I spent almost three weeks fighting with Conduit with Crowbar here. We finished up on April 1. At the end, it was clean - Chrome was rocking, and all was right in the world.
Here is the link to the thread: http://www.geekstogo...-search-scopes/
He suggested that, since I still had one extra tab opening in Chrome, I post on the browser forum.
They sent me back here.
Yeah. Not as of Saturday...
- Chrome has gone back to opening several tabs when I open it - photo below - and there are always at least 6 of them; this morning it was 8. Sometimes more.
- I have to sign into Chrome every time I open Chrome.
- My search engine was changed again. Bing, Yahoo, and AOL. I *never* use those choice. Ever. The option to put Google in as my search engine wasn't there at all. I did get it fixed last night by manually entering the url for Google Search, but how long is that going to last?
- I have run Malware-Bytes. Nothing shows up.
- I have run Avast full scan. Nothing shows up.
- I have deleted Google, rebooted, then reinstalled. Same song, same dance.
Help! I'm out of ideas here. But I need the computer to work - I work from home, and this is not making it easy.
OTL & Extras are below.
Thanks in advance for any help!
OTL Log:
OTL logfile created on: 4/7/2014 8:06:36 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\coldharbor1950\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.60 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 62.99% Memory free
7.20 Gb Paging File | 5.51 Gb Available in Paging File | 76.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.07 Gb Total Space | 401.02 Gb Free Space | 89.30% Space Free | Partition Type: NTFS
Drive D: | 16.59 Gb Total Space | 2.04 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 58.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: ICELAND | User Name: coldharbor1950 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/07 18:04:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.exe
PRC - [2014/04/06 17:18:35 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/06 17:18:35 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/04/06 17:18:23 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/29 23:12:59 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/03/15 15:41:07 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/11/22 19:34:46 | 008,266,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2013/11/11 15:10:40 | 000,307,928 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/16 17:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 17:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 12:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
========== Modules (No Company Name) ==========
MOD - [2014/04/06 17:18:36 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/02/24 16:09:09 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/02/24 16:08:56 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/24 16:05:59 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\9b7a5ab89ab75ec85de0cedebfde4c5f\ReachFramework.ni.dll
MOD - [2014/02/24 14:26:03 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/24 14:25:31 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/24 14:25:29 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/24 14:25:23 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/24 14:25:21 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/24 14:25:16 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/24 14:24:52 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/24 14:24:30 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/24 14:24:21 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/24 14:24:01 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/24 14:23:57 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/24 14:23:27 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/11/22 19:34:46 | 008,266,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2013/11/01 17:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/04/06 17:18:35 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/04/06 17:18:23 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/19 20:20:34 | 000,290,520 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2014/01/04 21:02:05 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/10/08 10:34:38 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/24 19:01:41 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/11 15:10:40 | 000,307,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 20:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/16 17:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 12:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 19:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 19:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/04/07 17:28:13 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/06 17:18:39 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/04/06 17:18:39 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/04/06 17:18:39 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/04/06 17:18:39 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/04/06 17:18:39 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/04/06 17:18:39 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/04/06 17:18:38 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/04/06 17:18:27 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/04/06 17:18:24 | 000,445,304 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/01/04 21:02:05 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/01/04 21:02:05 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/12/17 20:11:58 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/03/31 19:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 19:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/11/09 23:00:39 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/09 23:00:39 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/11/09 23:00:39 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 16:49:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/18 16:49:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/23 10:53:10 | 000,104,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/22 11:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/06/16 04:41:55 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{4F1149B4-DD36-468D-A3A7-B9D541595DEF}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{71DB2072-787A-4596-A0E5-2E1030999197}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{BFEA6F40-07F2-4574-AA8F-7735F594B606}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/06 17:18:40 | 000,000,000 | ---D | M]
[2014/03/27 15:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\extensions
[2014/03/23 18:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\Profiles\6uaxzxqg.default\extensions
[2014/02/15 08:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\coldharbor1950\AppData\Roaming\mozilla\Firefox\Profiles\d9ahv30v.default\extensions
========== Chrome ==========
CHR - default_search_provider: Google Search (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: https://www.google.c...r/render?tab=Xc
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Photo Zoom for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_1\
CHR - Extension: avast! Online Security = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
CHR - Extension: Pin It Button = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.3_1\
CHR - Extension: Social Fixer for Facebook = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_1\
CHR - Extension: Office Apps = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke\3.4_1\
CHR - Extension: Google Mail Checker = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_1\
CHR - Extension: Crosswords = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_0\
CHR - Extension: Google Wallet = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_3\
CHR - Extension: RoboForm = C:\Users\coldharbor1950\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_1\
O1 HOSTS File: ([2014/04/03 08:33:25 | 000,763,956 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 212link.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.adorika.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.egdating.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 20838 more lines...
