I have run MBAM and came out with 200 some malwares. Deleted them. Also ran a quick scan with avast which deleted two, and one boot scan which deleted one item. Currently running a full scan.
for the record, I dont know how long this computer has been infected. Just started using it the other day and my girl says its always been like this. If any of these log files are time sensitive, will they pick up any irregularities ?
Here is OTL log - Thanks for any help.
OTL logfile created on: 2/22/2014 5:02:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heidi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.74 Gb Total Physical Memory | 4.72 Gb Available Physical Memory | 60.95% Memory free
15.48 Gb Paging File | 11.92 Gb Available in Paging File | 76.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.20 Gb Total Space | 462.94 Gb Free Space | 67.46% Space Free | Partition Type: NTFS
Drive D: | 12.33 Gb Total Space | 2.23 Gb Free Space | 18.07% Space Free | Partition Type: NTFS
Drive E: | 4.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: HEIDI-PC | User Name: Heidi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/02/22 17:01:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heidi\Downloads\OTL.exe
PRC - [2014/02/22 11:29:15 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/22 11:29:15 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/20 17:36:10 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2014/02/20 17:35:51 | 001,758,160 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2014/02/19 18:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/30 15:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/01/22 12:47:36 | 001,102,656 | ---- | M] (SAMSUNG Electornics Co., Ltd.) -- C:\Users\Heidi\AppData\Roaming\VERIZON\UA_ar\UA.exe
PRC - [2014/01/21 21:41:34 | 000,454,656 | ---- | M] () -- C:\Users\Heidi\AppData\Local\GCC\Controller.exe
PRC - [2014/01/15 18:03:10 | 006,118,400 | ---- | M] (Spotify Ltd) -- C:\Users\Heidi\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/01/15 18:03:10 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/01/15 18:03:10 | 000,603,648 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2013/12/03 19:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\chrome.exe
PRC - [2011/09/21 17:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2009/08/05 13:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/03/16 00:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/16 00:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/16 00:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/16 00:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/22 14:35:31 | 001,157,120 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\_ssl.pyd
MOD - [2014/02/22 14:35:31 | 000,811,008 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._windows_.pyd
MOD - [2014/02/22 14:35:31 | 000,805,888 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._gdi_.pyd
MOD - [2014/02/22 14:35:31 | 000,712,192 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\_hashlib.pyd
MOD - [2014/02/22 14:35:31 | 000,110,080 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\PyWinTypes27.dll
MOD - [2014/02/22 14:35:31 | 000,026,624 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\_multiprocessing.pyd
MOD - [2014/02/22 14:35:30 | 001,175,040 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._core_.pyd
MOD - [2014/02/22 14:35:30 | 001,062,400 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._controls_.pyd
MOD - [2014/02/22 14:35:30 | 000,735,232 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._misc_.pyd
MOD - [2014/02/22 14:35:30 | 000,686,080 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\unicodedata.pyd
MOD - [2014/02/22 14:35:30 | 000,557,056 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\pysqlite2._sqlite.pyd
MOD - [2014/02/22 14:35:30 | 000,525,640 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\windows._lib_cacheinvalidation.pyd
MOD - [2014/02/22 14:35:30 | 000,364,544 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\pythoncom27.dll
MOD - [2014/02/22 14:35:30 | 000,320,512 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32com.shell.shell.pyd
MOD - [2014/02/22 14:35:30 | 000,128,512 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\_elementtree.pyd
MOD - [2014/02/22 14:35:30 | 000,127,488 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\pyexpat.pyd
MOD - [2014/02/22 14:35:30 | 000,122,368 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._wizard.pyd
MOD - [2014/02/22 14:35:30 | 000,119,808 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32file.pyd
MOD - [2014/02/22 14:35:30 | 000,108,544 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32security.pyd
MOD - [2014/02/22 14:35:30 | 000,098,816 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32api.pyd
MOD - [2014/02/22 14:35:30 | 000,087,040 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\_ctypes.pyd
MOD - [2014/02/22 14:35:30 | 000,070,656 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._html2.pyd
MOD - [2014/02/22 14:35:30 | 000,044,032 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\_socket.pyd
MOD - [2014/02/22 14:35:30 | 000,038,912 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32inet.pyd
MOD - [2014/02/22 14:35:30 | 000,035,840 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32process.pyd
MOD - [2014/02/22 14:35:30 | 000,025,600 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32pdh.pyd
MOD - [2014/02/22 14:35:30 | 000,024,064 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32pipe.pyd
MOD - [2014/02/22 14:35:30 | 000,022,528 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32ts.pyd
MOD - [2014/02/22 14:35:30 | 000,018,432 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32event.pyd
MOD - [2014/02/22 14:35:30 | 000,017,408 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32profile.pyd
MOD - [2014/02/22 14:35:30 | 000,011,264 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32crypt.pyd
MOD - [2014/02/22 14:35:30 | 000,010,240 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\select.pyd
MOD - [2014/02/22 11:29:16 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/02/19 18:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/19 18:03:04 | 013,632,840 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
