Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer freezes intermittently and avast keeps blocking a website [So

Started by Bhinsz84 , Feb 22 2014 06:36 PM

  • This topic is locked This topic is locked

#1
Bhinsz84
Posted 22 February 2014 - 06:36 PM

Bhinsz84

    Member

  • Member
  • PipPip
  • 75 posts
Howdey howdey - as the title states, the computer freezes up for a few minutes then is fine for a little while. Avast keeps blocking a file or webpage ( will post details on it next time it happens)

I have run MBAM and came out with 200 some malwares. Deleted them. Also ran a quick scan with avast which deleted two, and one boot scan which deleted one item. Currently running a full scan.

for the record, I dont know how long this computer has been infected. Just started using it the other day and my girl says its always been like this. If any of these log files are time sensitive, will they pick up any irregularities ?

Here is OTL log - Thanks for any help.

OTL logfile created on: 2/22/2014 5:02:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heidi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 4.72 Gb Available Physical Memory | 60.95% Memory free
15.48 Gb Paging File | 11.92 Gb Available in Paging File | 76.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.20 Gb Total Space | 462.94 Gb Free Space | 67.46% Space Free | Partition Type: NTFS
Drive D: | 12.33 Gb Total Space | 2.23 Gb Free Space | 18.07% Space Free | Partition Type: NTFS
Drive E: | 4.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HEIDI-PC | User Name: Heidi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/22 17:01:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heidi\Downloads\OTL.exe
PRC - [2014/02/22 11:29:15 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/22 11:29:15 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/20 17:36:10 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2014/02/20 17:35:51 | 001,758,160 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2014/02/19 18:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/30 15:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/01/22 12:47:36 | 001,102,656 | ---- | M] (SAMSUNG Electornics Co., Ltd.) -- C:\Users\Heidi\AppData\Roaming\VERIZON\UA_ar\UA.exe
PRC - [2014/01/21 21:41:34 | 000,454,656 | ---- | M] () -- C:\Users\Heidi\AppData\Local\GCC\Controller.exe
PRC - [2014/01/15 18:03:10 | 006,118,400 | ---- | M] (Spotify Ltd) -- C:\Users\Heidi\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/01/15 18:03:10 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/01/15 18:03:10 | 000,603,648 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2013/12/03 19:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\chrome.exe
PRC - [2011/09/21 17:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2009/08/05 13:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/03/16 00:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/16 00:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/16 00:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/16 00:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/22 14:35:31 | 001,157,120 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\_ssl.pyd
MOD - [2014/02/22 14:35:31 | 000,811,008 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._windows_.pyd
MOD - [2014/02/22 14:35:31 | 000,805,888 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._gdi_.pyd
MOD - [2014/02/22 14:35:31 | 000,712,192 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\_hashlib.pyd
MOD - [2014/02/22 14:35:31 | 000,110,080 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\PyWinTypes27.dll
MOD - [2014/02/22 14:35:31 | 000,026,624 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\_multiprocessing.pyd
MOD - [2014/02/22 14:35:30 | 001,175,040 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._core_.pyd
MOD - [2014/02/22 14:35:30 | 001,062,400 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._controls_.pyd
MOD - [2014/02/22 14:35:30 | 000,735,232 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._misc_.pyd
MOD - [2014/02/22 14:35:30 | 000,686,080 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\unicodedata.pyd
MOD - [2014/02/22 14:35:30 | 000,557,056 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\pysqlite2._sqlite.pyd
MOD - [2014/02/22 14:35:30 | 000,525,640 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\windows._lib_cacheinvalidation.pyd
MOD - [2014/02/22 14:35:30 | 000,364,544 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\pythoncom27.dll
MOD - [2014/02/22 14:35:30 | 000,320,512 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32com.shell.shell.pyd
MOD - [2014/02/22 14:35:30 | 000,128,512 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\_elementtree.pyd
MOD - [2014/02/22 14:35:30 | 000,127,488 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\pyexpat.pyd
MOD - [2014/02/22 14:35:30 | 000,122,368 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._wizard.pyd
MOD - [2014/02/22 14:35:30 | 000,119,808 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32file.pyd
MOD - [2014/02/22 14:35:30 | 000,108,544 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32security.pyd
MOD - [2014/02/22 14:35:30 | 000,098,816 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32api.pyd
MOD - [2014/02/22 14:35:30 | 000,087,040 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\_ctypes.pyd
MOD - [2014/02/22 14:35:30 | 000,070,656 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\wx._html2.pyd
MOD - [2014/02/22 14:35:30 | 000,044,032 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\_socket.pyd
MOD - [2014/02/22 14:35:30 | 000,038,912 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32inet.pyd
MOD - [2014/02/22 14:35:30 | 000,035,840 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32process.pyd
MOD - [2014/02/22 14:35:30 | 000,025,600 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32pdh.pyd
MOD - [2014/02/22 14:35:30 | 000,024,064 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32pipe.pyd
MOD - [2014/02/22 14:35:30 | 000,022,528 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32ts.pyd
MOD - [2014/02/22 14:35:30 | 000,018,432 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32event.pyd
MOD - [2014/02/22 14:35:30 | 000,017,408 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32profile.pyd
MOD - [2014/02/22 14:35:30 | 000,011,264 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\win32crypt.pyd
MOD - [2014/02/22 14:35:30 | 000,010,240 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\_MEI25402\select.pyd
MOD - [2014/02/22 11:29:16 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/02/19 18:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/19 18:03:04 | 013,632,840 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
MOD - [2014/02/19 18:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/19 18:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/19 18:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/19 18:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/19 18:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
MOD - [2014/01/21 21:41:34 | 000,454,656 | ---- | M] () -- C:\Users\Heidi\AppData\Local\GCC\Controller.exe
MOD - [2014/01/15 18:03:10 | 036,967,424 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/01/15 18:03:10 | 000,887,808 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Spotify\Data\libGLESv2.dll
MOD - [2014/01/15 18:03:10 | 000,603,648 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/01/15 18:03:10 | 000,109,568 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Spotify\Data\libEGL.dll
MOD - [2013/12/03 19:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 19:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\pdf.dll
MOD - [2013/12/03 19:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/13 05:15:50 | 000,206,336 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Temp\GC\Profiles\{17329118-EA70-4BE7-A597-02E391A664CE}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
MOD - [2012/10/03 10:39:00 | 000,355,328 | ---- | M] () -- c:\Program Files (x86)\WxDownload\sprotector.dll
MOD - [2012/10/03 10:39:00 | 000,355,328 | ---- | M] () -- c:\Program Files (x86)\BrowseToSave\sprotector.dll
MOD - [2009/08/05 13:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/22 11:29:15 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/02/06 03:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 15:37:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/02/20 17:36:10 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/02/26 15:41:53 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/21 17:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/12 21:16:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2010/03/12 21:00:40 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe -- (Creative HOAL Licensing Service)
SRV - [2010/03/12 20:59:30 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/16 00:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/06/26 05:52:42 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/08/23 15:05:00 | 000,045,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/22 11:29:20 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/02/22 11:29:20 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/02/22 11:29:20 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/02/22 11:29:20 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/02/22 11:29:20 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/02/22 11:29:20 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/02/22 11:29:17 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/18 09:51:53 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/09/21 17:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/09/21 17:35:58 | 000,120,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symfw.sys -- (SYMFW)
DRV:64bit: - [2011/09/21 17:35:58 | 000,056,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2011/07/13 20:17:12 | 000,013,168 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)
DRV:64bit: - [2011/07/13 20:17:00 | 000,024,944 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2011/07/13 20:16:58 | 000,016,368 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/29 11:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/02 00:10:07 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/08/22 00:25:17 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/22 00:25:17 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/08/22 00:25:17 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/22 00:25:17 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/08/22 00:25:17 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/07/31 04:10:58 | 000,237,936 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/28 15:37:00 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 08:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/08 15:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2009/05/05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/04/10 01:20:30 | 000,028,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV - [2014/01/30 08:13:38 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20140131.002\ex64.sys -- (NAVEX15)
DRV - [2014/01/30 08:13:38 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20140131.002\eng64.sys -- (NAVENG)
DRV - [2014/01/18 16:26:00 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20140131.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/11/19 03:53:12 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/19 03:53:12 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{1488B0D8-C8BA-4917-9369-A1E8D65796BB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{888EFBE6-24C9-4FEA-867A-D906915A4D3D}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{1488B0D8-C8BA-4917-9369-A1E8D65796BB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{888EFBE6-24C9-4FEA-867A-D906915A4D3D}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {350EA9D6-5B5D-4AF0-8BFE-D42FA2D452F8}
IE - HKCU\..\SearchScopes\{350EA9D6-5B5D-4AF0-8BFE-D42FA2D452F8}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/19 02:28:28 | 000,000,000 | ---D | M]