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8:64bit: - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C336497-8C6C-437A-A03B-AB203EB0C7AC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/15 05:14:16 | 000,000,082 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/07 18:04:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.exe
[2014/04/06 19:29:47 | 000,000,000 | R--D | C] -- C:\Users\coldharbor1950\Dropbox
[2014/04/06 17:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/04/06 17:18:42 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/06 17:18:42 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/06 17:18:42 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/06 17:18:42 | 000,084,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/06 17:18:42 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/06 17:18:41 | 000,028,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/04/06 17:18:38 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/06 17:18:24 | 000,445,304 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/04/06 12:16:17 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\mbar
[2014/04/06 11:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/06 08:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/04/06 08:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/03 08:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2014/04/01 09:17:02 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\TFC.exe
[2014/03/31 16:55:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/31 16:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
[2014/03/31 16:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foolish IT
[2014/03/31 16:46:58 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/03/28 22:34:36 | 000,000,000 | R--D | C] -- C:\Users\coldharbor1950\Documents\HP Photo Creations
[2014/03/28 22:34:36 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Roaming\Visan
[2014/03/28 22:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014/03/28 18:38:22 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Roaming\Serif
[2014/03/27 16:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/03/27 16:55:00 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/03/27 16:54:59 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/03/27 16:54:59 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/27 16:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/03/27 15:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/03/27 15:59:20 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/25 08:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/25 08:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/03/24 23:04:08 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/03/24 22:57:11 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/03/24 18:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/24 16:21:43 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\Desktop\Windows Repair (All in One)
[2014/03/24 16:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/03/24 16:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/03/23 11:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/03/21 07:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/03/18 15:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/03/18 15:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/03/17 09:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/03/17 09:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/03/17 09:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2014/03/13 19:31:01 | 000,000,000 | ---D | C] -- C:\Users\coldharbor1950\AppData\Local\VS Revo Group
[2014/03/13 14:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
========== Files - Modified Within 30 Days ==========
[2014/04/07 20:04:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/07 19:18:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/07 18:04:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\OTL.exe
[2014/04/07 17:28:13 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/07 16:37:37 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/07 16:37:37 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/07 16:36:54 | 000,783,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/07 16:36:54 | 000,651,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/07 16:36:54 | 000,118,604 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/07 16:31:42 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/07 16:31:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/07 11:14:32 | 000,003,900 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140407_111423.reg
[2014/04/07 07:28:17 | 000,000,826 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140407_072805.reg
[2014/04/06 19:19:13 | 000,000,478 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140406_191909.reg