MOD - [2014/02/19 18:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/19 18:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/19 18:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/19 18:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/19 18:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
MOD - [2014/01/21 21:41:34 | 000,454,656 | ---- | M] () -- C:\Users\Heidi\AppData\Local\GCC\Controller.exe
MOD - [2014/01/15 18:03:10 | 036,967,424 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/01/15 18:03:10 | 000,887,808 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Spotify\Data\libGLESv2.dll
MOD - [2014/01/15 18:03:10 | 000,603,648 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/01/15 18:03:10 | 000,109,568 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Spotify\Data\libEGL.dll
MOD - [2013/12/03 19:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 19:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\pdf.dll
MOD - [2013/12/03 19:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/13 05:15:50 | 000,206,336 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\GC\Profiles\{17329118-EA70-4BE7-A597-02E391A664CE}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
MOD - [2012/10/03 10:39:00 | 000,355,328 | ---- | M] () -- c:\Program Files (x86)\WxDownload\sprotector.dll
MOD - [2012/10/03 10:39:00 | 000,355,328 | ---- | M] () -- c:\Program Files (x86)\BrowseToSave\sprotector.dll
MOD - [2009/08/05 13:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/02/22 11:29:15 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/02/06 03:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 15:37:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/02/20 17:36:10 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/02/26 15:41:53 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/21 17:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/12 21:16:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2010/03/12 21:00:40 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe -- (Creative HOAL Licensing Service)
SRV - [2010/03/12 20:59:30 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/16 00:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/06/26 05:52:42 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/08/23 15:05:00 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/02/22 11:29:20 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/02/22 11:29:20 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/02/22 11:29:20 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/02/22 11:29:20 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/02/22 11:29:20 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/02/22 11:29:20 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/02/22 11:29:17 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/18 09:51:53 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/09/21 17:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/09/21 17:35:58 | 000,120,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symfw.sys -- (SYMFW)
DRV:64bit: - [2011/09/21 17:35:58 | 000,056,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2011/07/13 20:17:12 | 000,013,168 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)
DRV:64bit: - [2011/07/13 20:17:00 | 000,024,944 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2011/07/13 20:16:58 | 000,016,368 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/29 11:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/02 00:10:07 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/08/22 00:25:17 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/22 00:25:17 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/08/22 00:25:17 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/22 00:25:17 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/08/22 00:25:17 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/07/31 04:10:58 | 000,237,936 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/28 15:37:00 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 08:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/08 15:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2009/05/05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/04/10 01:20:30 | 000,028,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV - [2014/01/30 08:13:38 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20140131.002\ex64.sys -- (NAVEX15)
DRV - [2014/01/30 08:13:38 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20140131.002\eng64.sys -- (NAVENG)
DRV - [2014/01/18 16:26:00 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20140131.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/11/19 03:53:12 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/19 03:53:12 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{1488B0D8-C8BA-4917-9369-A1E8D65796BB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{888EFBE6-24C9-4FEA-867A-D906915A4D3D}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{1488B0D8-C8BA-4917-9369-A1E8D65796BB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{888EFBE6-24C9-4FEA-867A-D906915A4D3D}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {350EA9D6-5B5D-4AF0-8BFE-D42FA2D452F8}
IE - HKCU\..\SearchScopes\{350EA9D6-5B5D-4AF0-8BFE-D42FA2D452F8}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/19 02:28:28 | 000,000,000 | ---D | M]
[2009/12/06 18:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Extensions
[2009/12/06 18:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Extensions\[email protected]
========== Chrome ==========
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\30.9_1\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\32.10_0\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\32.11_0\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.71_0\crossrider
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.71_0\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmfpphcfebnafpojbfdlnjpojlpmohij\4_1\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi\10.26.7.519_0\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi\10.26.7.519_0\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.26.7.519_0\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.26.7.519_0\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Torntv V6.0) - {11111111-1111-1111-1111-110411591160} - C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-bho64.dll File not found