[2009/12/06 18:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Extensions
[2009/12/06 18:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\30.9_1\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\32.10_0\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\32.11_0\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.71_0\crossrider
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.71_0\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmfpphcfebnafpojbfdlnjpojlpmohij\4_1\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi\10.26.7.519_0\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi\10.26.7.519_0\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.26.7.519_0\
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.26.7.519_0\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Torntv V6.0) - {11111111-1111-1111-1111-110411591160} - C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-bho64.dll File not found
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (wxDownload Class) - {18B74079-1DEA-4E7C-D18F-46E7E84C8C35} - C:\ProgramData\wxDownload\509566c8ec297.ocx ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Spotify] C:\Users\Heidi\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk = C:\Users\Heidi\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{077F3A70-7717-4D92-A7AF-35F3424AC6FF}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20 - AppInit_DLLs: (c:\progra~2\wxdown~1\sprote~1.dll) - c:\Program Files (x86)\WxDownload\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\Program Files (x86)\BrowseToSave\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7e3d2dce-699c-11e3-92e9-002655484a9c}\Shell - "" = AutoRun
O33 - MountPoints2\{7e3d2dce-699c-11e3-92e9-002655484a9c}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{a273f151-8a8f-11e2-a6f5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a273f151-8a8f-11e2-a6f5-806e6f6e6963}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\J\Shell\phone\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/22 11:31:36 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\AVAST Software
[2014/02/22 11:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/02/22 11:29:56 | 000,080,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/02/22 11:29:52 | 001,038,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/02/22 11:29:50 | 000,421,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/02/22 11:29:48 | 000,078,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/02/22 11:29:45 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/02/22 11:29:33 | 000,334,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/02/22 11:29:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/02/22 11:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/02/22 11:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/02/21 22:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2014/02/21 22:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2014/02/21 22:17:00 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
[2014/02/21 22:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2014/02/21 22:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2014/02/21 22:16:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Verizon2.0_Log
[2014/02/21 22:16:00 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\VERIZON
[2014/02/21 12:28:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/19 21:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/19 21:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/19 19:55:09 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Malwarebytes
[2014/02/19 19:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/19 19:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/19 19:54:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/19 19:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/19 19:54:49 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\Programs
[2014/02/18 21:46:24 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/02/13 09:36:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2014/02/09 22:59:19 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\GCC
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/22 16:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/22 16:23:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/22 14:35:28 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/22 14:29:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 14:29:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 14:22:26 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHeidi.job
[2014/02/22 14:22:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/22 12:19:03 | 1939,779,583 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/22 11:30:48 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/02/22 11:29:20 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/02/22 11:29:20 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/02/22 11:29:20 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/02/22 11:29:20 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/02/22 11:29:20 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/02/22 11:29:20 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/02/22 11:29:20 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/02/22 11:29:17 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/02/22 11:29:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/02/22 01:38:32 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Heidi.job
[2014/02/21 22:52:35 | 001,639,460 | ---- | M] () -- C:\Users\Heidi\AppData\Local\tmpHOUSE EXTERIOR.JPG
[2014/02/21 22:52:33 | 004,828,287 | ---- | M] () -- C:\Users\Heidi\AppData\Local\tmpHOUSE EXTERIOR.0
[2014/02/21 22:17:00 | 000,001,968 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
[2014/02/20 19:27:35 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/19 19:55:00 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/18 21:46:24 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/02/17 00:26:02 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014/02/17 00:26:02 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014/02/17 00:26:02 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014/02/14 23:03:05 | 000,038,876 | ---- | M] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO 2.0
[2014/02/14 23:03:05 | 000,014,707 | ---- | M] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO 2.JPG
[2014/02/14 10:05:30 | 004,828,287 | ---- | M] () -- C:\Users\Heidi\Desktop\House Exterior.jpg
[2014/02/13 03:14:00 | 000,746,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/13 03:14:00 | 000,628,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/13 03:14:00 | 000,108,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/07 09:06:56 | 000,000,875 | ---- | M] () -- C:\Users\Heidi\Desktop\BitTorrent.lnk
[2014/02/07 09:06:56 | 000,000,855 | ---- | M] () -- C:\Users\Heidi\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2014/01/31 11:31:12 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/22 11:30:48 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/02/22 11:29:54 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/02/22 11:29:53 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/02/21 22:52:34 | 004,828,287 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpHOUSE EXTERIOR.0
[2014/02/21 22:52:34 | 001,639,460 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpHOUSE EXTERIOR.JPG
[2014/02/21 22:17:00 | 000,001,968 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
[2014/02/19 22:19:54 | 577,052,582 | ---- | C] () -- C:\Users\Heidi\Desktop\S01E05 - The Wolf and the Lion.avi
[2014/02/19 22:19:07 | 577,023,976 | ---- | C] () -- C:\Users\Heidi\Desktop\S01E04 - Cripples, [bleep]s and Broken Things.avi
[2014/02/19 22:18:21 | 576,992,536 | ---- | C] () -- C:\Users\Heidi\Desktop\S01E03 - Lord Snow.avi
[2014/02/19 19:55:00 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/14 23:03:05 | 000,038,876 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO 2.0
[2014/02/14 23:03:05 | 000,014,707 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO 2.JPG
[2014/02/14 10:05:30 | 004,828,287 | ---- | C] () -- C:\Users\Heidi\Desktop\House Exterior.jpg
[2014/02/12 22:21:15 | 577,065,206 | ---- | C] () -- C:\Users\Heidi\Desktop\S01E02 - The Kingsroad.avi
[2014/01/07 12:29:35 | 000,823,346 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpRANDOM 2009 024.JPG
[2014/01/07 12:29:34 | 003,330,516 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpRANDOM 2009 024.0
[2014/01/07 12:22:51 | 000,153,204 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmp2011 104.0
[2014/01/07 12:22:51 | 000,092,006 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmp2011 104.JPG
[2013/07/31 16:42:03 | 000,000,632 | RHS- | C] () -- C:\Users\Heidi\ntuser.pol
[2013/03/07 16:24:10 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/03/07 16:24:10 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/03/07 16:24:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/03/07 16:24:10 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/02/04 16:34:15 | 003,200,960 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 161.0
[2012/02/04 16:34:15 | 001,251,100 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 161.JPG
[2012/01/08 22:16:48 | 002,805,768 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 188.0
[2012/01/08 22:16:48 | 000,434,304 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 188.JPG
[2012/01/08 22:14:12 | 003,360,781 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 183.0
[2012/01/08 22:14:12 | 001,049,162 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 183.JPG
[2012/01/08 22:11:50 | 002,987,763 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 185.0
[2012/01/08 22:11:50 | 000,702,324 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 185.JPG
[2012/01/08 22:11:13 | 003,148,665 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 184.0
[2012/01/08 22:11:13 | 000,909,962 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 184.JPG
[2012/01/08 22:10:42 | 000,697,823 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 171.2
[2012/01/08 22:10:41 | 000,704,246 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 171.1
[2012/01/08 22:10:39 | 000,707,635 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 171.JPG
[2012/01/08 22:10:38 | 003,049,190 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 171.0
[2011/04/03 12:09:01 | 000,228,934 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\UserTile.png
[2011/02/18 22:21:19 | 000,788,085 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpFRED.JPG
[2011/02/03 21:55:41 | 000,040,736 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO[1].1
[2011/02/03 21:55:40 | 000,108,888 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO[1].0
[2011/02/03 21:55:40 | 000,040,745 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPHOTO[1].JPG
[2010/12/15 19:02:11 | 000,680,525 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 141.JPG
[2010/12/15 19:02:10 | 002,849,514 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 141.0
[2010/12/15 19:01:26 | 000,713,111 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 140.JPG
[2010/12/15 19:01:25 | 002,931,818 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpPICTURE 140.0
[2010/10/04 20:24:53 | 000,030,814 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpWORLDS-LARGEST-AND-WEIRDEST-BUNNY.JPG
[2010/03/09 19:04:55 | 000,026,449 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSC03618.JPG
[2010/03/09 19:04:55 | 000,026,346 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSC03618.0
[2010/02/19 15:50:35 | 000,578,256 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN9156.JPG
[2010/02/19 15:50:34 | 000,559,897 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN9156.0
[2010/01/11 20:34:49 | 001,176,251 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpIMG_0070.JPG
[2010/01/11 20:34:48 | 002,565,389 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpIMG_0070.0
[2009/12/29 11:45:01 | 000,940,531 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0845.JPG
[2009/12/24 13:19:27 | 000,608,048 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0800.JPG
[2009/12/24 13:19:26 | 001,862,850 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0800.0
[2009/12/24 13:07:59 | 002,522,941 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0784.JPG
[2009/12/24 13:04:13 | 002,522,941 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0784.0
[2009/12/24 12:59:58 | 002,657,112 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0765.0
[2009/12/24 12:59:58 | 000,924,404 | ---- | C] () -- C:\Users\Heidi\AppData\Local\tmpDSCN0765.JPG
[2009/12/04 20:36:39 | 000,000,060 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/02/22 11:31:36 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\AVAST Software
[2014/02/10 16:27:02 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\BitTorrent
[2011/10/20 18:28:01 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\GARMIN
[2013/08/03 13:49:53 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\LimeWire
[2011/02/06 01:44:01 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\LolClient
[2010/04/29 12:01:46 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\mjusbsp
[2009/12/02 00:08:59 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\PictureMover
[2012/07/22 17:24:25 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\SMART Technologies
[2012/07/22 16:58:07 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\SMART Technologies Inc
[2014/02/22 17:07:00 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\Spotify
[2010/12/22 19:07:35 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\Template
[2010/02/02 21:32:38 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >

And here is the Extras information.

