB0-5AFE-4461-9DDD-C61E1C3BCF34}" = rport=139 | protocol=6 | dir=out | app=system | "{E63C0F67-64A0-4118-9321-28AB5D346E66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EDC8A243-4B43-47CB-BD83-745ECBFD644C}" = lport=8085 | protocol=6 | dir=in | name=okotogate | "{F382E98B-C908-4CAD-BE18-90C860FA5E9A}" = lport=10243 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{078361CD-442E-437B-936F-AFE8E88A7210}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{07966775-9411-4325-8725-F6F11839F6F9}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{0BAAD9BD-22AF-41CC-8A86-721A9C428DBA}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe | "{0DB27B17-657E-4378-90BC-4E52E9F38879}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0E1BE6E9-5F58-434D-8062-92A21ED3ED6E}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "{10C78E50-D74D-4FE7-9722-F989A740DDBA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{1A973CB6-0C1E-486B-9437-BABFF0D9595B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1D8F741E-DB9B-4832-8CE2-31FA78CFAD42}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1DBC0802-7F44-451A-9E24-2E7055F0230B}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{254019DD-F7C9-4DF4-890C-3B05D028D39C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{2C83F16E-C59B-4BAC-AB17-8A94C1950ABF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{2E40F55B-1FC1-4905-A016-5E3640106AC6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{2EBC6572-51A8-4A70-8A50-1DFA7710CC53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2F69830C-3A01-4008-8D96-AA1ACC3F9925}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{329D5530-D5FB-4B41-80EC-7ACD7D8AA949}" = dir=in | app=c:\program files\avg\avg8\avgdiagex.exe | "{34265B73-18FD-4B89-AE65-5F3485C9643B}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "{4318F4CA-C0DF-4236-8DD7-5325D3B5DE6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{55427455-251E-42CF-913B-C14F07EB39BF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{55C9FBEC-E583-41F8-9039-B728E099D8D9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{5F0CD044-43D2-475E-904C-512E26A3D6FD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{6D0A4794-1130-45C4-918A-846BC83B5861}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6DB5EBA8-819C-4E7E-84FA-D908AD44DE5F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{70E31B6B-612D-4F34-918D-5786F09B3CD5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{7441C3BE-A1F7-4936-80A6-6ED05DA33A60}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{76F9BB21-AACB-4D05-9EA3-F7C983E848A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7CD5AE5F-DCA0-4AFA-B760-1F02D057AA59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7EBBE8ED-E482-4B95-A653-751AA9DC2782}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{865541BF-8898-47C7-BB14-9A365E36C1A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8C70D963-4CB8-463F-AC1E-330C71496802}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8EB50286-0316-420C-A829-843D4253278B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{9206EEA4-9F39-466A-871F-4EAE5767EF16}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{94DDE41C-6CFA-4FF8-9D6B-02C15AF67B0A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{9701E00C-DE5B-4F17-AEAC-9927665C5FB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9F31F708-1AEC-45CC-9815-7F8570000EFB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{A4B52958-7382-40F7-A732-13BB5149A18C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A801C485-528E-446C-A51E-EF42E7820CF7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{A9755A04-9C4E-4F41-B3DF-292E5EC1FCB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{ADBF6EDD-7EC7-4929-98EE-AF4F1DDF05D0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B09FAAA2-F8BB-407F-8391-9876C9902701}" = dir=in | app=c:\program files\avg\avg8\avgam.exe | "{BD28135C-95FC-447D-96EC-4432C8580BD3}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "{BD3B639A-89C1-4BF2-A0D5-058440FEFDC5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{C7A29CE6-9CB4-44CC-BCF1-712F5A922A86}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | "{CD17B531-C2C3-4FF9-B097-6A427AFEF2B9}" = dir=in | app=c:\program files\avg\avg8\avgdiag.exe | "{CD1E8140-BB83-4615-9C70-C4C872BA727C}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{D9DA4B13-AE09-4A4A-B85E-0E4D608F4DD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E0D59E37-C1FD-4F85-8524-AA11834AF3C3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{E25A3FC8-E058-4726-9559-EA9D7D9A5181}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe | "{E538A988-52DE-43ED-BA86-DA8EE2F86870}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{E590F201-E2EC-42C3-82FD-D4663CFCA977}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe | "{EA46F337-C0F2-4ED0-A1BD-E9ACE293033A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EC9800B7-672D-40DC-9101-7F6EE955B242}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{EDFD5DBA-216A-46B1-96A7-FE12260DC97E}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe | "{F0EDF6F1-B9FE-4051-8D43-21FCFFD50DF7}" = protocol=6 | dir=out | app=system | "{F3A356E1-A6C7-4812-88A1-698AA4288E41}" = dir=in | app=c:\program files\itunes\itunes.exe | "{F86454A6-8539-4007-AB9F-C1B02F993366}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{FBB4970A-EA28-4CB4-A8E9-3DB250B3B16A}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe | "{FCA36B8B-263A-4DB6-943D-851113BFE037}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{FFCC279A-7E26-4E9E-8C1A-62BC65318DB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{171E73CE-2078-47EF-B17A-71050B6D0FCD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{33DE5F51-F64B-41AE-9DE3-A2658D90D87E}C:\windows\system32\cimsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\cimsvr.exe | "TCP Query User{502B1932-5610-4B44-8611-F80C12B1AE59}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{FC0A2903-D4FB-477C-B849-E39749A10C6D}P:\unrealtournament 