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (wxDownload Class) - {18B74079-1DEA-4E7C-D18F-46E7E84C8C35} - C:\ProgramData\wxDownload\509566c8ec297.ocx ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Spotify] C:\Users\Heidi\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk = C:\Users\Heidi\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{077F3A70-7717-4D92-A7AF-35F3424AC6FF}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20 - AppInit_DLLs: (c:\progra~2\wxdown~1\sprote~1.dll) - c:\Program Files (x86)\WxDownload\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\Program Files (x86)\BrowseToSave\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7e3d2dce-699c-11e3-92e9-002655484a9c}\Shell - "" = AutoRun
O33 - MountPoints2\{7e3d2dce-699c-11e3-92e9-002655484a9c}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{a273f151-8a8f-11e2-a6f5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a273f151-8a8f-11e2-a6f5-806e6f6e6963}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\J\Shell\phone\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/02/22 11:31:36 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\AVAST Software
[2014/02/22 11:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/02/22 11:29:56 | 000,080,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/02/22 11:29:52 | 001,038,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/02/22 11:29:50 | 000,421,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/02/22 11:29:48 | 000,078,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/02/22 11:29:45 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/02/22 11:29:33 | 000,334,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/02/22 11:29:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/02/22 11:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/02/22 11:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/02/21 22:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2014/02/21 22:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2014/02/21 22:17:00 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
[2014/02/21 22:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2014/02/21 22:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2014/02/21 22:16:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Verizon2.0_Log
[2014/02/21 22:16:00 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\VERIZON
[2014/02/21 12:28:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/19 21:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/19 21:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/19 19:55:09 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Malwarebytes
[2014/02/19 19:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/19 19:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/19 19:54:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/19 19:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/19 19:54:49 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\Programs
[2014/02/18 21:46:24 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/02/13 09:36:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2014/02/09 22:59:19 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\GCC
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/02/22 16:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/22 16:23:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/22 14:35:28 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/22 14:29:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 14:29:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 14:22:26 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHeidi.job
[2014/02/22 14:22:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/22 12:19:03 | 1939,779,583 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/22 11:30:48 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/02/22 11:29:20 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/02/22 11:29:20 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/02/22 11:29:20 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/02/22 11:29:20 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/02/22 11:29:20 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/02/22 11:29:20 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/02/22 11:29:20 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/02/22 11:29:17 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/02/22 11:29:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/02/22 01:38:32 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Heidi.job
[2014/02/21 22:52:35 | 001,639,460 | ---- | M] () -- C:\Users\Heidi\AppData\Local\tmpHOUSE EXTERIOR.JPG
[2014/02/21 22:52:33 | 004,828,287 | ---- | M] () -- C:\Users\Heidi\AppData\Local\tmpHOUSE EXTERIOR.0
[2014/02/21 22:17:00 | 000,001,968 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
[2014/02/20 19:27:35 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/19 19:55:00 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/18 21:46:24 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/02/17 00:26:02 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014/02/17 00:26:02 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014/02/17 00:26:02 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014/02/14 23:03:05 | 000,038,876 | ---- | M] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO 2.0
[2014/02/14 23:03:05 | 000,014,707 | ---- | M] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO 2.JPG
[2014/02/14 10:05:30 | 004,828,287 | ---- | M] () -- C:\Users\Heidi\Desktop\House Exterior.jpg
[2014/02/13 03:14:00 | 000,746,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/13 03:14:00 | 000,628,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/13 03:14:00 | 000,108,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/07 09:06:56 | 000,000,875 | ---- | M] () -- C:\Users\Heidi\Desktop\BitTorrent.lnk
[2014/02/07 09:06:56 | 000,000,855 | ---- | M] () -- C:\Users\Heidi\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/01/31 11:31:12 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/02/22 11:30:48 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/02/22 11:29:54 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/02/22 11:29:53 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/02/21 22:52:34 | 004,828,287 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpHOUSE EXTERIOR.0
[2014/02/21 22:52:34 | 001,639,460 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpHOUSE EXTERIOR.JPG