OTL Extras logfile created on: 2/22/2014 5:02:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heidi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.74 Gb Total Physical Memory | 4.72 Gb Available Physical Memory | 60.95% Memory free
15.48 Gb Paging File | 11.92 Gb Available in Paging File | 76.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.20 Gb Total Space | 462.94 Gb Free Space | 67.46% Space Free | Partition Type: NTFS
Drive D: | 12.33 Gb Total Space | 2.23 Gb Free Space | 18.07% Space Free | Partition Type: NTFS
Drive E: | 4.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HEIDI-PC | User Name: Heidi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D66ED1-D442-47D2-94CA-B25372901837}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{058002C1-17B2-4CE8-979B-EED5AFA8094B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{0AF2C911-FF77-43A9-B8C9-71CF4011F30A}" = rport=139 | protocol=6 | dir=out | app=system |
"{1B6B2CB6-D096-4A97-9F00-63B777FE6CF4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1E05456C-9549-494E-88C5-7D1BF04C708B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1E77EA9A-98D8-4A78-AA96-C198B0682216}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1EF450A4-D499-4283-9871-DA5E66E6CF2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2467921D-5E8E-4DE0-886A-E6471AED1D49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2795CCC7-C758-4D46-AA40-EA6043DEADD6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28FF1AA3-755D-4988-9BCD-1E2D858E526B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B24B242-E856-41EB-ABEC-9D8EA549EB43}" = lport=2869 | protocol=6 | dir=in | app=system |
"{312894AB-BB97-4946-A666-4E99138A05F6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{34C2F831-5302-408D-8A59-F0B45147A0A6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{35F02448-252C-4FC0-BE91-AF14D5D62472}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54E00B6E-558E-44E6-BBF2-DD7904F876CF}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{57023516-06E2-441B-8767-29C76F0F80B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67B7CD94-83AB-4FB3-80F8-26BC47C9DF99}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{6A7E598E-A17F-4F1A-9D99-DB817A7C126A}" = rport=137 | protocol=17 | dir=out | app=system |
"{722AB39B-276D-45BD-9E27-5CFCFCB75BEE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77524C20-AF48-4BE2-ACBF-A27F5971713B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{77E1795A-C567-42D9-A81F-6CBF6E77BEE9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{781FE154-890C-4223-8A7B-E84D4614827B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7DB7A3E5-508E-4B30-96A2-2D9AAB620F80}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DB945A9-804D-48CE-B13D-D8EFC9850787}" = lport=137 | protocol=17 | dir=in | app=system |
"{803FD5DD-AF5F-4A00-BA13-1EF1B3EEE2F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88DBC8EA-2952-4325-85FE-30604F0731E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A3637D1-75F4-4D3B-9E74-64E71FE762DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{8AC8A324-2369-40DE-92F3-B836E210BB00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB9550B1-4B9B-41A4-B916-FE9F557CBA55}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BA92A334-F9BB-49F4-990C-0201A6AA4352}" = lport=138 | protocol=17 | dir=in | app=system |
"{BAB68302-FA4B-4487-86F9-1B4595EF75ED}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{BC1413FA-C3A8-45E3-B545-806C34576BE4}" = rport=445 | protocol=6 | dir=out | app=system |
"{DAD14DB6-3CBC-496C-95BE-2D3B836B047B}" = lport=139 | protocol=6 | dir=in | app=system |
"{E174D311-8586-4224-B5CB-F5C227FE8015}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{E4CF84A8-2477-4C2B-9E75-1E22281C1E33}" = lport=445 | protocol=6 | dir=in | app=system |
"{E929045F-00CF-4E55-9B7D-7D66476FFC76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D3F875-D31A-4CB6-BB2F-74F5289C4440}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{08D34353-1041-4C68-B318-CB547A87BD2E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{0AC49250-B548-496F-877A-4F62A90DED06}" = protocol=1 | dir=in | [email protected],-28543 |
"{0B364113-3082-4E59-B7F9-C76ED798BEBD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{102811AF-B1F9-4E02-9993-E5495DED9C2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1353C601-BA9C-4FB8-8A62-587CC5A978DD}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{190D53EC-5720-4AD0-8BEE-D010275A61A1}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{1EF2913E-AA18-460E-A5C1-D19DEB86421C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{20CFE74A-873C-4A8A-B2BB-D8CB4C311731}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{258627A7-E9AF-484B-BF16-C4E43C50DF08}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{32D9EAB6-8F19-467B-A9DB-DF596DB28A47}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{32F3FBD3-7BE4-49D6-9BFF-0A393870AF15}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3679FA3D-9737-4759-84E8-1FFA9EB55AAA}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{3882361E-E0CD-453C-B9A8-3972DFB86CDC}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{38EBF4C5-96D6-49E5-903D-288C97CD2EDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{39402D85-A385-4737-B2F1-BA515DB3DF22}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{3FCA617D-BB0C-461E-A030-639F347FDE60}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{41BCD985-9A01-4014-A1A5-147DA81EDF37}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{468770B8-028A-450D-BFE4-4F16E5AC9459}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{47EC22F6-16A5-4A4F-B457-1C805B0DC990}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{4AC0BD55-73E7-4CF6-8972-F91AF42F6B45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FA4B8D0-6766-4537-9B98-6A6A527F492B}" = protocol=1 | dir=out | [email protected],-28544 |
"{502ED036-2B70-4932-BB78-8FDBEA11B938}" = protocol=58 | dir=out | [email protected],-28546 |
"{555A076B-7D2E-4B54-9247-0308F3132F30}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{556E7F85-556E-4C5F-B703-6EC7FFB1DD22}" = protocol=17 | dir=in | app=c:\users\heidi\appdata\roaming\bittorrent\bittorrent.exe |
"{5ACBF2F7-F462-44F9-B28F-FB04E1344B9B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{62635157-BA44-4A33-9F9A-362CB77B7B7F}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{64644C9E-457D-4553-8D85-6FF3C475ACC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{68A0D332-0E6B-4C47-A85F-5582FDACF778}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6ADD38B1-E885-42C1-9433-849B45A151F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B8258EE-7ED9-46FA-9CDB-1EC8BE7F976B}" = dir=in | app=c:\users\heidi\appdata\local\gcc\controller.exe |
"{6C51E1D8-F2D9-4300-8627-78603492E667}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{72A2627A-1BF0-418E-92F2-1BD50214703F}" = protocol=6 | dir=out | app=system |
"{7593631C-F902-43C1-A3D5-CEC707B347CF}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{78B0CFB0-74E5-44C9-9E0B-9FDA7A7F6A81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85BA8618-413A-4B4F-B723-60010E8FBADD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{88B4AF3B-010B-4894-8616-5CBCD2146960}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{973310F4-3857-40E6-AD94-EFA003B1F221}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{97950527-57D7-4608-8D68-945BDDA17AC0}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{9E5E58D1-7838-4A9F-9098-B86BAD7BF9DA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A41CE5BF-C6F8-4898-9629-ABEB347AE939}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A4DD6F4C-F881-4C79-A1FA-DB87CFE92F14}" = protocol=6 | dir=in | app=c:\users\heidi\appdata\roaming\bittorrent\bittorrent.exe |
"{A9B67BCB-15B8-46D6-803C-F10563D36345}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{AAE4F831-7996-4D79-B0A9-DCA7A429D7BF}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{ADC13F4B-5F56-4D1C-A767-E6DCB36655F5}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{AF277E94-ABFD-4BFE-99DB-7E543A5C1509}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{B07AF51F-39F6-4C11-9BA1-05448F4F2032}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{B193FF59-EB06-4153-99F9-112001E8E2DC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B41418FD-C386-4D3B-B96E-C1FC84CC4F71}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4199D72-99C3-49CF-BB9E-37BD205A4CF6}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{B7B65336-552E-4C81-951E-0ACF18941E89}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBB92DD1-5337-4BE5-BA46-91085ACB371C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{BCCE433C-D7A4-4F34-8BAA-C0BBA9B93840}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{BE02F9D0-55AD-4002-AAAD-87B78BCCC939}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C39DA7FD-A397-4F04-8D0C-5B4B1AF39FC6}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe |
"{C3C2DBD8-B84D-4AAD-B20E-769571986B87}" = protocol=58 | dir=in | [email protected],-28545 |
"{C49513DD-F58F-4500-8865-6D26E269AA53}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{CD84C9CC-8FF8-45BF-8BD4-7338399CEDEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D390DFAC-5AD7-4857-B629-980BDAF3B016}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D39E2F15-1079-4176-BABC-8B533D02FBE0}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{D5754BF7-A9BD-4EF4-A636-85D8F1B6759E}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe |
"{D5F42FF1-3BC1-4C1A-AAC1-5DF73F4B4D78}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DCAD5D66-0E5A-4A45-B167-22B65EB9D644}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{EC0F9110-C272-4501-A4F1-274746EF63A5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{F42AEC5C-767E-431F-85DC-3287C705FCDE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F6C487B9-D9E3-4F1F-B5BA-EAFE992F2604}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{FCCCB74D-B41C-4D33-8EB6-094BD62C054C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{FC8F064B-68BC-4E42-8339-0299476F4AFF}C:\users\heidi\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\heidi\appdata\roaming\spotify\spotify.exe |
"UDP Query User{5D559D1D-1EA9-4B12-86B4-AD784E1FC331}C:\users\heidi\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\heidi\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3074A81C-BA02-4D42-AFA9-F220EB978AEA}" = WxDownload Expansion
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7371196E-FA5B-43AE-1AE2-875E98869B47}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88882852-5C7D-A48B-15F3-8D13CABDA7A3}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5B3F429-273D-530D-B1E6-6F1F6E50D6DF}" = BrowseToSave
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0284181F-355D-C4E1-B483-41992C48490E}" = CCC Help German
"{041E914E-7B73-4E8B-967F-B7FFC527FF80}" = Verizon Wireless Software Utility Application for Android - Samsung
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{07FF3AA8-0BC6-8861-F27F-2ED442F5C03E}" = CCC Help English
"{088DF54D-6FFC-8C91-02D5-A461DCC2E652}" =
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{14A4957E-46DB-4821-528D-8381B4376FE2}" = CCC Help Korean
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{2485354C-6B65-4978-BB91-CCE61442377B}" = SUABnR
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2E4BEAC4-FB73-9657-A5B2-42F508AF98FE}" = CCC Help Finnish
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{36B90A24-CE03-79C6-3DEE-1EFEE456377F}" = Catalyst Control Center Graphics Full Existing
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends
"{3B18BAAA-1734-8CA1-1A04-B68A06A1F9C9}" = Catalyst Control Center Graphics Full New
"{3E450CF1-F8C4-C8D6-29D1-87AD090E8F2A}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4377068C-A88F-53F7-EDAF-DBD7990AEB93}" = CCC Help Swedish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4907BDCE-4DF2-350C-24B2-9C509F004F1D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{4F524A2D-5637-006A-76A7-A758B70C0A03}" = Ask Toolbar
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5B0D4B33-FB4C-CB95-38D3-66F4B942661E}" = CCC Help Japanese
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5B3A354B-C059-4861-A85B-CA46F1089E15}" = Creative USB Headsets
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{628690B9-A523-B37A-E001-D8E4581D573D}" = Catalyst Control Center Localization All
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AC35F19-C3DF-6455-C9E2-1E77BA42D3BC}" = Catalyst Control Center Graphics Previews Vista
"{6D1A44ED-3D15-9BB3-43AE-91A077AE9212}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83907548-56BB-D892-1CAC-2F5EC0939B37}" = CCC Help Czech
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9062CED6-AECC-E6C6-E6A0-A654CE167554}" = CCC Help Portuguese
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97E32194-C626-92E1-9AB9-64AA00CC7380}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BB743020-0F2D-4E9B-922B-12014902B20F}" = Verizon Wireless Software Upgrade Assistant - Samsung(ar)
"{BE9CE924-DD9E-3A0D-EA16-9931D21FB3F5}" = CCC Help Turkish
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C285CFAB-889A-47C9-2959-A9B71B5E0BFB}" = CCC Help Hungarian
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C88256B0-1182-C1B2-FE22-C1BAC6BB0E83}" = CCC Help Norwegian
"{CA1A637B-5BFD-A325-BC4B-15D3D10B861C}" = Catalyst Control Center Core Implementation
"{CACBE764-2E09-5D88-E496-78F7B1E9FFAE}" = CCC Help Greek
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CEF9A199-8652-B2A0-8C82-5491CB57AC3A}" = CCC Help French
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D781BE32-516F-957C-C080-8365111CAC18}" = CCC Help Danish
"{DC2841DC-5ADC-8FDD-C3FD-5FD223426F38}" = CCC Help Polish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E3997715-B309-4098-98B6-AADD759A5A61}" = Garmin TOPO U.S. 100K v4
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB04773A-005D-3A2E-43C2-CEDE2645F1C3}" = ccc-core-static
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F1F24DF6-37BB-9905-9EB4-5C1E4D32B664}" = Catalyst Control Center Graphics Light
"{F20A4D6F-88ED-32BA-0C6D-BD6A692EFF29}" = CCC Help Italian
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F5AC7E52-BDF6-9948-73CD-BCE3C23632F3}" = CCC Help Dutch
"{F6FA1416-ABCF-3559-1ACA-CEAADD6AF3E8}" = CCC Help Thai
"{F86145F7-BF40-33F0-F07B-D10BE04F98AA}" = CCC Help Spanish
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avast" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Homepage Protection" = Homepage Protection
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}" = SUABnR
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LimeWire" = LimeWire 5.5.16
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoFiltre" = PhotoFiltre
"SP_0beb79c1" =
"SP_f2a323db" =
"SysInfo" = Creative System Information
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"VLC media player" = VLC media player 1.0.1
"WildTangent hp Master Uninstall" = HP Games
"wxDownload Fast_is1" = wxDownload Fast 0.6.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/8/2012 1:11:46 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/8/2012 1:11:46 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7004

Error - 12/8/2012 1:11:46 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004

Error - 12/8/2012 1:11:47 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/8/2012 1:11:47 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003

Error - 12/8/2012 1:11:47 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003

Error - 12/8/2012 1:11:48 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/8/2012 1:11:48 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9001

Error - 12/8/2012 1:11:48 PM | Computer Name = Heidi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9001

Error - 12/10/2012 2:05:43 AM | Computer Name = Heidi-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/12/2012 3:31:30 AM | Computer Name = Heidi-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]
Error - 2/26/2010 6:01:32 PM | Computer Name = Heidi-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


[ Media Center Events ]
Error - 8/5/2013 10:35:35 PM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 8:35:35 PM - Error connecting to the internet. 8:35:35 PM - Unable
to contact server..