[2014/04/06 17:21:35 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/04/06 17:21:35 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/04/06 17:18:39 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/06 17:18:39 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/06 17:18:39 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/06 17:18:39 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/06 17:18:39 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/04/06 17:18:39 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/06 17:18:39 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/06 17:18:38 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/06 17:18:38 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/06 17:18:27 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/04/06 17:18:24 | 000,445,304 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/04/06 12:16:22 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/06 12:00:48 | 000,000,878 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140406_120042.reg
[2014/04/06 11:51:08 | 000,002,241 | ---- | M] () -- C:\Users\coldharbor1950\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/06 11:08:32 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/06 09:20:01 | 000,001,484 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140406_091957.reg
[2014/04/06 09:09:09 | 000,010,716 | ---- | M] () -- C:\Users\coldharbor1950\Documents\cc_20140406_090859.reg
[2014/04/06 08:59:22 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/05 20:58:08 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/05 20:56:04 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk
[2014/04/05 20:56:03 | 000,001,093 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/03 08:33:25 | 000,763,956 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/03 07:53:25 | 001,426,178 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\AdwCleaner.exe
[2014/04/01 09:17:56 | 000,001,157 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\TFC - Shortcut.lnk
[2014/04/01 09:17:14 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\coldharbor1950\Desktop\TFC.exe
[2014/03/31 16:54:21 | 000,053,248 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2014/03/31 16:53:49 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2014/03/28 19:19:38 | 000,314,347 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140403-083325.backup
[2014/03/27 08:40:22 | 000,333,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/26 18:18:51 | 000,110,288 | ---- | M] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_26_14.html
[2014/03/24 23:25:10 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/03/24 23:14:35 | 000,783,424 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/24 22:58:32 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ICELAND-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/24 16:21:48 | 000,002,121 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/03/23 17:22:10 | 000,111,056 | ---- | M] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_23_14.html
[2014/03/22 07:07:05 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForcoldharbor1950.job
[2014/03/19 11:32:31 | 000,053,843 | ---- | M] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_19_14.html
[2014/03/18 20:28:10 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/03/11 20:26:38 | 000,018,052 | ---- | M] () -- C:\Users\coldharbor1950\Documents\eBay.odt
[2014/03/11 20:26:38 | 000,018,052 | ---- | M] () -- C:\Users\coldharbor1950\Desktop\eBay.odt
========== Files Created - No Company Name ==========
[2014/04/07 11:14:26 | 000,003,900 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140407_111423.reg
[2014/04/07 07:28:10 | 000,000,826 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140407_072805.reg
[2014/04/06 19:19:12 | 000,000,478 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140406_191909.reg
[2014/04/06 17:21:35 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/04/06 17:21:35 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/04/06 17:18:42 | 000,208,928 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/06 17:18:42 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/06 12:00:46 | 000,000,878 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140406_120042.reg
[2014/04/06 11:08:32 | 000,002,241 | ---- | C] () -- C:\Users\coldharbor1950\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/06 11:08:32 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/06 09:19:59 | 000,001,484 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140406_091957.reg
[2014/04/06 09:09:03 | 000,010,716 | ---- | C] () -- C:\Users\coldharbor1950\Documents\cc_20140406_090859.reg
[2014/04/06 08:59:22 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/03 07:53:13 | 001,426,178 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\AdwCleaner.exe
[2014/04/01 09:17:56 | 000,001,157 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\TFC - Shortcut.lnk
[2014/03/31 18:37:43 | 000,018,052 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\eBay.odt
[2014/03/31 16:54:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2014/03/31 16:53:49 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\CryptoPrevent.lnk
[2014/03/27 16:55:06 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/27 08:40:14 | 000,333,712 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/26 18:18:50 | 000,110,288 | ---- | C] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_26_14.html