[2014/02/21 22:17:00 | 000,001,968 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
[2014/02/19 22:19:54 | 577,052,582 | ---- | C] () -- C:\Users\Heidi\Desktop\S01E05 - The Wolf and the Lion.avi
[2014/02/19 22:19:07 | 577,023,976 | ---- | C] () -- C:\Users\Heidi\Desktop\S01E04 - Cripples, [bleep]s and Broken Things.avi
[2014/02/19 22:18:21 | 576,992,536 | ---- | C] () -- C:\Users\Heidi\Desktop\S01E03 - Lord Snow.avi
[2014/02/19 19:55:00 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/14 23:03:05 | 000,038,876 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO 2.0
[2014/02/14 23:03:05 | 000,014,707 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO 2.JPG
[2014/02/14 10:05:30 | 004,828,287 | ---- | C] () -- C:\Users\Heidi\Desktop\House Exterior.jpg
[2014/02/12 22:21:15 | 577,065,206 | ---- | C] () -- C:\Users\Heidi\Desktop\S01E02 - The Kingsroad.avi
[2014/01/07 12:29:35 | 000,823,346 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpRANDOM 2009 024.JPG
[2014/01/07 12:29:34 | 003,330,516 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpRANDOM 2009 024.0
[2014/01/07 12:22:51 | 000,153,204 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmp2011 104.0
[2014/01/07 12:22:51 | 000,092,006 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmp2011 104.JPG
[2013/07/31 16:42:03 | 000,000,632 | RHS- | C] () -- C:\Users\Heidi\ntuser.pol
[2013/03/07 16:24:10 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/03/07 16:24:10 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/03/07 16:24:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/03/07 16:24:10 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/02/04 16:34:15 | 003,200,960 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 161.0
[2012/02/04 16:34:15 | 001,251,100 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 161.JPG
[2012/01/08 22:16:48 | 002,805,768 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 188.0
[2012/01/08 22:16:48 | 000,434,304 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 188.JPG
[2012/01/08 22:14:12 | 003,360,781 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 183.0
[2012/01/08 22:14:12 | 001,049,162 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 183.JPG
[2012/01/08 22:11:50 | 002,987,763 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 185.0
[2012/01/08 22:11:50 | 000,702,324 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 185.JPG
[2012/01/08 22:11:13 | 003,148,665 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 184.0
[2012/01/08 22:11:13 | 000,909,962 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 184.JPG
[2012/01/08 22:10:42 | 000,697,823 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 171.2
[2012/01/08 22:10:41 | 000,704,246 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 171.1
[2012/01/08 22:10:39 | 000,707,635 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 171.JPG
[2012/01/08 22:10:38 | 003,049,190 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 171.0
[2011/04/03 12:09:01 | 000,228,934 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\UserTile.png
[2011/02/18 22:21:19 | 000,788,085 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpFRED.JPG
[2011/02/03 21:55:41 | 000,040,736 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO[1].1
[2011/02/03 21:55:40 | 000,108,888 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO[1].0
[2011/02/03 21:55:40 | 000,040,745 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO[1].JPG
[2010/12/15 19:02:11 | 000,680,525 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 141.JPG
[2010/12/15 19:02:10 | 002,849,514 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 141.0
[2010/12/15 19:01:26 | 000,713,111 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 140.JPG
[2010/12/15 19:01:25 | 002,931,818 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 140.0
[2010/10/04 20:24:53 | 000,030,814 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpWORLDS-LARGEST-AND-WEIRDEST-BUNNY.JPG
[2010/03/09 19:04:55 | 000,026,449 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSC03618.JPG
[2010/03/09 19:04:55 | 000,026,346 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSC03618.0
[2010/02/19 15:50:35 | 000,578,256 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN9156.JPG
[2010/02/19 15:50:34 | 000,559,897 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN9156.0
[2010/01/11 20:34:49 | 001,176,251 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpIMG_0070.JPG
[2010/01/11 20:34:48 | 002,565,389 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpIMG_0070.0
[2009/12/29 11:45:01 | 000,940,531 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0845.JPG
[2009/12/24 13:19:27 | 000,608,048 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0800.JPG
[2009/12/24 13:19:26 | 001,862,850 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0800.0
[2009/12/24 13:07:59 | 002,522,941 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0784.JPG
[2009/12/24 13:04:13 | 002,522,941 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0784.0
[2009/12/24 12:59:58 | 002,657,112 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0765.0
[2009/12/24 12:59:58 | 000,924,404 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0765.JPG
[2009/12/04 20:36:39 | 000,000,060 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/02/22 11:31:36 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\AVAST Software
[2014/02/10 16:27:02 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\BitTorrent
[2011/10/20 18:28:01 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\GARMIN
[2013/08/03 13:49:53 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\LimeWire
[2011/02/06 01:44:01 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\LolClient
[2010/04/29 12:01:46 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\mjusbsp
[2009/12/02 00:08:59 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\PictureMover
[2012/07/22 17:24:25 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\SMART Technologies
[2012/07/22 16:58:07 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\SMART Technologies Inc
[2014/02/22 17:07:00 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\Spotify
[2010/12/22 19:07:35 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\Template
[2010/02/02 21:32:38 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\WinBatch
========== Purity Check ==========
< End of report >
And here is the Extras information.