Error - 8/5/2013 10:36:06 PM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 8:36:04 PM - Error connecting to the internet. 8:36:04 PM - Unable
to contact server..

Error - 8/9/2013 5:11:06 AM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 3:11:04 AM - Error connecting to the internet. 3:11:04 AM - Unable
to contact server..

Error - 8/9/2013 6:11:38 AM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 4:11:37 AM - Error connecting to the internet. 4:11:37 AM - Unable
to contact server..

Error - 8/9/2013 7:12:10 AM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 5:12:08 AM - Error connecting to the internet. 5:12:08 AM - Unable
to contact server..

Error - 8/9/2013 8:12:42 AM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 6:12:40 AM - Error connecting to the internet. 6:12:40 AM - Unable
to contact server..

Error - 8/9/2013 10:12:14 AM | Computer Name = Heidi-PC | Source = MCUpdate | ID = 0
Description = 8:12:12 AM - Error connecting to the internet. 8:12:12 AM - Unable
to contact server..

[ System Events ]
Error - 2/19/2014 9:22:53 PM | Computer Name = Heidi-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:10:54 PM on ?2/?19/?2014 was unexpected.

Error - 2/19/2014 9:27:58 PM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 2/19/2014 9:36:19 PM | Computer Name = Heidi-PC | Source = DCOM | ID = 10016
Description =

Error - 2/20/2014 12:11:21 AM | Computer Name = Heidi-PC | Source = DCOM | ID = 10016
Description =

Error - 2/21/2014 6:00:49 AM | Computer Name = Heidi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f020b: Canon - Imaging, Other hardware - Canon MG3200 series.

Error - 2/21/2014 10:30:09 PM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 2/22/2014 12:00:02 AM | Computer Name = Heidi-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 2/22/2014 1:38:35 AM | Computer Name = Heidi-PC | Source = DCOM | ID = 10016
Description =

Error - 2/22/2014 2:15:49 PM | Computer Name = Heidi-PC | Source = DCOM | ID = 10016
Description =

Error - 2/22/2014 5:36:44 PM | Computer Name = Heidi-PC | Source = DCOM | ID = 10016
Description =


< End of report >


Thanks again
  • 0

Advertisements

#2
Bhinsz84
Posted 22 February 2014 - 07:49 PM

Bhinsz84

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
here is a link to the avast page that shows what was blocked.

AVAST Link
  • 0

#3
Essexboy
Posted 23 February 2014 - 05:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there this looks to be a basic adware problem.. A few things to do first though.

You have both Norton and Avast installed and you only need one antivirus. Let me know which one you want to keep and I will help remove the other

Avast can be set to stop PUP's installing (adware to you and me :) )

Posted Image

OK to work

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{888EFBE6-24C9-4FEA-867A-D906915A4D3D}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
O2:64bit: - BHO: (Torntv V6.0) - {11111111-1111-1111-1111-110411591160} - C:\Program Files (x86)\Torntv V6.0\Torntv V6.0-bho64.dll File not found
O2 - BHO: (wxDownload Class) - {18B74079-1DEA-4E7C-D18F-46E7E84C8C35} - C:\ProgramData\wxDownload\509566c8ec297.ocx ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O20 - AppInit_DLLs: (c:\progra~2\wxdown~1\sprote~1.dll) - c:\Program Files (x86)\WxDownload\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\Program Files (x86)\BrowseToSave\sprotector.dll ()
[2014/02/13 09:36:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect

:Files
c:\Program Files (x86)\WxDownload
c:\Program Files (x86)\BrowseToSave
C:\Users\Heidi\AppData\Local\Google

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#4
Bhinsz84
Posted 23 February 2014 - 01:51 PM

Bhinsz84

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Howdey boss - thanks for the reply.

I uninstalled Norton, switched AVAST as shown, and ran the OTL fix - The first time it ran, I got a windows critical error and the computer restarted on its own - OTL did not produce a log. Second time OTL ran for 5 hrs which I have never had happen before, so I restarted the computer on my own. Here is the log file:


Files\Folders moved on Reboot...
File\Folder C:\Users\Heidi\AppData\Local\Temp\OICE_1D986904-F3E2-4B94-B1FC-98B550883078.0\CB8194BA. not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Thats it.

I will post the other Adw cleaner file on next reply.

Thanks much!
  • 0

#5
Bhinsz84
Posted 23 February 2014 - 01:58 PM

Bhinsz84

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Upon trying to DL ADWcleaner I was directed to another site from clicking on the download now @bleeping computer (blue tab) - this site was not a download site for ADW - it was for some other browser protector that I did not install once I realized it was not ADW. Just a heads up that there is no direct way to download this from your link - I ended up going to the producers website and downloading from there.

Thanks
  • 0

#6
Bhinsz84
Posted 23 February 2014 - 02:04 PM

Bhinsz84

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
ADWcleaner log

# AdwCleaner v3.019 - Report created 23/02/2014 at 13:00:00
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Heidi - HEIDI-PC
# Running from : C:\Users\Heidi\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\wxDownload
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download and Sa
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDownload
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Heidi\AppData\Local\Conduit
Folder Deleted : C:\Users\Heidi\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Heidi\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Heidi\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\Browse2Save
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\Download and Sa
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\wxDownload
Folder Deleted : C:\Users\Rebecca\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Rebecca\AppData\LocalLow\Download and Sa
Folder Deleted : C:\Users\Rebecca\AppData\LocalLow\wxDownload
Folder Deleted : C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
[!] Folder Deleted : C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
Folder Deleted : C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
[!] Folder Deleted : C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf
File Deleted : C:\Users\Heidi\AppData\Local\Temp\Searchqu.ini

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
Key Deleted : HKCU\Software\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_0beb79c1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3131886
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422592260}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466596660}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18B74079-1DEA-4E7C-D18F-46E7E84C8C35}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18B74079-1DEA-4E7C-D18F-46E7E84C8C35}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422592260}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466596660}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\firstsearch
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{088DF54D-6FFC-8C91-02D5-A461DCC2E652}
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9014 octets] - [23/02/2014 12:58:44]
AdwCleaner[S0].txt - [8330 octets] - [23/02/2014 13:00:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8390 octets] ##########
  • 0

#7
Essexboy
Posted 23 February 2014 - 03:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just checked the link it did go to Bleeping.com but you may have pressed the wrong download. I have highlighted the two to use



How is the computer behaving now ?
  • 0

#8
Bhinsz84
Posted 23 February 2014 - 06:04 PM

Bhinsz84

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
I used the top one of the two -which sent me to a different program than adwcleaner.

Computer is the same - still getting avast popup and computer locks up. Have not been able to determine any times between lockups but it seems fairly regular. Its like all the processor or ram gets used up, then releases.

No change in the computer.

Thanks!
  • 0

#9
Bhinsz84
Posted 23 February 2014 - 06:06 PM

Bhinsz84

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
is it normal to not get any info out of the OTL log ? Last time I used it there was a log file every time.

Thanks
  • 0

#10
Essexboy
Posted 24 February 2014 - 07:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you screenshot an Avast alert and post that, as it contains more information
  • 0

Advertisements

#11
Bhinsz84
Posted 24 February 2014 - 10:30 PM

Bhinsz84

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
The info is better on the site actually - here is the screenshot. Sorry for the delay, I am not always around this computer.

Thanksavast.jpg
  • 0

#12
Essexboy
Posted 25 February 2014 - 07:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Actually that is good as it targets chrome as the culprit...

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#13
Bhinsz84
Posted 25 February 2014 - 10:30 AM

Bhinsz84

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
That would make sense, since when I got on this morning there were about 25 instances of Chrome.exe *32 running in task manager, even though chrome was not running anywhere else.