[2014/03/24 22:58:32 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ICELAND-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/24 18:30:00 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/03/24 16:21:48 | 000,002,121 | ---- | C] () -- C:\Users\coldharbor1950\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/03/23 17:22:10 | 000,111,056 | ---- | C] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_23_14.html
[2014/03/19 11:32:30 | 000,053,843 | ---- | C] () -- C:\Users\coldharbor1950\Documents\bookmarks_3_19_14.html
[2014/03/10 10:53:13 | 000,018,052 | ---- | C] () -- C:\Users\coldharbor1950\Documents\eBay.odt
[2014/03/10 10:08:00 | 000,011,070 | ---- | C] () -- C:\Users\coldharbor1950\Documents\untitled_1.odt
[2014/01/05 09:32:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2014/01/04 21:02:07 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014/01/04 21:02:07 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/10/25 21:53:36 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2013/10/08 10:45:08 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/10/08 08:36:07 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/08 08:36:07 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/08/21 22:22:33 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/05/11 11:59:30 | 000,078,697 | -H-- | C] () -- C:\Users\coldharbor1950\Bottom Contact.jpg
[2013/02/08 17:21:10 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2013/02/08 17:21:07 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2013/01/17 23:52:39 | 000,002,147 | -H-- | C] () -- C:\Users\coldharbor1950\PrintMaster-2012-Platinum.prefs
[2012/12/28 21:08:52 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Gems
[2012/12/28 21:08:52 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Fruit
[2012/12/28 21:07:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Generic
[2012/12/28 21:07:44 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Funk Animals
[2012/12/28 21:07:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Galaxy Swirl
[2012/12/28 21:07:43 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\Frameworks
[2012/12/28 21:07:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Hip Hop
[2012/12/28 21:07:08 | 000,000,268 | RH-- | C] () -- C:\Users\coldharbor1950\AppData\Roaming\HAL
[2012/11/25 16:08:40 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/10/21 08:08:26 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\AVAST Software
[2012/10/19 20:28:23 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\com.masque.slots.IGTSlotsLilLady
[2012/11/25 22:48:36 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Encore
[2013/12/18 10:53:43 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\IObit
[2013/12/15 09:58:43 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Masque
[2013/12/15 09:51:50 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\OpenOffice
[2013/12/15 09:51:49 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\OpenOffice.org
[2013/10/17 09:40:59 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Oracle
[2013/12/15 09:58:46 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\pdf995
[2013/07/13 08:07:21 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\RoboForm
[2013/12/15 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Scribus
[2014/03/28 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Serif
[2013/12/15 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\SmartDraw
[2014/01/02 15:03:16 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\SoftGrid Client
[2012/12/05 13:24:50 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Stardock
[2014/02/20 18:51:33 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TaxCut
[2012/11/07 10:15:21 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TP
[2013/12/30 00:33:06 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\TuneUp Software
[2014/03/28 22:34:36 | 000,000,000 | ---D | M] -- C:\Users\coldharbor1950\AppData\Roaming\Visan
[2012/10/23 22:16:14 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\WildTangent
[2012/10/11 17:51:54 | 000,000,000 | -H-D | M] -- C:\Users\coldharbor1950\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
Extras:
OTL Extras logfile created on: 4/7/2014 6:07:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\coldharbor1950\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.60 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 69.86% Memory free
7.20 Gb Paging File | 5.64 Gb Available in Paging File | 78.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.07 Gb Total Space | 401.08 Gb Free Space | 89.31% Space Free | Partition Type: NTFS
Drive D: | 16.59 Gb Total Space | 2.04 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 58.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: ICELAND | User Name: coldharbor1950 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F143BC-2152-4BE8-84F3-B704C928D34E}" = rport=138 | protocol=17 | dir=out | app=system |
"{0BC6141F-7230-4558-8621-12FEE99FD54C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0FCD59EC-D3CF-42F2-8891-742F32C36322}" = rport=445 | protocol=6 | dir=out | app=system |