OTL Extras logfile created on: 2/22/2014 5:02:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heidi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.74 Gb Total Physical Memory | 4.72 Gb Available Physical Memory | 60.95% Memory free
15.48 Gb Paging File | 11.92 Gb Available in Paging File | 76.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.20 Gb Total Space | 462.94 Gb Free Space | 67.46% Space Free | Partition Type: NTFS
Drive D: | 12.33 Gb Total Space | 2.23 Gb Free Space | 18.07% Space Free | Partition Type: NTFS
Drive E: | 4.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: HEIDI-PC | User Name: Heidi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D66ED1-D442-47D2-94CA-B25372901837}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{058002C1-17B2-4CE8-979B-EED5AFA8094B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{0AF2C911-FF77-43A9-B8C9-71CF4011F30A}" = rport=139 | protocol=6 | dir=out | app=system |
"{1B6B2CB6-D096-4A97-9F00-63B777FE6CF4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1E05456C-9549-494E-88C5-7D1BF04C708B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1E77EA9A-98D8-4A78-AA96-C198B0682216}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1EF450A4-D499-4283-9871-DA5E66E6CF2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2467921D-5E8E-4DE0-886A-E6471AED1D49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2795CCC7-C758-4D46-AA40-EA6043DEADD6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28FF1AA3-755D-4988-9BCD-1E2D858E526B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B24B242-E856-41EB-ABEC-9D8EA549EB43}" = lport=2869 | protocol=6 | dir=in | app=system |
"{312894AB-BB97-4946-A666-4E99138A05F6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{34C2F831-5302-408D-8A59-F0B45147A0A6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{35F02448-252C-4FC0-BE91-AF14D5D62472}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54E00B6E-558E-44E6-BBF2-DD7904F876CF}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{57023516-06E2-441B-8767-29C76F0F80B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67B7CD94-83AB-4FB3-80F8-26BC47C9DF99}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{6A7E598E-A17F-4F1A-9D99-DB817A7C126A}" = rport=137 | protocol=17 | dir=out | app=system |
"{722AB39B-276D-45BD-9E27-5CFCFCB75BEE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77524C20-AF48-4BE2-ACBF-A27F5971713B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{77E1795A-C567-42D9-A81F-6CBF6E77BEE9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{781FE154-890C-4223-8A7B-E84D4614827B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7DB7A3E5-508E-4B30-96A2-2D9AAB620F80}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DB945A9-804D-48CE-B13D-D8EFC9850787}" = lport=137 | protocol=17 | dir=in | app=system |
"{803FD5DD-AF5F-4A00-BA13-1EF1B3EEE2F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88DBC8EA-2952-4325-85FE-30604F0731E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A3637D1-75F4-4D3B-9E74-64E71FE762DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{8AC8A324-2369-40DE-92F3-B836E210BB00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB9550B1-4B9B-41A4-B916-FE9F557CBA55}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BA92A334-F9BB-49F4-990C-0201A6AA4352}" = lport=138 | protocol=17 | dir=in | app=system |
"{BAB68302-FA4B-4487-86F9-1B4595EF75ED}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{BC1413FA-C3A8-45E3-B545-806C34576BE4}" = rport=445 | protocol=6 | dir=out | app=system |
"{DAD14DB6-3CBC-496C-95BE-2D3B836B047B}" = lport=139 | protocol=6 | dir=in | app=system |
"{E174D311-8586-4224-B5CB-F5C227FE8015}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{E4CF84A8-2477-4C2B-9E75-1E22281C1E33}" = lport=445 | protocol=6 | dir=in | app=system |
"{E929045F-00CF-4E55-9B7D-7D66476FFC76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D3F875-D31A-4CB6-BB2F-74F5289C4440}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{08D34353-1041-4C68-B318-CB547A87BD2E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{0AC49250-B548-496F-877A-4F62A90DED06}" = protocol=1 | dir=in | [email protected],-28543 |