First log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014 01
Ran by Heidi (administrator) on HEIDI-PC on 25-02-2014 09:28:09
Running from C:\Users\Heidi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Users\Heidi\AppData\Local\GCC\Controller.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Spotify Ltd) C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
() C:\Users\Heidi\AppData\Local\GCC\Controller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-22] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\bfc3141d-4fac-43ea-8186-e240c75214a8.exe /check [181136 2014-02-25] (AVAST Software)
HKU\S-1-5-21-1844369781-404273007-74948595-1000\...\Run: [Spotify] - C:\Users\Heidi\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-15] (Spotify Ltd)
HKU\S-1-5-21-1844369781-404273007-74948595-1000\...\Run: [Spotify Web Helper] - C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd)
HKU\S-1-5-21-1844369781-404273007-74948595-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-1844369781-404273007-74948595-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1844369781-404273007-74948595-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1844369781-404273007-74948595-1000\...\MountPoints2: J - J:\autorun.exe
HKU\S-1-5-21-1844369781-404273007-74948595-1000\...\MountPoints2: {7e3d2dce-699c-11e3-92e9-002655484a9c} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1844369781-404273007-74948595-1000\...\MountPoints2: {a273f151-8a8f-11e2-a6f5-806e6f6e6963} - F:\TL-Bootstrap.exe
GroupPolicyUsers\S-1-5-21-1844369781-404273007-74948595-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
URLSearchHook: HKCU - (No Name) - {f9bbf004-6e40-4019-8214-c43a37e1d058} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {888EFBE6-24C9-4FEA-867A-D906915A4D3D} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {1488B0D8-C8BA-4917-9369-A1E8D65796BB} URL =
SearchScopes: HKCU - {350EA9D6-5B5D-4AF0-8BFE-D42FA2D452F8} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {888EFBE6-24C9-4FEA-867A-D906915A4D3D} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: hpBHO Class - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (avast! Online Security) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-23]
CHR Extension: (Google Wallet) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-23]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Heidi\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-23]
CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx [2014-02-23]
CHR HKLM-x32\...\Chrome\Extension: [gmfpphcfebnafpojbfdlnjpojlpmohij] - C:\ProgramData\wxDownload\gmfpphcfebnafpojbfdlnjpojlpmohij.crx [2014-02-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-22]
CHR HKLM-x32\...\Chrome\Extension: [lppogocmjfldfdklljcfcoklpcjjnfjh] - C:\ProgramData\Download and Sa\lppogocmjfldfdklljcfcoklpcjjnfjh.crx [2014-02-22]
CHR HKLM-x32\...\Chrome\Extension: [pnafggalgamcjhfmndkccafghoolnbaf] - C:\ProgramData\Browse2save\pnafggalgamcjhfmndkccafghoolnbaf.crx [2014-02-22]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-22] (AVAST Software)
S4 Creative HOAL Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [79360 2010-03-12] (Creative Labs)
S4 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-06-26] ()
S4 MagicTuneEngine; C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe [45056 2007-08-23] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-22] ()
S3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [28160 2008-04-10] (Creative Technology Ltd.)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2011-07-13] (SMART Technologies ULC)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2011-07-13] (SMART Technologies ULC)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2011-07-13] (SMART Technologies ULC)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-25 09:28 - 2014-02-25 09:28 - 00011418 _____ () C:\Users\Heidi\Downloads\FRST.txt
2014-02-25 09:27 - 2014-02-25 09:28 - 00000000 ____D () C:\FRST
2014-02-25 09:27 - 2014-02-25 09:27 - 02156032 _____ (Farbar) C:\Users\Heidi\Downloads\FRST64.exe
2014-02-25 02:22 - 2014-02-25 02:23 - 00444920 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (9).exe
2014-02-25 02:22 - 2014-02-25 02:22 - 00444920 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (8).exe
2014-02-24 23:52 - 2014-02-24 23:52 - 00023601 _____ () C:\Users\Heidi\Downloads\Camilla Kramer_Resume1 (3).docm
2014-02-24 23:48 - 2014-02-24 23:50 - 00023601 _____ () C:\Users\Heidi\Downloads\Camilla Kramer_Resume1 (2).docm
2014-02-24 23:48 - 2014-02-24 23:50 - 00023601 _____ () C:\Users\Heidi\Downloads\Camilla Kramer_Resume1 (1).docm
2014-02-24 23:48 - 2014-02-24 23:49 - 00023601 _____ () C:\Users\Heidi\Downloads\Camilla Kramer_Resume1.docm
2014-02-24 23:29 - 2014-02-24 23:30 - 00444920 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (7).exe
2014-02-24 23:29 - 2014-02-24 23:29 - 00444920 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (6).exe
2014-02-24 22:49 - 2014-02-24 22:49 - 00108064 _____ () C:\Users\Heidi\Downloads\setup (1).exe
2014-02-23 22:18 - 2014-02-23 22:19 - 12175083 _____ () C:\Users\Heidi\Downloads\press_pack (1).zip
2014-02-23 22:18 - 2014-02-23 22:18 - 12175083 _____ () C:\Users\Heidi\Downloads\press_pack.zip
2014-02-23 12:58 - 2014-02-23 13:00 - 00000000 ____D () C:\AdwCleaner
2014-02-23 12:55 - 2014-02-23 12:56 - 01241834 _____ () C:\Users\Heidi\Downloads\adwcleaner.exe
2014-02-23 12:52 - 2014-02-23 12:52 - 00558888 _____ (Fusion Install ) C:\Users\Heidi\Downloads\Setup.exe
2014-02-23 12:26 - 2014-02-23 22:29 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Google
2014-02-23 11:38 - 2014-02-23 11:38 - 00000000 ____D () C:\_OTL
2014-02-22 17:01 - 2014-02-22 17:01 - 00602112 _____ (OldTimer Tools) C:\Users\Heidi\Desktop\OTL.exe
2014-02-22 11:31 - 2014-02-22 11:31 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\AVAST Software
2014-02-22 11:30 - 2014-02-22 11:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-22 11:30 - 2014-02-22 11:30 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-22 11:29 - 2014-02-22 11:29 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-22 11:29 - 2014-02-22 11:29 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-22 11:28 - 2014-02-22 11:28 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-22 11:13 - 2014-02-22 11:13 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-22 11:11 - 2014-02-22 11:13 - 90578216 _____ (AVAST Software) C:\Users\Heidi\Downloads\avast_free_antivirus_setup.exe
2014-02-22 02:41 - 2014-02-22 02:41 - 00443344 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (5).exe
2014-02-22 02:37 - 2014-02-22 02:37 - 00443344 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (4).exe
2014-02-21 22:52 - 2014-02-21 22:52 - 04828287 _____ () C:\Users\Heidi\AppData\Local\tmpHOUSE EXTERIOR.0
2014-02-21 22:20 - 2014-02-21 22:20 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-21 22:17 - 2014-02-21 22:17 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2014-02-21 22:16 - 2014-02-21 22:40 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\VERIZON
2014-02-21 22:16 - 2014-02-21 22:20 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-21 22:16 - 2014-02-21 22:16 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2014-02-21 22:16 - 2014-02-21 22:16 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-02-21 02:35 - 2014-02-21 02:35 - 04854016 _____ (Activeris ) C:\Users\Heidi\Downloads\AntiMalware-Installer.exe
2014-02-20 20:15 - 2014-02-20 20:15 - 00025088 _____ () C:\Users\Heidi\Downloads\IPS Mindy Nassar invoice
2014-02-19 22:19 - 2012-05-06 17:56 - 577052582 _____ () C:\Users\Heidi\Desktop\S01E05 - The Wolf and the Lion.avi
2014-02-19 22:19 - 2012-05-06 17:55 - 577023976 _____ () C:\Users\Heidi\Desktop\S01E04 - Cripples, [bleep]s and Broken Things.avi
2014-02-19 22:18 - 2012-05-06 17:56 - 576992536 _____ () C:\Users\Heidi\Desktop\S01E03 - Lord Snow.avi
2014-02-19 21:24 - 2014-02-19 21:24 - 00921000 _____ (Oracle Corporation) C:\Users\Heidi\Downloads\chromeinstall-7u51.exe
2014-02-19 21:23 - 2014-02-19 21:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-19 21:22 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-19 21:22 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-19 21:22 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-19 21:22 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-19 21:21 - 2014-02-19 21:22 - 00005765 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-19 19:55 - 2014-02-19 19:55 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-19 19:55 - 2014-02-19 19:55 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Malwarebytes
2014-02-19 19:55 - 2014-02-19 19:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 19:54 - 2014-02-19 19:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 19:54 - 2014-02-19 19:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Heidi\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-19 19:54 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-18 21:46 - 2014-02-18 21:46 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-02-16 23:11 - 2014-02-16 23:11 - 04045578 _____ () C:\Users\Heidi\Downloads\tracy.mp4.zip
2014-02-14 23:03 - 2014-02-14 23:03 - 00038876 _____ () C:\Users\Heidi\AppData\Local\tmpPHOTO 2.0
2014-02-14 23:02 - 2014-02-14 23:02 - 00000006 _____ () C:\Users\Heidi\Downloads\ATT00002..txt
2014-02-14 23:02 - 2014-02-14 23:02 - 00000006 _____ () C:\Users\Heidi\Downloads\ATT00001..txt
2014-02-14 18:00 - 2014-02-14 18:01 - 00443336 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (3).exe
2014-02-14 14:50 - 2014-02-14 14:50 - 00443344 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (2).exe
2014-02-14 13:59 - 2014-02-14 14:00 - 08890858 _____ () C:\Users\Heidi\Downloads\SurrealTerritory.themepack
2014-02-13 17:31 - 2014-02-13 17:31 - 00443336 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (1).exe
2014-02-13 03:02 - 2013-12-21 02:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:02 - 2013-12-21 01:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:01 - 2014-02-06 05:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:01 - 2014-02-06 04:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:01 - 2014-02-06 04:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:01 - 2014-02-06 04:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:01 - 2014-02-06 04:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:01 - 2014-02-06 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:01 - 2014-02-06 03:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:01 - 2014-02-06 03:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:01 - 2014-02-06 03:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:01 - 2014-02-06 03:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:01 - 2014-02-06 03:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:01 - 2014-02-06 03:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:01 - 2014-02-06 03:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:01 - 2014-02-06 03:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:01 - 2014-02-06 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:01 - 2014-02-06 03:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:01 - 2014-02-06 03:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:01 - 2014-02-06 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:01 - 2014-02-06 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:01 - 2014-02-06 02:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:01 - 2014-02-06 02:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:01 - 2014-02-06 02:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:01 - 2014-02-06 02:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:01 - 2014-02-06 02:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:01 - 2014-02-06 02:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:01 - 2014-02-06 02:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:01 - 2014-02-06 02:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:01 - 2014-02-06 02:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:01 - 2014-02-06 02:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:01 - 2014-02-06 02:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:01 - 2014-02-06 02:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:01 - 2014-02-06 02:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:01 - 2014-02-06 02:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:01 - 2014-02-06 02:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:01 - 2014-02-06 01:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:01 - 2014-02-06 01:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:01 - 2014-02-06 01:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:01 - 2014-02-06 01:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:01 - 2014-02-06 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 22:21 - 2012-05-06 17:57 - 577065206 _____ () C:\Users\Heidi\Desktop\S01E02 - The Kingsroad.avi
2014-02-12 04:42 - 2013-12-31 16:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 04:42 - 2013-12-31 16:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 04:42 - 2013-12-05 19:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 04:42 - 2013-12-05 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 04:42 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 04:42 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 04:41 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 04:41 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 04:41 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 04:41 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 04:41 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 04:41 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 04:41 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 04:41 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 04:41 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 04:41 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 04:41 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 04:41 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 04:41 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 04:41 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 04:41 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 04:41 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 04:41 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 04:41 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 04:40 - 2013-12-24 16:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 04:40 - 2013-12-24 15:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 04:40 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 04:40 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 13:10 - 2014-02-11 13:10 - 00489984 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM.exe
2014-02-09 23:01 - 2014-02-09 23:01 - 00004542 _____ () C:\Windows\System32\Tasks\GC_Informer
2014-02-09 23:00 - 2014-02-09 23:00 - 00004526 _____ () C:\Windows\System32\Tasks\GC_Scheduler
2014-02-09 22:59 - 2014-02-19 20:42 - 00000000 ____D () C:\Users\Heidi\AppData\Local\GCC
2014-02-07 09:08 - 2014-02-07 09:12 - 00000000 ____D () C:\Users\Heidi\Downloads\BitTorrent-PlainWhiteTs-Free
2014-02-07 09:05 - 2014-02-07 09:05 - 01515608 _____ (BitTorrent Inc.) C:\Users\Heidi\Downloads\bittorrent (3).exe
2014-02-07 09:05 - 2014-02-07 09:05 - 01515608 _____ (BitTorrent Inc.) C:\Users\Heidi\Downloads\bittorrent (2).exe
2014-02-07 09:04 - 2014-02-07 09:04 - 01515608 _____ (BitTorrent Inc.) C:\Users\Heidi\Downloads\bittorrent (1).exe
2014-02-05 19:20 - 2014-02-05 19:21 - 00045984 _____ () C:\Users\Heidi\Downloads\TS101877521.xltx
2014-02-03 18:32 - 2014-02-03 18:32 - 00015852 _____ () C:\Users\Heidi\Desktop\IPS rough budget.xlsx