"{135BA083-00DA-4BCF-9B2A-C1683BD658BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1A0D12F1-BA23-41D3-B481-5EC6EDB768DC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1A8D5337-9D58-494E-93E3-081B79B72410}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CD64F04-B26F-4BE9-9AF3-C5EA2DCDB88A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35346EEC-CDFD-4917-87A9-23D374D52C6C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{396960FD-4E10-48DB-88FE-F53107B84C82}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3ACA7246-4A8F-4749-A9FB-DD0721F609EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{3E7AC566-537D-42BF-AD76-B036C4C8D407}" = rport=139 | protocol=6 | dir=out | app=system |
"{45C3CD51-EAAD-41D2-A340-866E667007F0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FF82C6A-42D3-4B5C-A4D7-716340ED762C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{51776095-5543-452C-A526-6CE0990CB0CF}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B1B3899-5D03-4D5F-A56A-6D3129105B6F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{67F48B5A-9025-4735-9ECD-A6E1360C1C24}" = lport=139 | protocol=6 | dir=in | app=system |
"{6C9491FD-7BAE-44A5-86E5-54A34AB2A96B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D91EA65-214F-48F9-86B6-BDF56EF8C93E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7E0F55C6-E051-4B8E-90F9-AE8134C06127}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{82A01128-2E86-4FBC-8818-10F6313CB78A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92B5D083-4591-48EA-8E3E-A45733323F24}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{9D25C11E-F1AC-4607-8DF4-DA1EFF010678}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A73A8908-CA7A-4A2B-8B3E-561DAF8636CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A888EADA-C401-4C4C-96AD-1338C92D2DE7}" = lport=137 | protocol=17 | dir=in | app=system |
"{AF3A96A8-3D8A-44AC-B751-759838D920CF}" = lport=138 | protocol=17 | dir=in | app=system |
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4758D26-32AB-4030-949E-FB1033C75DCE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EBCF9F0C-AA28-481B-B467-F99FF283915A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5893C85-208D-48BE-BDD8-AD9E0DD63FBB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FC9AACE6-4464-48C4-BFE7-C2036CA03454}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C79F902-31E3-4627-9EC7-C2E03370D23C}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
"{0FE4C508-CA5B-431F-9C5A-F0BF2204E680}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{1C9ED9A1-07BD-41C6-AE14-A00F12D4567E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{21EF29BC-5E5A-49E5-AA48-85212B76B033}" = protocol=58 | dir=out | [email protected],-28546 |
"{244D561C-02F5-4992-A660-B7ADD792218A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2A5424E1-1BC2-4B85-A127-28902D7E1188}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41FE5510-492B-4FF0-ACF8-5FD9D1666FFC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4238CEAF-E32A-4CD1-9669-7A8741C46793}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{46613666-A695-40BB-A8EA-BFE85E7B7BE4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A2696B3-612C-44E8-8923-B6E2A6B2C144}" = protocol=58 | dir=in | [email protected],-28545 |
"{4C7D18EA-E0F2-471D-867A-2912C97FB6D4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4E35E93A-196B-490B-998F-6A4960322931}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{4E62BCE2-EF47-4185-9392-2ABDA3B602B3}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{5535A6E2-83BB-40B2-9ED0-8D28B2A57E23}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
"{6117B5A6-08A4-4BA5-BB95-BBCB23C68EB8}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
"{638D6B1C-BB0F-4FE0-BFC6-4FC9D2BBDC50}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{64502F2B-AC41-4A8E-ACFD-9C2FEA81B301}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
"{670EB779-4203-4C4C-A676-47EA7A49DDDB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7FDC1F64-00D5-4FD5-B530-054D8523FD6E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8ED7B4A2-F078-40C8-8790-B48E71CAF759}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{A0AAB39D-D1DA-41A9-B386-E473982644BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0E3404D-1D1C-4EE0-B142-412D199AD6F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB72A6AA-1544-48EA-88D1-AD3244C32EB2}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{C60A6B34-77AE-4664-A479-4C6F59B8B8EB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C6B43DE4-E254-4793-B464-D4FB9C5F801B}" = protocol=6 | dir=out | app=system |
"{CBB824A5-7AA3-49F0-90E3-06209BDE9F5E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC41CD3D-6949-460F-9D2D-5869411FDECC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D3975EB0-374B-47D4-A8AF-618A44B8B692}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCF21C6B-1283-4A7B-AE50-10F18BE47054}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0F3E123-7FCF-4176-95A1-20C26EBD9FF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1A1F28C-DFEF-49F9-B97C-94E7764CAB5C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E827D56E-A274-4884-943C-00FA35736A44}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8921C4B-9858-4428-B5C6-D6935CE52E8E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F069468E-4B61-462C-8C6E-8028CB0972F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1F186DD-3558-4963-B107-B5883CC92F89}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F377AA3A-837E-4196-8E3E-B27E81B7A207}" = protocol=1 | dir=out | [email protected],-28544 |