"{0B364113-3082-4E59-B7F9-C76ED798BEBD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{102811AF-B1F9-4E02-9993-E5495DED9C2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1353C601-BA9C-4FB8-8A62-587CC5A978DD}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{190D53EC-5720-4AD0-8BEE-D010275A61A1}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{1EF2913E-AA18-460E-A5C1-D19DEB86421C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{20CFE74A-873C-4A8A-B2BB-D8CB4C311731}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{258627A7-E9AF-484B-BF16-C4E43C50DF08}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{32D9EAB6-8F19-467B-A9DB-DF596DB28A47}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{32F3FBD3-7BE4-49D6-9BFF-0A393870AF15}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3679FA3D-9737-4759-84E8-1FFA9EB55AAA}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{3882361E-E0CD-453C-B9A8-3972DFB86CDC}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{38EBF4C5-96D6-49E5-903D-288C97CD2EDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{39402D85-A385-4737-B2F1-BA515DB3DF22}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{3FCA617D-BB0C-461E-A030-639F347FDE60}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{41BCD985-9A01-4014-A1A5-147DA81EDF37}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{468770B8-028A-450D-BFE4-4F16E5AC9459}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{47EC22F6-16A5-4A4F-B457-1C805B0DC990}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{4AC0BD55-73E7-4CF6-8972-F91AF42F6B45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FA4B8D0-6766-4537-9B98-6A6A527F492B}" = protocol=1 | dir=out | [email protected],-28544 |
"{502ED036-2B70-4932-BB78-8FDBEA11B938}" = protocol=58 | dir=out | [email protected],-28546 |
"{555A076B-7D2E-4B54-9247-0308F3132F30}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{556E7F85-556E-4C5F-B703-6EC7FFB1DD22}" = protocol=17 | dir=in | app=c:\users\heidi\appdata\roaming\bittorrent\bittorrent.exe |
"{5ACBF2F7-F462-44F9-B28F-FB04E1344B9B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{62635157-BA44-4A33-9F9A-362CB77B7B7F}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{64644C9E-457D-4553-8D85-6FF3C475ACC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{68A0D332-0E6B-4C47-A85F-5582FDACF778}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6ADD38B1-E885-42C1-9433-849B45A151F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B8258EE-7ED9-46FA-9CDB-1EC8BE7F976B}" = dir=in | app=c:\users\heidi\appdata\local\gcc\controller.exe |
"{6C51E1D8-F2D9-4300-8627-78603492E667}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{72A2627A-1BF0-418E-92F2-1BD50214703F}" = protocol=6 | dir=out | app=system |
"{7593631C-F902-43C1-A3D5-CEC707B347CF}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{78B0CFB0-74E5-44C9-9E0B-9FDA7A7F6A81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85BA8618-413A-4B4F-B723-60010E8FBADD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{88B4AF3B-010B-4894-8616-5CBCD2146960}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{973310F4-3857-40E6-AD94-EFA003B1F221}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{97950527-57D7-4608-8D68-945BDDA17AC0}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{9E5E58D1-7838-4A9F-9098-B86BAD7BF9DA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A41CE5BF-C6F8-4898-9629-ABEB347AE939}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A4DD6F4C-F881-4C79-A1FA-DB87CFE92F14}" = protocol=6 | dir=in | app=c:\users\heidi\appdata\roaming\bittorrent\bittorrent.exe |
"{A9B67BCB-15B8-46D6-803C-F10563D36345}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{AAE4F831-7996-4D79-B0A9-DCA7A429D7BF}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{ADC13F4B-5F56-4D1C-A767-E6DCB36655F5}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{AF277E94-ABFD-4BFE-99DB-7E543A5C1509}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{B07AF51F-39F6-4C11-9BA1-05448F4F2032}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{B193FF59-EB06-4153-99F9-112001E8E2DC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B41418FD-C386-4D3B-B96E-C1FC84CC4F71}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4199D72-99C3-49CF-BB9E-37BD205A4CF6}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{B7B65336-552E-4C81-951E-0ACF18941E89}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBB92DD1-5337-4BE5-BA46-91085ACB371C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{BCCE433C-D7A4-4F34-8BAA-C0BBA9B93840}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{BE02F9D0-55AD-4002-AAAD-87B78BCCC939}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C39DA7FD-A397-4F04-8D0C-5B4B1AF39FC6}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe |
"{C3C2DBD8-B84D-4AAD-B20E-769571986B87}" = protocol=58 | dir=in | [email protected],-28545 |