==================== One Month Modified Files and Folders =======

2014-02-25 09:28 - 2014-02-25 09:28 - 00011418 _____ () C:\Users\Heidi\Downloads\FRST.txt
2014-02-25 09:28 - 2014-02-25 09:27 - 00000000 ____D () C:\FRST
2014-02-25 09:27 - 2014-02-25 09:27 - 02156032 _____ (Farbar) C:\Users\Heidi\Downloads\FRST64.exe
2014-02-25 09:26 - 2009-11-11 13:32 - 01889755 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 09:25 - 2008-09-19 03:55 - 00014466 _____ () C:\Windows\SysWOW64\NapaSet.txt
2014-02-25 09:24 - 2013-09-14 12:21 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Spotify
2014-02-25 09:23 - 2013-03-03 15:19 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 09:23 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-25 09:22 - 2009-07-13 21:51 - 00092698 _____ () C:\Windows\setupact.log
2014-02-25 09:20 - 2013-02-23 12:45 - 00000000 ____D () C:\Windows\pss
2014-02-25 09:20 - 2009-12-02 00:08 - 00000000 ___RD () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-25 08:41 - 2012-11-23 14:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-25 08:23 - 2013-03-03 15:19 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-25 02:23 - 2014-02-25 02:22 - 00444920 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (9).exe
2014-02-25 02:22 - 2014-02-25 02:22 - 00444920 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (8).exe
2014-02-25 02:00 - 2009-12-29 17:14 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Adobe
2014-02-25 00:49 - 2013-11-01 13:17 - 00003188 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForHeidi
2014-02-25 00:49 - 2013-11-01 13:17 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleForHeidi.job
2014-02-24 23:52 - 2014-02-24 23:52 - 00023601 _____ () C:\Users\Heidi\Downloads\Camilla Kramer_Resume1 (3).docm
2014-02-24 23:50 - 2014-02-24 23:48 - 00023601 _____ () C:\Users\Heidi\Downloads\Camilla Kramer_Resume1 (2).docm
2014-02-24 23:50 - 2014-02-24 23:48 - 00023601 _____ () C:\Users\Heidi\Downloads\Camilla Kramer_Resume1 (1).docm
2014-02-24 23:49 - 2014-02-24 23:48 - 00023601 _____ () C:\Users\Heidi\Downloads\Camilla Kramer_Resume1.docm
2014-02-24 23:30 - 2014-02-24 23:29 - 00444920 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (7).exe
2014-02-24 23:29 - 2014-02-24 23:29 - 00444920 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (6).exe
2014-02-24 22:49 - 2014-02-24 22:49 - 00108064 _____ () C:\Users\Heidi\Downloads\setup (1).exe
2014-02-24 21:41 - 2012-05-06 19:48 - 00000000 ____D () C:\Users\Heidi\Desktop\Cammy Stuff
2014-02-24 18:50 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-24 18:50 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 06:35 - 2013-09-14 12:22 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Spotify
2014-02-23 22:29 - 2014-02-23 12:26 - 00000000 ____D () C:\Users\Heidi\AppData\Local\Google
2014-02-23 22:19 - 2014-02-23 22:18 - 12175083 _____ () C:\Users\Heidi\Downloads\press_pack (1).zip
2014-02-23 22:18 - 2014-02-23 22:18 - 12175083 _____ () C:\Users\Heidi\Downloads\press_pack.zip
2014-02-23 13:00 - 2014-02-23 12:58 - 00000000 ____D () C:\AdwCleaner
2014-02-23 12:56 - 2014-02-23 12:55 - 01241834 _____ () C:\Users\Heidi\Downloads\adwcleaner.exe
2014-02-23 12:52 - 2014-02-23 12:52 - 00558888 _____ (Fusion Install ) C:\Users\Heidi\Downloads\Setup.exe
2014-02-23 11:41 - 2009-12-03 03:18 - 00726252 _____ () C:\Windows\PFRO.log
2014-02-23 11:38 - 2014-02-23 11:38 - 00000000 ____D () C:\_OTL
2014-02-23 11:34 - 2009-09-03 09:59 - 00000000 ____D () C:\ProgramData\Norton
2014-02-23 11:28 - 2010-08-01 23:13 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\vlc
2014-02-22 17:01 - 2014-02-22 17:01 - 00602112 _____ (OldTimer Tools) C:\Users\Heidi\Desktop\OTL.exe
2014-02-22 14:35 - 2013-11-15 22:15 - 00000000 ___RD () C:\Users\Heidi\Google Drive
2014-02-22 11:31 - 2014-02-22 11:31 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\AVAST Software
2014-02-22 11:31 - 2014-02-22 11:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-22 11:30 - 2014-02-22 11:30 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-22 11:29 - 2014-02-22 11:29 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-22 11:29 - 2014-02-22 11:29 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-22 11:29 - 2014-02-22 11:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-22 11:28 - 2014-02-22 11:28 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-22 11:13 - 2014-02-22 11:13 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-22 11:13 - 2014-02-22 11:11 - 90578216 _____ (AVAST Software) C:\Users\Heidi\Downloads\avast_free_antivirus_setup.exe
2014-02-22 02:41 - 2014-02-22 02:41 - 00443344 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (5).exe
2014-02-22 02:37 - 2014-02-22 02:37 - 00443344 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (4).exe
2014-02-21 22:52 - 2014-02-21 22:52 - 04828287 _____ () C:\Users\Heidi\AppData\Local\tmpHOUSE EXTERIOR.0
2014-02-21 22:52 - 2010-10-04 20:25 - 00000000 ___HD () C:\Users\Heidi\Desktop\backup
2014-02-21 22:40 - 2014-02-21 22:16 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\VERIZON
2014-02-21 22:20 - 2014-02-21 22:20 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-21 22:20 - 2014-02-21 22:16 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-21 22:20 - 2009-09-03 09:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-21 22:17 - 2014-02-21 22:17 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2014-02-21 22:16 - 2014-02-21 22:16 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
2014-02-21 22:16 - 2014-02-21 22:16 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-02-21 02:35 - 2014-02-21 02:35 - 04854016 _____ (Activeris ) C:\Users\Heidi\Downloads\AntiMalware-Installer.exe
2014-02-20 20:31 - 2009-12-03 20:51 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-20 20:30 - 2009-12-03 20:50 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\HpUpdate
2014-02-20 20:15 - 2014-02-20 20:15 - 00025088 _____ () C:\Users\Heidi\Downloads\IPS Mindy Nassar invoice
2014-02-20 19:27 - 2013-03-03 15:20 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-19 21:24 - 2014-02-19 21:24 - 00921000 _____ (Oracle Corporation) C:\Users\Heidi\Downloads\chromeinstall-7u51.exe
2014-02-19 21:23 - 2014-02-19 21:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-19 21:22 - 2014-02-19 21:21 - 00005765 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-19 21:22 - 2009-12-02 22:00 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-19 20:42 - 2014-02-09 22:59 - 00000000 ____D () C:\Users\Heidi\AppData\Local\GCC
2014-02-19 19:55 - 2014-02-19 19:55 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-19 19:55 - 2014-02-19 19:55 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\Malwarebytes
2014-02-19 19:55 - 2014-02-19 19:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 19:55 - 2014-02-19 19:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 19:54 - 2014-02-19 19:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Heidi\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-18 21:46 - 2014-02-18 21:46 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-02-17 00:26 - 2013-11-15 21:57 - 00002004 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-02-17 00:26 - 2013-11-15 21:57 - 00002002 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-02-17 00:26 - 2013-11-15 21:57 - 00001992 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-02-16 23:11 - 2014-02-16 23:11 - 04045578 _____ () C:\Users\Heidi\Downloads\tracy.mp4.zip
2014-02-16 03:03 - 2013-07-22 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:00 - 2009-12-06 10:28 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 23:03 - 2014-02-14 23:03 - 00038876 _____ () C:\Users\Heidi\AppData\Local\tmpPHOTO 2.0
2014-02-14 23:03 - 2013-03-10 11:09 - 00000000 ___HD () C:\Users\Heidi\Downloads\backup
2014-02-14 23:02 - 2014-02-14 23:02 - 00000006 _____ () C:\Users\Heidi\Downloads\ATT00002..txt
2014-02-14 23:02 - 2014-02-14 23:02 - 00000006 _____ () C:\Users\Heidi\Downloads\ATT00001..txt
2014-02-14 18:01 - 2014-02-14 18:00 - 00443336 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (3).exe
2014-02-14 14:50 - 2014-02-14 14:50 - 00443344 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (2).exe
2014-02-14 14:00 - 2014-02-14 13:59 - 08890858 _____ () C:\Users\Heidi\Downloads\SurrealTerritory.themepack
2014-02-14 12:18 - 2013-03-03 15:19 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 12:18 - 2013-03-03 15:19 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 17:31 - 2014-02-13 17:31 - 00443336 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM (1).exe
2014-02-13 14:04 - 2013-11-05 07:42 - 00015259 _____ () C:\Users\Heidi\Desktop\house loan.xlsx
2014-02-13 04:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 03:14 - 2009-12-06 16:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 03:14 - 2009-07-13 22:13 - 00746516 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 03:03 - 2009-07-13 19:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-11 13:10 - 2014-02-11 13:10 - 00489984 _____ (Installer Technology Co) C:\Users\Heidi\Downloads\Setup_ODM.exe
2014-02-10 16:27 - 2013-04-08 18:16 - 00000000 ____D () C:\Users\Heidi\AppData\Roaming\BitTorrent
2014-02-09 23:01 - 2014-02-09 23:01 - 00004542 _____ () C:\Windows\System32\Tasks\GC_Informer
2014-02-09 23:00 - 2014-02-09 23:00 - 00004526 _____ () C:\Windows\System32\Tasks\GC_Scheduler
2014-02-07 09:12 - 2014-02-07 09:08 - 00000000 ____D () C:\Users\Heidi\Downloads\BitTorrent-PlainWhiteTs-Free
2014-02-07 09:06 - 2013-12-02 23:23 - 00000875 _____ () C:\Users\Heidi\Desktop\BitTorrent.lnk
2014-02-07 09:06 - 2013-12-02 23:23 - 00000855 _____ () C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-02-07 09:05 - 2014-02-07 09:05 - 01515608 _____ (BitTorrent Inc.) C:\Users\Heidi\Downloads\bittorrent (3).exe
2014-02-07 09:05 - 2014-02-07 09:05 - 01515608 _____ (BitTorrent Inc.) C:\Users\Heidi\Downloads\bittorrent (2).exe
2014-02-07 09:04 - 2014-02-07 09:04 - 01515608 _____ (BitTorrent Inc.) C:\Users\Heidi\Downloads\bittorrent (1).exe
2014-02-06 05:16 - 2014-02-13 03:01 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 04:30 - 2014-02-13 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 04:30 - 2014-02-13 03:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 04:12 - 2014-02-13 03:01 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 04:07 - 2014-02-13 03:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 04:06 - 2014-02-13 03:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-13 03:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 03:56 - 2014-02-13 03:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 03:52 - 2014-02-13 03:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 03:49 - 2014-02-13 03:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 03:48 - 2014-02-13 03:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 03:48 - 2014-02-13 03:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 03:38 - 2014-02-13 03:01 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 03:32 - 2014-02-13 03:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 03:20 - 2014-02-13 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 03:17 - 2014-02-13 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 03:11 - 2014-02-13 03:01 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 03:01 - 2014-02-13 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 03:00 - 2014-02-13 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-13 03:01 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 02:57 - 2014-02-13 03:01 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 02:52 - 2014-02-13 03:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 02:52 - 2014-02-13 03:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 02:50 - 2014-02-13 03:01 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 02:49 - 2014-02-13 03:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 02:47 - 2014-02-13 03:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 02:46 - 2014-02-13 03:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 02:25 - 2014-02-13 03:01 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 02:25 - 2014-02-13 03:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 02:24 - 2014-02-13 03:01 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 02:22 - 2014-02-13 03:01 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 02:13 - 2014-02-13 03:01 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 02:09 - 2014-02-13 03:01 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 02:03 - 2014-02-13 03:01 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 01:55 - 2014-02-13 03:01 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 01:41 - 2014-02-13 03:01 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 01:40 - 2014-02-13 03:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 01:36 - 2014-02-13 03:01 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 01:34 - 2014-02-13 03:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 19:21 - 2014-02-05 19:20 - 00045984 _____ () C:\Users\Heidi\Downloads\TS101877521.xltx
2014-02-04 22:36 - 2012-09-10 21:31 - 00000000 ____D () C:\Users\Heidi\Desktop\Taxes
2014-02-03 18:32 - 2014-02-03 18:32 - 00015852 _____ () C:\Users\Heidi\Desktop\IPS rough budget.xlsx
2014-01-31 11:31 - 2009-12-03 05:33 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job