99\unrealtournament\system\unrealtournament.exe" = protocol=6 | dir=in | app=p:\unrealtournament 99\unrealtournament\system\unrealtournament.exe | "UDP Query User{862CA6A7-EB27-484D-994E-CD207EEDE701}P:\unrealtournament 99\unrealtournament\system\unrealtournament.exe" = protocol=17 | dir=in | app=p:\unrealtournament 99\unrealtournament\system\unrealtournament.exe | "UDP Query User{A2159613-9048-4485-8F9B-C6516A432C09}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{DE5F0E31-E458-4057-8A73-329993365811}C:\windows\system32\cimsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\cimsvr.exe | "UDP Query User{FC1212B5-C0D0-4F62-8A13-9A321DE8E163}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02C2F0BB-B480-4121-BE86-33B70E53070B}" = Perfect PDF Creator Essentials "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}" = Apple Mobile Device Support "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2 "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{40B939D8-C0DC-44E3-9EEF-DE3301B861A8}" = GEAR driver installer for x86 and x64 "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth "{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5 "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{616445AF-BBCF-41C1-A4D6-8CFF171C182D}" = iTunes "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone "{6D2693D3-2134-6D45-9A18-CC15CB1604BC}" = AVATAR Interactive Desktop "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}" = iCloud "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{81FAD5EA-19B2-4A06-89EC-D65CD23AAD55}" = AVG 2013 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8ADC6E57-8B8F-4E92-9E43-606E4D4FBFE9}" = AVG 2013 "{8D3CA626-155B-B851-C21F-C5E818FC1C32}" = Vimeo Uploader "{8E49C988-C8F1-4197-AA6B-94E49751F5D7}" = Microsoft IntelliType Pro 6.3 "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9) "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component "{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min "{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200 "{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help "{CF77710A-4915-4FC7-AD3F-9F40BDE0E13E}" = RepairSolutions "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1 "{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0 "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E25A469A-2E07-40F5-8B9E-C13B1358A431}" = calibre "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari "Adobe Acrobat 4.0" = Adobe Acrobat 4.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5 "Any Video Converter_is1" = Any Video Converter 3.3.7 "AVG" = AVG 2013 "com.oskoui-oskoui.avatar" = AVATAR Interactive Desktop "CutePDF Writer Installation" = CutePDF Writer 2.8 "DivX Setup" = DivX Setup "FileParade bundle uninstaller" = FileParade bundle uninstaller "FrostWire 5" = FrostWire 5.6.9 "Hardwood Solitaire III Lite" = Hardwood Solitaire III Lite "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing "InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "New LEGO Digital Designer" = LEGO Digital Designer "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Toshiba Backup Software" = Toshiba Backup Software "Toshiba Power Saver" = Toshiba Power Saver "vimeo.Duplo.3E2F2984357E7A95AE95C69EF2C5C14640284048.1" = Vimeo Uploader "WinRAR archiver" = WinRAR 5.01 (32-bit) "Xvid Video Codec 1.3.2" = Xvid Video Codec [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "UnityWebPlayer" = Unity Web Player [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 1/22/2014 12:24:53 AM | Computer Name = Anderson-Family | Source = Windows Search Service | ID = 3013 Description = Error - 1/22/2014 12:26:43 AM | Computer Name = Anderson-Family | Source = Windows Search Service | ID = 3013 Description = Error - 1/22/2014 12:26:43 AM | Computer Name = Anderson-Family | Source = Windows Search Service | ID = 3013 Description = Error - 1/26/2014 12:44:25 AM | Computer Name = Anderson-Family | Source = Windows Search Service | ID = 3013 Description = Error - 1/26/2014 12:44:25 AM | Computer Name = Anderson-Family | Source = Windows Search Service | ID = 3013 Description = Error - 1/27/2014 2:12:58 AM | Computer Name = Anderson-Family | Source = MsiInstaller | ID = 11920 Description = Error - 1/27/2014 2:22:43 AM | Computer Name = Anderson-Family | Source = MsiInstaller | ID = 11920 Description = Error - 1/28/2014 8:18:00 PM | Computer Name = Anderson-Family | Source = MsiInstaller | ID = 11920 Description = Error - 1/28/2014 8:18:32 PM | Computer Name = Anderson-Family | Source = MsiInstaller | ID = 11920 Description = Error - 1/28/2014 8:19:29 PM | Computer Name = Anderson-Family | Source = MsiInstaller | ID = 11920 Description = [ System Events ] Error - 1/28/2014 8:19:02 PM | Computer Name = Anderson-Family | Source = Service Control Manager | ID = 7000 Description = Error - 1/28/2014 8:23:26 PM | Computer Name = Anderson-Family | Source = Service Control Manager | ID = 7006 Description = Error - 1/28/2014 8:26:52 PM | Computer Name = Anderson-Family | Source = Service Control Manager | ID = 7038 Description = Error - 1/28/2014 8:26:52 PM | Computer Name = Anderson-Family | Source = Service Control Manager | ID = 7000 Description = Error - 1/29/2014 1:26:47 AM | Computer Name = Anderson-Family | Source = Service Control Manager | ID = 7006 Description = Error - 1/29/2014 7:49:11 PM | Computer Name = Anderson-Family | Source = Service Control Manager | ID = 7009 Description = Error - 1/29/2014 7:49:11 PM | Computer Name = Anderson-Family | Source = Service Control Manager | ID = 7000 Description = Error - 1/29/2014 7:49:11 PM | Computer Name = Anderson-Family | Source = Service Control Manager | ID = 7001 Description = Error - 1/29/2014 7:50:33 PM | Computer Name = Anderson-Family | Source = Service Control Manager | ID = 7038 Description = Error - 1/29/2014 7:50:33 PM | Computer Name = Anderson-Family | Source = Service Control Manager | ID = 7000 Description = < End of report >