"{C49513DD-F58F-4500-8865-6D26E269AA53}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{CD84C9CC-8FF8-45BF-8BD4-7338399CEDEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D390DFAC-5AD7-4857-B629-980BDAF3B016}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D39E2F15-1079-4176-BABC-8B533D02FBE0}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{D5754BF7-A9BD-4EF4-A636-85D8F1B6759E}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe |
"{D5F42FF1-3BC1-4C1A-AAC1-5DF73F4B4D78}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DCAD5D66-0E5A-4A45-B167-22B65EB9D644}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{EC0F9110-C272-4501-A4F1-274746EF63A5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{F42AEC5C-767E-431F-85DC-3287C705FCDE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F6C487B9-D9E3-4F1F-B5BA-EAFE992F2604}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{FCCCB74D-B41C-4D33-8EB6-094BD62C054C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{FC8F064B-68BC-4E42-8339-0299476F4AFF}C:\users\heidi\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\heidi\appdata\roaming\spotify\spotify.exe |
"UDP Query User{5D559D1D-1EA9-4B12-86B4-AD784E1FC331}C:\users\heidi\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\heidi\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3074A81C-BA02-4D42-AFA9-F220EB978AEA}" = WxDownload Expansion
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7371196E-FA5B-43AE-1AE2-875E98869B47}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88882852-5C7D-A48B-15F3-8D13CABDA7A3}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5B3F429-273D-530D-B1E6-6F1F6E50D6DF}" = BrowseToSave
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Hardware Diagnostic Tools
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0284181F-355D-C4E1-B483-41992C48490E}" = CCC Help German
"{041E914E-7B73-4E8B-967F-B7FFC527FF80}" = Verizon Wireless Software Utility Application for Android - Samsung
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{07FF3AA8-0BC6-8861-F27F-2ED442F5C03E}" = CCC Help English
"{088DF54D-6FFC-8C91-02D5-A461DCC2E652}" =
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{14A4957E-46DB-4821-528D-8381B4376FE2}" = CCC Help Korean
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{2485354C-6B65-4978-BB91-CCE61442377B}" = SUABnR
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2E4BEAC4-FB73-9657-A5B2-42F508AF98FE}" = CCC Help Finnish
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{36B90A24-CE03-79C6-3DEE-1EFEE456377F}" = Catalyst Control Center Graphics Full Existing
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
"{3B18BAAA-1734-8CA1-1A04-B68A06A1F9C9}" = Catalyst Control Center Graphics Full New
"{3E450CF1-F8C4-C8D6-29D1-87AD090E8F2A}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4377068C-A88F-53F7-EDAF-DBD7990AEB93}" = CCC Help Swedish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4907BDCE-4DF2-350C-24B2-9C509F004F1D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{4F524A2D-5637-006A-76A7-A758B70C0A03}" = Ask Toolbar
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5B0D4B33-FB4C-CB95-38D3-66F4B942661E}" = CCC Help Japanese
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5B3A354B-C059-4861-A85B-CA46F1089E15}" = Creative USB Headsets
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{628690B9-A523-B37A-E001-D8E4581D573D}" = Catalyst Control Center Localization All
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AC35F19-C3DF-6455-C9E2-1E77BA42D3BC}" = Catalyst Control Center Graphics Previews Vista
"{6D1A44ED-3D15-9BB3-43AE-91A077AE9212}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83907548-56BB-D892-1CAC-2F5EC0939B37}" = CCC Help Czech
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9062CED6-AECC-E6C6-E6A0-A654CE167554}" = CCC Help Portuguese
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97E32194-C626-92E1-9AB9-64AA00CC7380}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BB743020-0F2D-4E9B-922B-12014902B20F}" = Verizon Wireless Software Upgrade Assistant - Samsung(ar)
"{BE9CE924-DD9E-3A0D-EA16-9931D21FB3F5}" = CCC Help Turkish
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C285CFAB-889A-47C9-2959-A9B71B5E0BFB}" = CCC Help Hungarian
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C88256B0-1182-C1B2-FE22-C1BAC6BB0E83}" = CCC Help Norwegian
"{CA1A637B-5BFD-A325-BC4B-15D3D10B861C}" = Catalyst Control Center Core Implementation
"{CACBE764-2E09-5D88-E496-78F7B1E9FFAE}" = CCC Help Greek
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CEF9A199-8652-B2A0-8C82-5491CB57AC3A}" = CCC Help French
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D781BE32-516F-957C-C080-8365111CAC18}" = CCC Help Danish
"{DC2841DC-5ADC-8FDD-C3FD-5FD223426F38}" = CCC Help Polish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E3997715-B309-4098-98B6-AADD759A5A61}" = Garmin TOPO U.S. 100K v4