Some content of TEMP:
====================
C:\Users\Heidi\AppData\Local\Temp\APNSetup.exe
C:\Users\Heidi\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Heidi\AppData\Local\Temp\CTPBSeq.exe
C:\Users\Heidi\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Heidi\AppData\Local\Temp\DivXSetup.exe
C:\Users\Heidi\AppData\Local\Temp\dlLogic.exe
C:\Users\Heidi\AppData\Local\Temp\dltr.exe
C:\Users\Heidi\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\Heidi\AppData\Local\Temp\GCVerifier.dll
C:\Users\Heidi\AppData\Local\Temp\installhelper.dll
C:\Users\Heidi\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
C:\Users\Heidi\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Heidi\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Heidi\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Heidi\AppData\Local\Temp\LimeWireWin.exe
C:\Users\Heidi\AppData\Local\Temp\ose00000.exe
C:\Users\Heidi\AppData\Local\Temp\Quarantine.exe
C:\Users\Heidi\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Heidi\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Heidi\AppData\Local\Temp\tbVgr0.dll
C:\Users\Heidi\AppData\Local\Temp\UTILITY.EXE
C:\Users\Heidi\AppData\Local\Temp\utt2243.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 22:37

==================== End Of Log ============================


Second log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-02-2014 01
Ran by Heidi at 2014-02-25 09:29:21
Running from C:\Users\Heidi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.0.2.189 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.171 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
AMD USB Filter Driver (x32 Version: 1.0.11.86 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C0A03}) (Version: 12.10.3.30 - APN, LLC) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{88882852-5C7D-A48B-15F3-8D13CABDA7A3}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30545 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowseToSave (HKLM\...\{B5B3F429-273D-530D-B1E6-6F1F6E50D6DF}) (Version: 1.0 - ) <==== ATTENTION
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0614.2131.36800 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help English (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help French (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help German (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0614.2130.36800 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0614.2131.36800 - ATI) Hidden
ccc-utility64 (Version: 2009.0614.2131.36800 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.00 - )
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: - )
Creative System Information (HKLM-x32\...\SysInfo) (Version: - )
Creative USB Headsets (HKLM-x32\...\{5B3A354B-C059-4861-A85B-CA46F1089E15}) (Version: 1.0 - )
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Garmin TOPO U.S. 100K v4 (HKLM-x32\...\{E3997715-B309-4098-98B6-AADD759A5A61}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{07A8ED9E-B98E-437F-B750-241B412BE924}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version: - AOL Products)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Movie Themes (x32 Version: 3.0.3102 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.0.3205 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Remote Solution (x32 Version: 1.1.9.0 - TopSeed) Hidden
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 23 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.230 - Sun Microsystems, Inc.)
Java™ 6 Update 3 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
League of Legends (x32 Version: 1.3 - Riot Games) Hidden
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LimeWire 5.5.16 (HKLM-x32\...\LimeWire) (Version: 5.5.16 - Lime Wire, LLC)
Linksys EasyLink Advisor (HKLM-x32\...\Linksys EasyLink Advisor) (Version: - Linksys By Cisco Systems)
Linksys EasyLink Advisor (x32 Version: 3.1.8347.79 - Linksys By Cisco Systems) Hidden
MagicTune Premium (HKLM-x32\...\{D6044256-A309-43B5-9833-D3FAFE2AD24D}) (Version: 1.0 Beta - Samsung Electronics Co. Ltd.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoFiltre (HKLM-x32\...\PhotoFiltre) (Version: - )
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1540.26 - AMD)
RAIDXpert (x32 Version: 2.4.1540.26 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{BB743020-0F2D-4E9B-922B-12014902B20F}) (Version: 2.14.0201 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin)
WxDownload Expansion (HKLM\...\{3074A81C-BA02-4D42-AFA9-F220EB978AEA}) (Version: 1.0 - Premium Software)
wxDownload Fast 0.6.0 (HKLM-x32\...\wxDownload Fast_is1) (Version: - Max Velasques)

==================== Restore Points =========================

23-02-2014 18:51:34 OTL Restore Point - 2/23/2014 11:51:30 AM
23-02-2014 19:01:52 OTL Restore Point - 2/23/2014 12:01:52 PM
24-02-2014 02:00:01 Windows Backup
25-02-2014 12:15:00 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2014-02-23 12:02 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {068DE577-EF29-41F2-B4FE-89E0870CC121} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0765C539-C93D-4B8D-A4E4-D58FB756732C} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {0DA95322-0D6A-4389-A97A-ED1BB2CF6FF9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-22] (AVAST Software)
Task: {276BE19B-152C-40A3-B83C-C12FF3286069} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {2D0D10AA-51B4-4E2F-A9A4-22AAA0DBFCB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26] (Adobe Systems Incorporated)
Task: {304F208E-F659-4DDA-835C-693DD90A7309} - System32\Tasks\AdobeAAMUpdater-1.0-Heidi-PC-Heidi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {447AB205-A50E-4398-82E4-74E556D8DCFA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5F3435F3-095D-4893-85A7-A6980806E9C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-03] (Google Inc.)
Task: {6DDFEBEF-39DD-45DB-BD64-0CFBF160038C} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe
Task: {6E9582EE-996C-4DFE-B669-29E363EC3CFE} - System32\Tasks\AdobeAAMUpdater-1.0-Heidi-PC-Rebecca => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {84FDD50F-B6FF-4656-ABFF-E45F4C484D12} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe
Task: {893B726B-0FC7-48DA-BE52-422AB844815D} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {BCC77A7F-FEEB-4435-AD9F-77FC2E782102} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
Task: {BF9CAFCF-B46B-4B21-A53D-E044A5D24549} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
Task: {C4B8B563-DBE2-4497-95C6-19C869DB546F} - System32\Tasks\HPCeeScheduleForHeidi => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
Task: {CDCFE995-ACC4-4D26-A91F-06967618857A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-03] (Google Inc.)
Task: {D5C29FA5-F462-491E-83A9-CF318B5E24CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-01-28] (Microsoft)
Task: {F1190215-A525-4F87-BE27-B8F7168AA453} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {F5A4E519-5000-4C9F-A736-808B666CD587} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHeidi.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2013-06-19 23:45 - 2013-06-19 23:45 - 03317616 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2009-03-16 00:47 - 2009-03-16 00:47 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2014-01-21 21:41 - 2014-01-21 21:41 - 00454656 _____ () C:\Users\Heidi\AppData\Local\GCC\Controller.exe
2009-03-16 00:47 - 2009-03-16 00:47 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-03-16 00:47 - 2009-03-16 00:47 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2014-02-25 04:18 - 2014-02-25 01:47 - 02182144 _____ () C:\Program Files\AVAST Software\Avast\defs\14022500\algo.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-08-05 13:45 - 2009-08-05 13:45 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-02-22 11:29 - 2014-02-22 11:29 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-25 09:23 - 2014-02-25 09:23 - 00098816 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\win32api.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00110080 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\pywintypes27.dll
2014-02-25 09:23 - 2014-02-25 09:23 - 00364544 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\pythoncom27.dll
2014-02-25 09:23 - 2014-02-25 09:23 - 00044032 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\_socket.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 01157120 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\_ssl.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00320512 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\win32com.shell.shell.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00712192 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\_hashlib.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 01175040 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\wx._core_.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00805888 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\wx._gdi_.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00811008 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\wx._windows_.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 01062400 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\wx._controls_.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00735232 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\wx._misc_.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00128512 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\_elementtree.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00127488 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\pyexpat.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00557056 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\pysqlite2._sqlite.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00087040 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\_ctypes.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00119808 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\win32file.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00108544 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\win32security.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00018432 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\win32event.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00038912 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\win32inet.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00122368 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\wx._wizard.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00070656 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\wx._html2.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00026624 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\_multiprocessing.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00010240 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\select.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00024064 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\win32pipe.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00686080 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\unicodedata.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00025600 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\win32pdh.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00525640 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\windows._lib_cacheinvalidation.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00011264 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\win32crypt.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00035840 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\win32process.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00017408 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\win32profile.pyd
2014-02-25 09:23 - 2014-02-25 09:23 - 00022528 _____ () C:\Users\Heidi\AppData\Local\Temp\_MEI24122\win32ts.pyd
2014-02-20 19:27 - 2014-02-19 18:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-20 19:27 - 2014-02-19 18:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-20 19:27 - 2014-02-19 18:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-20 19:27 - 2014-02-19 18:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-20 19:27 - 2014-02-19 18:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-20 19:27 - 2014-02-19 18:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: Creative HOAL Licensing Service => 3
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: LinksysUpdater => 2
MSCONFIG\Services: MagicTuneEngine => 2
MSCONFIG\Services: nmservice => 3
MSCONFIG\Services: Update GrabRez => 2
MSCONFIG\Services: Util GrabRez => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk => C:\Windows\pss\GammaTray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Heidi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Verizon Wireless Software Utility Application for Android – Samsung.lnk => C:\Windows\pss\Verizon Wireless Software Utility Application for Android – Samsung.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: cdloader => "C:\Users\Heidi\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: eicejjxb => C:\Users\Heidi\AppData\Local\nbtdsr\llhtsysguard.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: nmctxth => "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2014 03:20:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (02/25/2014 01:00:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: Controller.exe, version: 0.0.0.0, time stamp: 0x52df4bfe
Faulting module name: Controller.exe, version: 0.0.0.0, time stamp: 0x52df4bfe
Exception code: 0x40000015
Fault offset: 0x00029895
Faulting process id: 0x1418
Faulting application start time: 0xController.exe0
Faulting application path: Controller.exe1
Faulting module path: Controller.exe2
Report Id: Controller.exe3