"{F89754FD-D917-4F1E-82C3-88FA30456454}" = protocol=1 | dir=in | [email protected],-28543 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{408DD513-C71C-EF6C-1456-247DD8403E18}" = AMD Steady Video Plug-In
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6032497A-4479-462B-ADB8-A0A372BB9A23}" = HP Application Assistant
"{635BE602-BB9C-4C59-8CC5-93F9366E8A21}" = ViewNX 2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7D2019DF-713F-B6ED-8C87-14363B081FB2}" = AMD Drag and Drop Transcoding
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8AB933A1-603C-5B22-3D56-19593698C41A}" = AMD Fuel
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADCB5F9E-EF88-6D61-EE2F-99F51DF1B6EF}" = AMD Media Foundation Decoders
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E57289A3-B314-F00A-F0D0-7CB63E588CFF}" = AMD Accelerated Video Transcoding
"{FB555BCF-9202-4886-9203-88C9A210D727}" = HP Deskjet 3050A J611 series Basic Device Software
"{FEB22B7A-7B05-4A49-3BA3-D24815D37FAE}" = ccc-utility64
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 3.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{170236F2-1F88-A116-DA64-3FEED17B9387}" = CCC Help Italian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox
"{2178EDD8-A3A6-50E3-407B-6629EA8E6ECE}" = AMD Catalyst Control Center
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{32957F2B-A371-151F-9DA1-7BCA54BA2C71}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{398004A7-6198-B8AB-443A-D250FFA57446}" = CCC Help Greek
"{3A29665B-2304-A9F7-601D-86340BD29D57}" = CCC Help Korean
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4310E447-8AF3-020C-06D0-CB317D1BC92B}" = CCC Help Spanish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4DF0CAAC-F479-1673-EE92-03FFB9A05C1A}" = CCC Help English
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{586C0B83-75B3-42FD-8D5B-B81CC6E7EFC9}" = H&R Block Wisconsin 2013
"{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent v4.3.0
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{6670AE0A-83FD-C514-C4EC-51618BEDCF04}" = Catalyst Control Center InstallProxy
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DD76706-759A-1D77-9D1B-39FFFEC203BE}" = CCC Help Hungarian
"{6DF3C5B5-AEA5-198E-289C-CAADC4A17C04}" = CCC Help Dutch
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6F9B3984-08EB-19EE-5E93-E79FD0854596}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{7C0BF6E9-7021-46E4-87B3-4C4587256A22}" = Masque IGT Slots Wolf Run
"{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{82DA3D5E-0041-D8F7-6ACD-53A06C863FD4}" = CCC Help Swedish
"{8364E531-493B-4B05-8041-09D5CE38B975}" = HP Weather
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP Magic Canvas Tutorials
"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile + State 2012
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E63AD00-6BEB-9E98-739E-C8EE42CF0419}" = CCC Help Norwegian
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9584BE1B-2FBE-4F45-13EA-6567F3E2D9A2}" = CCC Help Chinese Traditional
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{993609E5-B0A7-0270-BA78-385016D5A4FA}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C50B767-48BA-A567-0CFE-31620AE8FC97}" = CCC Help German
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E94C6F8-2B4E-D900-E73C-E7BCC7653188}" = CCC Help Japanese
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9EFBFB8-A314-4F9F-83B6-A0932C62728D}" = H&R Block Wisconsin 2012
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BEFD4139-C684-DBF8-33F2-7963161E2F10}" = CCC Help Russian
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBC3C9F-C781-4A0A-4AC9-BEBDE9850C16}" = CCC Help Turkish
"{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1" = Metric Converter
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17BE572-CBFB-2AA4-759B-E21F04093001}" = CCC Help Thai
"{D3C44AE6-7A77-6CB3-0708-C970C53E8136}" = Catalyst Control Center Localization All
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{E9E87CFE-894C-8FFB-31C2-61C6B640F2B2}" = CCC Help Finnish
"{E9F63F5F-00EF-516C-C7F6-ABD3DC174B5E}" = CCC Help Polish
"{EA3960CB-883C-5B18-FA85-7C36C320E4BC}" = Catalyst Control Center Graphics Previews Common
"{ED62231A-B71D-C39A-7CE0-B2C8388A67C2}" = CCC Help French
"{EDE796DE-0A72-464D-9D21-F04BC41A092B}" = H&R Block Deluxe + Efile + State 2013
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{FBC9A8BD-C74D-86B3-7818-D584C9174F48}" = CCC Help Portuguese
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE678BB2-C794-65F3-1D4F-DB5173C66986}" = Catalyst Control Center InstallProxy
"5354-7805-5584-7014" = PrintMaster 2012 Platinum
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AI RoboForm" = RoboForm 7-9-5-7 (All Users)
"Avast" = avast! Internet Security
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Kobo" = Kobo
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"PDF Complete" = PDF Complete Special Edition
"Pdf995" = Pdf995 (installed by H&R Block)
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4" = Zinio Reader 4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/7/2014 6:59:59 PM | Computer Name = iceland | Source = HPTouchSmartCalendar | ID = 0
Description = Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String
filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime
dateLastSyncDate, String strProvider)
Error - 4/7/2014 7:03:00 PM | Computer Name = iceland | Source = HPTouchSmartCalendar | ID = 0
Description = Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String
filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime
dateLastSyncDate, String strProvider)
Error - 4/7/2014 7:06:00 PM | Computer Name = iceland | Source = HPTouchSmartCalendar | ID = 0
Description = Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String
filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime
dateLastSyncDate, String strProvider)
Error - 4/7/2014 7:09:00 PM | Computer Name = iceland | Source = HPTouchSmartCalendar | ID = 0
Description = Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String
filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime
dateLastSyncDate, String strProvider)
Error - 4/7/2014 7:12:00 PM | Computer Name = iceland | Source = HPTouchSmartCalendar | ID = 0
Description = Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String
filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime
dateLastSyncDate, String strProvider)
Error - 4/7/2014 7:15:00 PM | Computer Name = iceland | Source = HPTouchSmartCalendar | ID = 0
Description = Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String
filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime
dateLastSyncDate, String strProvider)
Error - 4/7/2014 7:18:00 PM | Computer Name = iceland | Source = HPTouchSmartCalendar | ID = 0
Description = Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String
filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime
dateLastSyncDate, String strProvider)
Error - 4/7/2014 7:21:00 PM | Computer Name = iceland | Source = HPTouchSmartCalendar | ID = 0
Description = Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String
filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime
dateLastSyncDate, String strProvider)
Error - 4/7/2014 7:24:00 PM | Computer Name = iceland | Source = HPTouchSmartCalendar | ID = 0
Description = Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String
filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime
dateLastSyncDate, String strProvider)
Error - 4/7/2014 7:27:00 PM | Computer Name = iceland | Source = HPTouchSmartCalendar | ID = 0
Description = Application Name: HP TouchSmart Calendar Exception Type: System.UnauthorizedAccessException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String
path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare
share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String
msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) at System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share) at System.Xml.XmlDocument.Save(String
filename) at LifeCenter.DAL.Common.CommonDataFunctions.UpdateLastSyncDate(DateTime
dateLastSyncDate, String strProvider)
[ Hewlett-Packard Events ]
Error - 6/9/2012 3:09:48 PM | Computer Name = iceland | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3686 Ram
Utilization: 30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
[ System Events ]
Error - 4/6/2014 8:23:31 PM | Computer Name = iceland | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
encountered error '0x80004005'. Verify that the UPnPHost service is running and
that the UPnPHost component of Windows is installed properly.
Error - 4/6/2014 8:24:06 PM | Computer Name = iceland | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Dnscache service.
Error - 4/7/2014 12:19:12 PM | Computer Name = iceland | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.
Error - 4/7/2014 12:19:25 PM | Computer Name = iceland | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 4/7/2014 12:19:26 PM | Computer Name = iceland | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
encountered error '0x80004005'. Verify that the UPnPHost service is running and
that the UPnPHost component of Windows is installed properly.
Error - 4/7/2014 12:19:55 PM | Computer Name = iceland | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Search service, but
this action failed with the following error: %%1056
Error - 4/7/2014 5:32:23 PM | Computer Name = iceland | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.
Error - 4/7/2014 5:32:35 PM | Computer Name = iceland | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 4/7/2014 5:32:48 PM | Computer Name = iceland | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
encountered error '0x80004005'. Verify that the UPnPHost service is running and
that the UPnPHost component of Windows is installed properly.
Error - 4/7/2014 5:33:25 PM | Computer Name = iceland | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Search service, but
this action failed with the following error: %%1056
< End of report >
Sign In
Create Account