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB04773A-005D-3A2E-43C2-CEDE2645F1C3}" = ccc-core-static
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F1F24DF6-37BB-9905-9EB4-5C1E4D32B664}" = Catalyst Control Center Graphics Light
"{F20A4D6F-88ED-32BA-0C6D-BD6A692EFF29}" = CCC Help Italian
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F5AC7E52-BDF6-9948-73CD-BCE3C23632F3}" = CCC Help Dutch
"{F6FA1416-ABCF-3559-1ACA-CEAADD6AF3E8}" = CCC Help Thai
"{F86145F7-BF40-33F0-F07B-D10BE04F98AA}" = CCC Help Spanish
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avast" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Homepage Protection" = Homepage Protection
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}" = SUABnR
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LimeWire" = LimeWire 5.5.16
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoFiltre" = PhotoFiltre
"SP_0beb79c1" =
"SP_f2a323db" =
"SysInfo" = Creative System Information
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"VLC media player" = VLC media player 1.0.1
"WildTangent hp Master Uninstall" = HP Games
"wxDownload Fast_is1" = wxDownload Fast 0.6.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/8/2012 1:11:46 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/8/2012 1:11:46 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7004
Error - 12/8/2012 1:11:46 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004
Error - 12/8/2012 1:11:47 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/8/2012 1:11:47 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
Error - 12/8/2012 1:11:47 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003
Error - 12/8/2012 1:11:48 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/8/2012 1:11:48 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9001
Error - 12/8/2012 1:11:48 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9001
Error - 12/10/2012 2:05:43 AM | Computer Name = Heidi-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 12/12/2012 3:31:30 AM | Computer Name = Heidi-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
[ Hewlett-Packard Events ]
Error - 2/26/2010 6:01:32 PM | Computer Name = Heidi-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
[ Media Center Events ]
Error - 8/5/2013 10:35:35 PM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 8:35:35 PM - Error connecting to the internet. 8:35:35 PM - Unable
to contact server..
Error - 8/5/2013 10:36:06 PM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 8:36:04 PM - Error connecting to the internet. 8:36:04 PM - Unable
to contact server..
Error - 8/9/2013 5:11:06 AM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 3:11:04 AM - Error connecting to the internet. 3:11:04 AM - Unable
to contact server..
Error - 8/9/2013 6:11:38 AM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 4:11:37 AM - Error connecting to the internet. 4:11:37 AM - Unable
to contact server..
Error - 8/9/2013 7:12:10 AM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 5:12:08 AM - Error connecting to the internet. 5:12:08 AM - Unable
to contact server..
Error - 8/9/2013 8:12:42 AM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 6:12:40 AM - Error connecting to the internet. 6:12:40 AM - Unable
to contact server..
Error - 8/9/2013 10:12:14 AM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 8:12:12 AM - Error connecting to the internet. 8:12:12 AM - Unable
to contact server..
[ System Events ]
Error - 2/19/2014 9:22:53 PM | Computer Name = Heidi-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:10:54 PM on ?2/?19/?2014 was unexpected.
Error - 2/19/2014 9:27:58 PM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
Error - 2/19/2014 9:36:19 PM | Computer Name = Heidi-PC | Source = DCOM | ID = 10016
Description =
Error - 2/20/2014 12:11:21 AM | Computer Name = Heidi-PC | Source = DCOM | ID = 10016
Description =
Error - 2/21/2014 6:00:49 AM | Computer Name = Heidi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f020b: Canon - Imaging, Other hardware - Canon MG3200 series.
Error - 2/21/2014 10:30:09 PM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.
Error - 2/22/2014 12:00:02 AM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.
Error - 2/22/2014 1:38:35 AM | Computer Name = Heidi-PC | Source = DCOM | ID = 10016
Description =
Error - 2/22/2014 2:15:49 PM | Computer Name = Heidi-PC | Source = DCOM | ID = 10016
Description =
Error - 2/22/2014 5:36:44 PM | Computer Name = Heidi-PC | Source = DCOM | ID = 10016
Description =
< End of report >
Thanks again