Error: (02/24/2014 10:31:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (02/24/2014 09:54:28 AM) (Source: Application Hang) (User: )
Description: The program HPTouchSmartPhoto.exe version 3.0.1.3205 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 500

Start Time: 01cf3180bfaa25ef

Termination Time: 60000

Application Path: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe

Report Id: 0ad080ec-9d74-11e3-a81a-002655484a9c

Error: (02/24/2014 00:48:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: Controller.exe, version: 0.0.0.0, time stamp: 0x52df4bfe
Faulting module name: Controller.exe, version: 0.0.0.0, time stamp: 0x52df4bfe
Exception code: 0x40000015
Fault offset: 0x00029895
Faulting process id: 0x13a4
Faulting application start time: 0xController.exe0
Faulting application path: Controller.exe1
Faulting module path: Controller.exe2
Report Id: Controller.exe3

Error: (02/23/2014 01:03:12 PM) (Source: Application Hang) (User: )
Description: The program googledrivesync.exe version 1.14.6059.644 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d60

Start Time: 01cf30d22d9120f6

Termination Time: 0

Application Path: C:\Program Files (x86)\Google\Drive\googledrivesync.exe

Report Id: 7e2f88b6-9cc5-11e3-a81a-002655484a9c

Error: (02/23/2014 11:39:08 AM) (Source: Wininit) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted.

Error: (02/23/2014 11:39:06 AM) (Source: Application Error) (User: )
Description: Faulting application name: lsass.exe, version: 6.1.7601.18270, time stamp: 0x5242365b
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000020a7a
Faulting process id: 0x2ac
Faulting application start time: 0xlsass.exe0
Faulting application path: lsass.exe1
Faulting module path: lsass.exe2
Report Id: lsass.exe3

Error: (02/23/2014 00:32:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (02/22/2014 11:28:40 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary wftduzio.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (02/25/2014 09:29:03 AM) (Source: DCOM) (User: Heidi-PC)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}Heidi-PCHeidiS-1-5-21-1844369781-404273007-74948595-1000LocalHost (Using LRPC)

Error: (02/25/2014 09:22:34 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:20:45 AM on ‎2/‎25/‎2014 was unexpected.

Error: (02/25/2014 01:04:00 AM) (Source: DCOM) (User: Heidi-PC)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}Heidi-PCHeidiS-1-5-21-1844369781-404273007-74948595-1000LocalHost (Using LRPC)

Error: (02/24/2014 11:52:29 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (02/24/2014 11:18:40 AM) (Source: DCOM) (User: Heidi-PC)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}Heidi-PCHeidiS-1-5-21-1844369781-404273007-74948595-1000LocalHost (Using LRPC)

Error: (02/24/2014 00:49:32 AM) (Source: DCOM) (User: Heidi-PC)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}Heidi-PCHeidiS-1-5-21-1844369781-404273007-74948595-1000LocalHost (Using LRPC)

Error: (02/23/2014 04:10:47 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (02/23/2014 01:07:07 PM) (Source: DCOM) (User: Heidi-PC)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}Heidi-PCHeidiS-1-5-21-1844369781-404273007-74948595-1000LocalHost (Using LRPC)

Error: (02/23/2014 00:50:38 PM) (Source: DCOM) (User: Heidi-PC)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}Heidi-PCHeidiS-1-5-21-1844369781-404273007-74948595-1000LocalHost (Using LRPC)

Error: (02/23/2014 11:55:57 AM) (Source: DCOM) (User: Heidi-PC)
Description: machine-defaultLocalActivation{3EEF301F-B596-4C0B-BD92-013BEAFCE793}{3EEF301F-B596-4C0B-BD92-013BEAFCE793}Heidi-PCHeidiS-1-5-21-1844369781-404273007-74948595-1000LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2012-10-28 07:48:52.202
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-10-28 07:48:52.072
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-10-28 07:48:36.524
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-10-28 07:48:36.294
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 7927.89 MB
Available physical RAM: 5876.9 MB
Total Pagefile: 15853.96 MB
Available Pagefile: 13733.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:686.2 GB) (Free:468.34 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.33 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (disk 1) (CDROM) (Total:4.3 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Thanks!
  • 0

#14
Essexboy
Posted 25 February 2014 - 11:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now kill it

Download the attached fixlist.txt to the same location as FRST

Run FRST and press FIX
On completion a log will be generated please post that and let me know if the alerts have ceased
  • 0

#15
Bhinsz84
Posted 25 February 2014 - 11:51 AM

Bhinsz84

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-02-2014 01
Ran by Heidi at 2014-02-25 10:46:53 Run:1
Running from C:\Users\Heidi\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BrowseToSave (HKLM\...\{B5B3F429-273D-530D-B1E6-6F1F6E50D6DF}) (Version: 1.0 - ) <==== ATTENTION
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C0A03}) (Version: 12.10.3.30 - APN, LLC) <==== ATTENTION
C:\Users\Heidi\AppData\Local\GCC
C:\ProgramData\Download and Sa\lppogocmjfldfdklljcfcoklpcjjnfjh.crx
C:\ProgramData\Browse2save\pnafggalgamcjhfmndkccafghoolnbaf.crx
C:\ProgramData\wxDownload\gmfpphcfebnafpojbfdlnjpojlpmohij.crx
C:\Users\Heidi\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx
C:\ProgramData\wxDownload\gmfpphcfebnafpojbfdlnjpojlpmohij.crx
C:\Windows\System32\Tasks\GC_Informer
C:\Windows\System32\Tasks\GC_Scheduler
C:\Users\Heidi\AppData\Local\GCC

*****************


"C:\Users\Heidi\AppData\Local\GCC" directory move:

C:\Users\Heidi\AppData\Local\GCC\Controller.exe => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\GccProfiler.exe => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Modules\InSes.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\chrome.exe => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\debug.log => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\First Run => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\wow_helper.exe => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\Dictionaries\en-US-3-0.bdic => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome_100_percent.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome_child.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome_frame_helper.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome_frame_helper.exe => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome_launcher.exe => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\chrome_touch_100_percent.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\d3dcompiler_43.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\d3dcompiler_46.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\delegate_execute.exe => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\ffmpegsumo.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\icudt.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\libegl.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\libglesv2.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\libpeerconnection.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\metro_driver.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\nacl64.exe => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\nacl_irt_x86_32.nexe => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\nacl_irt_x86_64.nexe => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\npchrome_frame.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\pdf.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\ppgooglenaclpluginchrome.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\resources.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\secondarytile.png => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\widevinecdmadapter.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\xinput1_3.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\VisualElements\logo.png => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\VisualElements\smalllogo.png => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\VisualElements\splash-620x300.png => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\PepperFlash\manifest.json => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\PepperFlash\pepflashplayer.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\am.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\am.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ar.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ar.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\bg.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\bg.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\bn.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\bn.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ca.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ca.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\cs.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\cs.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\da.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\da.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\de.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\de.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\el.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\el.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\en-GB.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\en-GB.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\en-US.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\en-US.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\es-419.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\es-419.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\es.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\es.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\et.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\et.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fa.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fa.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fi.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fi.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fil.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fil.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fr.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\fr.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\gu.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\gu.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\he.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\he.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\hi.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\hi.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\hr.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\hr.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\hu.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\hu.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\id.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\id.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\it.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\it.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ja.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ja.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\kn.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\kn.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ko.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ko.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\lt.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\lt.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\lv.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\lv.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ml.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ml.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\mr.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\mr.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ms.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ms.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\nb.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\nb.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\nl.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\nl.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\pl.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\pl.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\pt-BR.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\pt-BR.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\pt-PT.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\pt-PT.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ro.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ro.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ru.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ru.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sk.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sk.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sl.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sl.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sr.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sr.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sv.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sv.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sw.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\sw.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ta.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\ta.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\te.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\te.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\th.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\th.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\tr.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\tr.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\uk.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\uk.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\vi.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\vi.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\zh-CN.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\zh-CN.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\zh-TW.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Locales\zh-TW.pak => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\Extensions\external_extensions.json => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\default_apps\docs.crx => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\default_apps\drive.crx => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\default_apps\external_extensions.json => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\default_apps\gmail.crx => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\default_apps\search.crx => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\Chrome-bin\31.0.1650.63\default_apps\youtube.crx => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\bin\7z.dll => Moved successfully.
C:\Users\Heidi\AppData\Local\GCC\bin\7z.exe => Moved successfully.
"C:\Users\Heidi\AppData\Local\GCC" => Directory moved successfully.

"C:\ProgramData\Download and Sa\lppogocmjfldfdklljcfcoklpcjjnfjh.crx" => File/Directory not found.
"C:\ProgramData\Browse2save\pnafggalgamcjhfmndkccafghoolnbaf.crx" => File/Directory not found.
"C:\ProgramData\wxDownload\gmfpphcfebnafpojbfdlnjpojlpmohij.crx" => File/Directory not found.
"C:\Users\Heidi\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx" => File/Directory not found.
"C:\ProgramData\wxDownload\gmfpphcfebnafpojbfdlnjpojlpmohij.crx" => File/Directory not found.
C:\Windows\System32\Tasks\GC_Informer => Moved successfully.
C:\Windows\System32\Tasks\GC_Scheduler => Moved successfully.
"C:\Users\Heidi\AppData\Local\GCC" => File/Directory not found.

==== End of Fixlog ====



Seems to have worked but will take an hour or two to tell I think - the popups are pretty random.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP