This PC belongs to a friend who is not very tech savvy. When he brought it to me it wouldn't boot (boot sector has missing files). I was able to get it to the repair menu and ran a repair scan and it worked. Next it wanted a specific user to log in, unfortunately the user did not remember he password and her account was tied to Microsoft Live account. I was able to get the command prompt on the log in screen and was able to delete the account it wanted me to use. Once the PC rebooted it logged me with the Admin account I activated from the command prompt. After logging in I noticed the PC was very sluggish. Norton was running in the background and it found some malware. After Norton finished and removed the malware it found the PC attempted to reboot, but it just gave a black screen so I pushed the power button. On restart it gave me a message that Norton was removing malware. I was able to get back to the desktop and download OTL and ran the OTL Scan.
--------------------------------
OTL logfile created on: 6/28/2014 1:47:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.58 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 60.82% Memory free
4.77 Gb Paging File | 3.25 Gb Available in Paging File | 68.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.77 Gb Total Space | 401.06 Gb Free Space | 90.38% Space Free | Partition Type: NTFS
Drive D: | 20.18 Gb Total Space | 2.49 Gb Free Space | 12.33% Space Free | Partition Type: NTFS
Computer Name: WEBSTERFAMILY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/28 01:46:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2014/06/24 07:15:08 | 000,640,304 | ---- | M] () -- C:\Windows\SysWOW64\mjcm\dnkt.exe
PRC - [2014/05/11 00:11:33 | 000,276,376 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
PRC - [2014/02/03 18:57:15 | 002,552,856 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2014/01/10 18:19:53 | 001,772,056 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
PRC - [2014/01/10 18:19:53 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
PRC - [2013/11/01 13:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.) -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe
PRC - [2013/11/01 07:31:08 | 000,114,176 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe
PRC - [2012/07/27 18:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/06/13 13:55:12 | 002,101,248 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
PRC - [2012/06/07 20:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2011/12/14 13:58:36 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
PRC - [2010/07/23 10:48:06 | 000,557,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
========== Modules (No Company Name) ==========
MOD - [2014/06/24 07:15:10 | 001,581,872 | ---- | M] () -- C:\Windows\SysWOW64\mjcm\5113\nsib.dll
MOD - [2014/06/24 07:15:08 | 000,640,304 | ---- | M] () -- C:\Windows\SysWOW64\mjcm\dnkt.exe
MOD - [2014/02/13 13:36:49 | 000,427,520 | ---- | M] () -- C:\ProgramData\saver bbox\gtne.dll
MOD - [2014/02/03 18:57:15 | 002,552,856 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2014/02/01 22:56:16 | 000,423,936 | ---- | M] () -- C:\ProgramData\ImageToPng\g0o.dll
MOD - [2014/01/24 06:57:20 | 000,425,472 | ---- | M] () -- C:\ProgramData\deaLpeaK\M3nhap.dll
MOD - [2014/01/24 06:56:58 | 000,426,496 | ---- | M] () -- C:\ProgramData\easytoshoipp\cxxJku.dll
MOD - [2014/01/10 18:19:53 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
MOD - [2013/09/13 20:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 20:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 20:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2009/02/19 17:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/06/24 07:15:06 | 002,601,776 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2014/02/06 03:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/27 08:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/27 02:17:40 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/11/22 21:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/11/07 20:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/10/23 19:19:43 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/10/21 18:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/10/04 01:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/09/29 21:03:28 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/09/29 21:03:28 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/09/29 21:03:27 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/09/26 19:02:26 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/08/22 05:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 05:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 04:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 04:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 04:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 04:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 04:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 04:03:41 | 000,052,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV:64bit: - [2013/08/22 03:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 03:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 03:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 02:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 02:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 02:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 02:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 02:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 02:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 02:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 02:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 02:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 02:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 02:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/05/11 00:11:33 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe -- (NIS)
SRV - [2014/05/11 00:11:33 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe -- (EraserSvc11313)
SRV - [2014/01/10 18:19:53 | 001,772,056 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - [2013/12/28 14:30:24 | 000,146,920 | ---- | M] (SaveSense) [On_Demand | Stopped] -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe -- (savesenselivem)
SRV - [2013/12/28 14:30:24 | 000,146,920 | ---- | M] (SaveSense) [Auto | Stopped] -- C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe -- (savesenselive)
SRV - [2013/11/01 13:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.) [Auto | Running] -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe -- (PasswordBox)
SRV - [2013/11/01 07:31:08 | 000,114,176 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe -- (WajamUpdaterV3)
SRV - [2013/10/23 19:19:45 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2013/10/23 19:19:43 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2013/10/23 19:19:42 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/09/29 21:03:26 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/09/19 15:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 20:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 19:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012/08/29 10:02:16 | 000,035,232 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote)
SRV - [2012/08/15 13:29:52 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/18 15:19:16 | 000,205,216 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe -- (HPRegistrationSvc)
SRV - [2012/07/13 18:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/03/03 21:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/17 18:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 18:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/11/28 11:22:14 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/11/10 19:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/09 04:55:11 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/11/01 04:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/30 17:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/25 18:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/12 19:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 08:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/29 21:03:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/29 21:03:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/09/29 21:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/29 20:51:06 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/09/29 20:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/26 19:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 19:02:28 | 000,619,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/26 19:02:26 | 012,526,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/09/25 19:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/09/09 19:47:38 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\symelam.sys -- (SymELAM)
DRV:64bit: - [2013/09/09 19:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 18:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/08/22 06:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 06:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 05:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 05:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 05:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 05:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 05:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 05:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 05:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 05:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 05:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 05:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 05:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 05:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 05:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 05:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 05:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 05:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 05:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 05:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 05:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 05:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 05:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 05:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 05:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 05:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 05:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 05:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 05:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 05:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 05:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 05:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 05:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 05:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 05:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 05:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 05:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 05:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 04:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 04:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 04:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 04:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 04:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 04:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 04:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 04:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 04:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 04:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 04:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 04:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 04:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 04:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 04:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 04:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 04:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 04:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 04:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 04:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 04:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 04:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 04:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 01:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 16:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 17:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 11:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 12:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/25 12:05:37 | 002,607,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/06/18 07:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/04 11:41:58 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/03/30 23:49:08 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2014/06/27 16:54:56 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140627.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/06/27 09:20:31 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140627.009\ex64.sys -- (NAVEX15)
DRV - [2014/06/27 09:20:31 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/06/27 09:20:31 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/06/27 09:20:31 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140627.009\eng64.sys -- (NAVENG)
DRV - [2014/06/06 11:00:05 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys -- (BHDrvx64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{1CD6C7B6-0D1A-462D-BD5A-F6E4937DFC44}: "URL" = http://www.amazon.co...ds={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{1CD6C7B6-0D1A-462D-BD5A-F6E4937DFC44}: "URL" = http://www.amazon.co...ds={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...archTerms}&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3: C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9: C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/06/28 01:38:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.2.101 [2014/01/10 18:20:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013/11/28 11:24:44 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2013/08/22 06:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (deaLpeaK) - {03EF23D8-5A43-988F-A549-E999E3277BF1} - C:\ProgramData\deaLpeaK\M3nhap.dll ()
O2 - BHO: (SaveSense) - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files (x86)\SaveSense\SaveSenseIE.dll (SaveSense)
O2 - BHO: (easytoshoipp) - {22FB4B90-BAB8-BC31-C37F-0E288E29D880} - C:\ProgramData\easytoshoipp\cxxJku.dll ()
O2 - BHO: (PasswordBox Helper) - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (saver bbox) - {8AE47891-C0FF-2964-5955-97280F156CBB} - C:\ProgramData\saver bbox\gtne.dll ()
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.2.101\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (ImageToPng) - {C8DF4A56-02C3-4777-236A-C167C9B1C9A1} - C:\ProgramData\ImageToPng\g0o.dll ()
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.2.101\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe (Hewlett-Packard)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{322F41CF-DF11-45AD-9FE7-E66146C6E91C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC39CB49-D172-41DA-BA1C-707938FA75E1}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - c:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/06/28 01:46:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/06/28 01:41:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2014/06/28 01:32:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple
[2014/06/28 01:32:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\tprb
[2014/06/28 01:32:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\mjcm
[2014/06/28 01:24:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Utilman.exe
[2014/06/28 01:14:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\assembly
[2014/06/28 01:14:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
[2014/06/28 01:07:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI
[2014/06/28 01:07:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI
[2014/06/28 01:06:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar
[2014/06/28 01:05:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2014/06/28 01:04:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Power2Go8
[2014/06/28 01:04:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/06/28 01:04:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2014/06/28 01:04:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2014/06/28 01:04:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/06/28 01:04:01 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/06/28 01:03:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2014/06/28 01:03:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Packages
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2014/06/28 01:03:25 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2014/06/28 01:02:49 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2014/06/28 01:02:49 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/06/28 01:02:49 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2014/06/28 01:02:49 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/06/28 01:02:49 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/06/28 01:02:49 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2014/06/28 01:02:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2014/06/28 01:02:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2014/06/28 01:02:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/06/28 01:02:43 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2014/06/28 01:02:43 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2014/06/28 01:02:43 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2014/06/28 01:02:43 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2014/06/28 01:02:43 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2014/06/28 01:02:43 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2014/06/28 01:02:43 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2014/06/28 01:02:43 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2014/06/28 01:02:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\hp.system.package.metadata
[2014/06/28 01:02:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\hp.applications.package.appdata
========== Files - Modified Within 30 Days ==========
[2014/06/28 01:46:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/06/28 01:40:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/28 01:38:38 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job
[2014/06/28 01:37:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/06/28 01:37:53 | 3076,812,800 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/28 01:35:03 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job
[2014/06/28 01:32:09 | 002,064,879 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\Cat.DB
[2014/06/28 01:30:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SaveSense.job
[2014/06/28 01:15:03 | 000,001,438 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/26 21:28:38 | 000,040,057 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1503000.00C\VT20140626.025
[2014/06/24 18:19:00 | 000,954,832 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/24 18:19:00 | 000,214,540 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/24 18:19:00 | 000,006,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/24 07:15:06 | 002,601,776 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2014/06/24 07:11:26 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2014/06/24 06:09:38 | 000,829,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2014/06/24 06:09:38 | 000,608,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
========== Files Created - No Company Name ==========
[2014/06/28 01:15:03 | 000,001,438 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/28 01:03:55 | 000,001,444 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/06/28 01:03:22 | 000,000,352 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/06/28 01:03:22 | 000,000,334 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/02/01 22:56:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/15 20:04:22 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/11/06 16:42:12 | 000,005,360 | ---- | C] () -- C:\Windows\SysWow64\AdpeakProxy.ini
[2013/11/06 16:32:48 | 000,002,312 | ---- | C] () -- C:\Windows\SysWow64\AdpeakProxyOff.ini
[2013/10/23 18:29:34 | 000,930,400 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/23 18:27:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/09/26 19:02:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/09/26 19:02:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/09/26 19:02:36 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/09/26 19:02:18 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/09/26 19:02:18 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/09/26 19:02:12 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\amdhdl32.dll
[2013/08/22 08:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 08:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 07:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 00:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 20:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/21 16:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 16:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2013/05/20 15:14:36 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
========== ZeroAccess Check ==========
[2013/10/23 18:43:32 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/23 04:49:06 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/23 01:19:35 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 02:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 19:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 02:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
----------
It also created a Extra.txt file
OTL Extras logfile created on: 6/28/2014 1:47:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.58 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 60.82% Memory free
4.77 Gb Paging File | 3.25 Gb Available in Paging File | 68.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.77 Gb Total Space | 401.06 Gb Free Space | 90.38% Space Free | Partition Type: NTFS
Drive D: | 20.18 Gb Total Space | 2.49 Gb Free Space | 12.33% Space Free | Partition Type: NTFS
Computer Name: WEBSTERFAMILY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04551289-89EA-408C-B2A6-522DA97F7C12}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{05F9C198-D7D7-47CF-811F-4553EEF8D787}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33E355E9-A82E-440A-910D-B913CBCC95FC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37CF3C35-4B74-49B6-AA1C-58705D4DA99B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{449CBD7E-70E7-4B8B-9D8F-90CD981CB418}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49BB3D31-34DC-4F31-AA5D-32B5DCE9245D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{575AF8B7-BDCB-447B-9C51-4100882C9DBA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{706FAA6A-B3AD-467E-9391-2666035E139E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AA03007-D34D-4CEA-9081-A76C6C83A3F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87022D5C-4E68-4CD0-B387-08AEBF536864}" = lport=53000 | protocol=6 | dir=in | name=hpconnectedremoteservice.exe |
"{94492133-FEE1-45C6-AD04-60F201616833}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9F69E15C-4F48-438F-9F2B-E54238511B88}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBBB34EC-6778-46A3-AC5D-C89BD3129C13}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDBF105A-A143-4D02-9DA9-7536AFE8AC4B}" = lport=52000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe |
"{DA6C61E0-029F-46D1-BB70-C0BC77533515}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D3E233-C9AB-44D4-BEFA-18D751BFE5E2}" = dir=out | name=youtube 2.0 |
"{02CE9DBB-3847-4460-AFBA-22C66CFDA8F3}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.236_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{0469624B-BE49-4663-A23A-DC1CA6D67FE2}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{0758AB7F-C255-46ED-8919-CD6E5C0BEA48}" = dir=out | name=@{microsoft.bingtravel_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{0B15526B-3FC1-4DC7-8FAD-D2418CE977A9}" = dir=out | name=iheartradio |
"{0DE79B8A-8C12-4631-86B7-F6BA3BCFF1B0}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{0FE3973C-850F-44A0-BC59-CE1D85B12FB1}" = dir=in | name=f5 vpn |
"{11EC568E-E75B-48C7-AB90-4352D852311A}" = dir=out | name=@{microsoft.bingsports_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{12D321A8-C99E-4100-8BF6-934363D024A0}" = dir=out | name=@{microsoft.zunevideo_1.5.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{17375821-13E7-43EB-9C0F-CE1DC47ED4C9}" = dir=out | name=juniper networks junos pulse |
"{187EEB7C-198C-4987-9AD7-78FE6BB92242}" = protocol=6 | dir=out | app=system |
"{18AECBBB-37DC-4FD5-A459-38738329FDF0}" = dir=out | name=windows_ie_ac_001 |
"{1CFB8FB9-74F4-427B-8BF0-F20E75BD4522}" = dir=in | name=hp+ |
"{1D449B9E-B839-41D4-AF96-D0DD01A8D3EF}" = dir=in | name=juniper networks junos pulse |
"{1F00DE3F-81F8-40FB-A1FB-2076F1361C16}" = dir=out | name=hp all-in-one printer remote |
"{1F5E0528-7B3B-43FD-8495-4771C1A79856}" = dir=out | name=norton studio |
"{1FC36C16-1195-4D5D-9063-F6D01171BD6A}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{20CC2C8A-1DDB-43AC-8F4A-2210C5F20904}" = dir=out | name=check point vpn |
"{255ED548-001F-4CE0-956A-4E79F5C9C019}" = dir=out | name=@{microsoft.bingfinance_3.0.2.234_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{26106E4A-5E28-4AFE-91BA-9BBEA0BAEA36}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{298F2C70-5BE4-45DD-9573-802B47418A1A}" = dir=out | name=hp registration |
"{29C33496-5050-4BF1-B14C-FFC4821C3600}" = dir=out | name=skype |
"{2A9DF369-4C31-49DF-9F50-4B0698F00CA8}" = dir=in | name=microsoft mahjong |
"{2ADB45D9-D8C9-4E3D-9ECB-0EBE2AAA65FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2BBE18E6-3B98-4BF2-B791-ECC77ABAA2DA}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{2C5DA915-7353-4796-B617-9703C673F51E}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{2DE28D09-9A3E-4D20-A9B7-4E7E3A1FA8E6}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{31733015-F5A3-4A66-B56F-3EA36C4AE808}" = dir=out | name=microsoft mahjong |
"{34DB80FE-4584-40F4-9612-55E0448253E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35514EA6-8AF8-4C49-9D7E-CAC554BEE0AE}" = dir=out | name=windows_ie_ac_001 |
"{3A492291-8C57-4F6D-B6A5-6AF1EA0AE61D}" = dir=in | name=microsoft solitaire collection |
"{4141C8E4-A9E8-423D-8A0B-1DB66659C144}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{41641CEB-CA0E-4639-8DCC-4B61B4EFFAE9}" = dir=out | name=f5 vpn |
"{427C173F-08FC-4282-80F1-EBD64087ED45}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4624AB02-D7ED-4827-8CE6-A4B7C0AA4B93}" = dir=out | name=@{microsoft.bingnews_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{47B74FB9-E4F1-47E1-9C23-00807FCEE177}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4852E1CB-CF7A-42BF-B709-EBA9314FD04C}" = dir=out | name=kindle |
"{49539D49-6B44-44C6-BDF4-D0B9C28A571D}" = dir=out | name=windows_ie_ac_001 |
"{4E0CC241-7E13-43E1-A61F-3FCCBC8378AC}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{4F5AF74F-E676-4298-AA5E-1C2FD63D5690}" = protocol=17 | dir=in | name=hpconnectedremoteservice.exe |
"{50E94346-5EE9-45B2-AEB3-156E23035155}" = dir=out | name=@{microsoft.zunevideo_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{51EAA489-4D0F-4EBB-8649-64E4F585142E}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{53B08AE5-8620-4258-9FB5-36153F0E2D4A}" = dir=out | name=ebay |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{54A764AF-485E-4393-BFB5-6F23E9AA58E4}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{556FAA5F-FB8C-41B1-B392-73FA00973C41}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{582D4FBD-2FFC-4930-96A4-D7165ACA6A6D}" = dir=out | name=iheartradio |
"{58E9DF9F-3BBB-4BC1-8C33-38A056022B86}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{59513A8E-E966-47BE-AC80-12F1561A1DD2}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{59C087B4-4BAE-49D5-BF23-4D43F70E31B2}" = dir=in | name=juniper networks junos pulse |
"{59CD4DD9-8B4A-43AA-B9F4-2328ED8FFC92}" = dir=out | name=slacker radio |
"{5A8C234B-E157-449E-A36A-C5B661F7A2A4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5B39557C-F37E-4574-8156-E302BBC6C7F7}" = dir=out | name=windows_ie_ac_001 |
"{5B53D858-BFCD-4523-B580-91176EA59A2B}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{5CCC01C6-CF25-4675-92DC-AE07E91B977B}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5DE12BE9-8EF1-46B6-AC1E-9781F980BC1E}" = dir=out | name=@{microsoft.zunemusic_1.5.146.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{5FB15D37-BFDA-41A3-B967-6E9C75682681}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{62C36F46-725D-4BFF-A966-845F7A1E399E}" = dir=in | name=hp connected photo powered by snapfish |
"{66CC11E6-E80B-40CD-99F8-19EC7CDFC4EE}" = dir=out | name=@{microsoft.bingtravel_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{678BA387-E574-404F-A0EB-5FB2255A9C27}" = dir=out | name=@{microsoft.bingnews_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{6CF8E6CD-D71E-46AC-931C-A84F36677EE8}" = dir=out | name=nfl news! |
"{6D531371-F4D2-42A3-92BE-F29346EAB038}" = dir=out | name=hp connected photo powered by snapfish |
"{6F2E3AF2-E5D5-473F-8F01-44AB80071AAB}" = dir=out | name=kindle |
"{72A940B2-EEE5-45A6-AC50-7E2A3441EF20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{73D816EF-54C0-4E86-A0B1-4B3FC1F672B6}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.236_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{74B68FE9-4FCB-428C-958D-03AD13502A24}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{84D157D4-0194-4CB8-9345-6EB336C624C3}" = dir=in | name=sonicwall mobile connect |
"{87B99239-2A47-4639-BE33-723EB4E77C4D}" = dir=out | name=netflix |
"{8845B808-27D2-41F9-A236-6A1B53AF7E38}" = dir=out | name=juniper networks junos pulse |
"{8AA71835-71C0-440B-8996-DD9B414B022E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B3A0685-202B-4DD6-A630-0798D385582A}" = dir=out | name=hp registration |
"{8F7B04A7-8DF3-42CC-B660-899559FFDC73}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{935D9B66-D811-408E-AF67-E65A46DE774E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{94F9C92A-5183-4C91-B845-B9EE6268EFD2}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{992F158E-5D00-4C94-8397-8574E7308427}" = dir=in | name=hp all-in-one printer remote |
"{99525F74-F465-4F09-85CD-6B5A6469CE41}" = dir=in | name=hp+ |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9EDEE377-5D90-499F-865D-46AE68E8B61D}" = dir=out | name=microsoft solitaire collection |
"{A084C98F-BB7F-4C86-9FA8-9352ABE868AF}" = dir=out | name=check point vpn |
"{A2ECEC83-D302-470D-9BE6-20C26F51112A}" = dir=out | name=@{microsoft.bingweather_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{A4712616-E805-4B47-8678-874EBC57A90C}" = dir=out | name=netflix |
"{A4D4A0B1-D701-48E0-9355-DA0EA35B31D7}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{A59DA77B-9F8E-4276-9A19-E63E177879CD}" = dir=in | name=getting started with windows 8 |
"{A5D2848C-1BD0-46F8-8C02-8BACE55E3B0B}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{A66817C5-DB6E-4592-A5F4-962428DCE474}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A72A9764-CE63-4DF2-BD93-0D0457B19849}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{A79081B6-FEA6-4BFA-AD2C-9906277C4C0E}" = dir=out | name=@{microsoft.bingfinance_3.0.2.234_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{A7EFA34A-4836-4EF5-B406-9084AE7EC650}" = dir=out | name=microsoft mahjong |
"{A80176A9-9BEA-40A9-B804-E99E792934C0}" = dir=out | name=norton studio |
"{A97117FC-9613-4760-9CDC-79BE584B6FC0}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{A98C5772-A715-453C-A486-BBE8457207BD}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A9E18915-7509-49E3-A41D-521C1FD55572}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{AAA3AB8D-B2EB-4CBB-9C96-B5C1F8E17A7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ABE6CCF4-B759-4A14-B9A0-A7AA19FBA700}" = dir=out | name=@{microsoft.zunemusic_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{BA2C0E44-CA3F-4B36-B92F-9C1EAF5F4ED6}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{BD43E9FC-A69A-4B6B-98B8-DFAC1C3E1ADB}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{C35A81DD-D4B3-4ADF-8E85-F78C2FAB585C}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{C42F9D09-3E09-4750-8F8C-0E904AF4C943}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C433BFCB-17A4-4F7E-817A-4EEDAD1E4BD0}" = dir=in | name=microsoft solitaire collection |
"{C5618DFC-3065-4D9D-9667-953D4F55455F}" = dir=in | name=getting started with windows 8 |
"{C6811269-1909-4A58-9F23-D40FA7874025}" = dir=out | name=hp+ |
"{C714F4FE-281D-47C8-A567-5E594FE41722}" = dir=out | name=microsoft solitaire collection |
"{C8D727E9-1188-428A-9C88-E99D0D25E73A}" = dir=in | name=hp connected photo powered by snapfish |
"{CC1FADB9-6DD6-4D33-8C72-80243188000B}" = dir=in | name=skype |
"{CC9CA34F-1A57-4912-8A2A-A78681505123}" = dir=out | name=sonicwall mobile connect |
"{CD73B21E-8071-4249-8CAE-6BC31C2BE0D9}" = dir=out | name=ebay |
"{D0502AA0-D4D3-4411-89EE-993EF9A76351}" = dir=in | name=check point vpn |
"{D132435C-9F5B-4B5C-ABD0-DF489AF9D287}" = dir=in | name=f5 vpn |
"{D1B27CA6-51E6-4666-B54A-34B61E63433A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1EE6601-5DE9-42BA-9C12-6CE901881B39}" = dir=in | name=check point vpn |
"{D523B5E6-14A2-4F7E-8745-AB4BC6B02EB8}" = dir=out | name=f5 vpn |
"{D5F27318-3072-4FF2-8900-ACABB2A30026}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D7AC9CE9-F12E-4CC3-861A-2C735509723F}" = dir=out | name=getting started with windows 8 |
"{D9C6B82C-126B-448F-AE31-A4DB7AFCD16F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D9CFC265-B4C9-4075-BA99-02C4A9F187E3}" = dir=in | name=sonicwall mobile connect |
"{DA686FDE-7D7C-43F6-A46C-F9F977925013}" = dir=out | name=hp+ |
"{DAF6BA34-09B3-4F51-A54F-B65909D25F12}" = dir=in | name=skype |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DBDE94E0-1D12-46F1-8BE8-A9B1B2666151}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC3FD053-AE85-425B-BC68-2AC7D0AEDD23}" = dir=out | name=hp connected photo powered by snapfish |
"{DCC7F133-3AEF-4C7B-AA0F-8211895CAA84}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{DD842263-D09B-48F5-A938-93F395586795}" = dir=in | name=microsoft mahjong |
"{E155DDF6-48C5-45FB-93D6-1E8E09F8499A}" = dir=out | name=getting started with windows 8 |
"{E2E2A349-3400-4427-B152-9B6D113EFF6E}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8868662-76AA-4F82-8638-30E8BB2B6582}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{E8D36140-4482-47F6-9D23-B62618DF4C1F}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{E9879F3C-C879-4141-9751-A6381B7D3D1A}" = dir=out | name=@{microsoft.bingsports_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{EC5AFC69-C96F-49E5-9B59-281579EFEA92}" = dir=out | name=@{microsoft.bingweather_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{EC70ED8F-2CDF-49ED-AFF1-66B1AE1FDC0C}" = dir=out | name=skype |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EDFC2701-D51A-464D-A509-AFB73B5CED8E}" = dir=out | name=sonicwall mobile connect |
"{EE2929EA-C531-41A8-A425-C9FAB43664A0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F881AB1E-CA67-41ED-93AD-6823939E5C74}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |
"{FC8A5D9D-58A5-438F-8C2A-3960BCFC7EFE}" = dir=out | name=writeplus |
"{FCE12BEC-C95B-4E53-9C3C-BDFC04154A6F}" = dir=out | name=@{microsoft.zunemusic_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{FFA6CFD3-2662-4818-868D-0350472388ED}" = dir=out | name=@{microsoft.zunevideo_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{FFDFE164-F249-4236-B72E-8413CAE4BD63}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{069BB058-4ED8-D4FC-CA8D-9B44344E8338}" = AMD Catalyst Install Manager
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{157737CB-2EA1-280E-94B8-89F58C4617DF}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E810AB6-F34E-49A3-A93F-9E503660F718}" = ScorpionSaver Services
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"MyPC Backup" = MyPC Backup
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{038A7E39-BA10-43E3-98AE-A520396E1B04}" = Translate Genius
"{06B00D20-08D0-A544-DFD8-09C651A5F4A2}" = CCC Help Italian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}" = Level Quality Watcher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{21290172-C335-62CA-3B79-52B2E1B54754}" = Catalyst Control Center Localization All
"{273E1F1A-7B1A-436C-A783-A4A8C97AD036}" = ScorpionSaver
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{39A62445-EC6B-9917-2F31-6BECF1862BB9}" = Catalyst Control Center InstallProxy
"{3F79BF03-68B2-B473-8DF7-0FF9AAB5722D}" = CCC Help French
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{532970A2-464B-73CB-BBC4-F209EAD3EEBE}" = easytoshoipp
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6D14BD15-EC91-E18D-F077-E4288EEBDF3D}" = CCC Help English
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7474548C-E456-4818-8ED0-4A1F00EF77A1}" = Catalyst Control Center - Branding
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BABFDF8-8514-B594-D25E-3EAF4A7A4061}" = CCC Help Japanese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8991CF8F-32B7-9249-DB13-0C7B02356573}" = CCC Help Spanish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{95594A54-DE53-3DB1-A81D-870F6EB30F43}" = CCC Help German
"{96CA71FF-122E-97A7-1D4F-F986889CA854}" = ImageToPng
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" = ScorpionSaver
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B34C9F49-9477-DE82-267E-FA8514BC67CF}" = CCC Help Chinese Standard
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP Keyboard
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C53B1BF2-2F3E-72A0-8B3D-6820E67876F8}" = Catalyst Control Center Graphics Previews Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}" = deaLpeaK
"{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}" = saver bbox
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D8A0063B-B28E-257B-71EE-5A42E252BDA2}" = AMD VISION Engine Control Center
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB39F5D0-C53F-1AC2-EEC1-F1A75BA3B1C7}" = CCC Help Portuguese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote
"{FF27F674-821E-4BA2-985B-DDF539C2CD03}" = HP Support Assistant
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"DMUninstaller" = DMUninstaller
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"NIS" = Norton Internet Security
"Optimizer Pro_is1" = Optimizer Pro v3.2
"SaveSense" = SaveSense (remove only)
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"Wajam" = Wajam
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WNLT" = SweetPacks Updater Service
"WTA-01189583-438b-47db-b7dc-6ef40593c18e" = 4 Elements II
"WTA-01d7bdc6-47f6-424f-a973-6a0c95543b0b" = Mortimer Beckett and the Crimson Thief Premium Edition
"WTA-06b1eefc-6bb0-4314-8a16-3b492a3e6814" = Jewel Match 3
"WTA-0925840f-1058-4e5d-88fd-6f0c0e0d94b0" = Cradle of Rome 2
"WTA-157b6430-fbb8-4b49-aef5-713e57ad1b6e" = FATE: The Cursed King
"WTA-306d3907-2f8a-48d5-b3d0-b4183b70c059" = Final Drive Fury
"WTA-366ad19c-6f36-4f0a-8123-df5e0a65f1d7" = Peggle Nights
"WTA-3f0090eb-0cb2-489f-8c7b-44accbe73cf3" = Luxor Evolved
"WTA-595319e7-5696-4d27-816d-2fdfc3abd05e" = Tales of Lagoona
"WTA-5adb58ff-1ed2-49d4-8766-a5e61a29bc7d" = Zuma's Revenge
"WTA-65f2a8b2-b209-4b39-9f9f-b89a6a72e94a" = Roads of Rome 3
"WTA-69e5d046-a585-4274-b82c-45a0a6f465e6" = Bejeweled 3
"WTA-853ce023-24c0-46e1-8ea3-cdee08ee9723" = Polar Golfer
"WTA-8bd2b410-038a-4308-80ee-64e41ac290d3" = Hoyle Card Games
"WTA-a33bbc50-8e91-456d-8268-0c00f40d4f28" = Farm Frenzy
"WTA-aece9778-f008-463f-97ee-3903fec9b3ce" = Vacation Quest™ - Australia
"WTA-b54602ac-b993-499a-a7c2-324bea36b192" = John Deere Drive Green
"WTA-bf4b225a-bdd5-4c8c-9345-fecfbf79dbf7" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-c2df45d6-1e26-42c9-adf5-5ccfcdead21f" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-ca6d829f-3f9d-4375-a7a6-5894492a97b2" = Penguins!
"WTA-cd2d92f9-6a37-4ec2-a2fc-3507d9b90069" = Governor of Poker 2 Premium Edition
"WTA-cf0a72b2-b5ab-479d-86ce-8f31c637d5ca" = Chuzzle Deluxe
"WTA-d49cabbe-e78c-4dc3-adc7-2031d145a63d" = FlatOut 2
"WTA-d7ea1943-15f0-42ac-b027-22fc3cedaafb" = Polar Bowler
"WTA-d80eac3b-36b6-4e54-99c6-3a6ca08acc0a" = Cradle Of Egypt Collector's Edition
"WTA-e74ad487-bc20-435b-a96d-70fd9a555e3c" = Build-a-lot 4 - Power Source
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/25/2014 8:49:50 PM | Computer Name = WebsterFamily | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 2/25/2014 9:43:10 PM | Computer Name = WebsterFamily | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.16518 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 64c Start
Time: 01cf328baaed9453 Termination Time: 636 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: 53e8fe00-9e87-11e3-be89-7c0507743cef Faulting package
full name: Faulting package-relative application ID:
Error - 2/25/2014 9:59:05 PM | Computer Name = WebsterFamily | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 11.0.9600.16518 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1e4c Start
Time: 01cf32941b5729c5 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: 9754c706-9e87-11e3-be89-7c0507743cef Faulting package
full name: Faulting package-relative application ID:
Error - 2/26/2014 1:05:09 AM | Computer Name = WebsterFamily | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.
Error - 2/26/2014 1:05:09 AM | Computer Name = WebsterFamily | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.
Error - 2/27/2014 8:45:53 PM | Computer Name = WebsterFamily | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = App FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.FileManager
did not launch within its allotted time.
Error - 2/27/2014 8:46:03 PM | Computer Name = WebsterFamily | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app FileManager_cw5n1h2txyewy!Microsoft.Windows.FileManager
failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log
for additional information.
Error - 2/27/2014 8:46:36 PM | Computer Name = WebsterFamily | Source = Application Error | ID = 1000
Description = Faulting application name: FileManager.exe, version: 6.3.9600.16507,
time stamp: 0x52cea993 Faulting module name: Windows.UI.dll, version: 6.3.9600.16384,
time stamp: 0x5215d9e1 Exception code: 0xc0000005 Fault offset: 0x00000000000022e0
Faulting
process id: 0x10e4 Faulting application start time: 0x01cf341e7946a2e3 Faulting application
path: C:\WINDOWS\FileManager\FileManager.exe Faulting module path: C:\Windows\System32\Windows.UI.dll
Report
Id: c65c1f3a-a011-11e3-be8a-7c0507743cef Faulting package full name: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
Faulting
package-relative application ID: Microsoft.Windows.FileManager
Error - 2/27/2014 8:47:42 PM | Computer Name = WebsterFamily | Source = Application Error | ID = 1000
Description = Faulting application name: FileManager.exe, version: 6.3.9600.16507,
time stamp: 0x52cea993 Faulting module name: Windows.UI.dll, version: 6.3.9600.16384,
time stamp: 0x5215d9e1 Exception code: 0xc0000005 Fault offset: 0x00000000000022e0
Faulting
process id: 0x378 Faulting application start time: 0x01cf341e9b84cb92 Faulting application
path: C:\WINDOWS\FileManager\FileManager.exe Faulting module path: C:\Windows\System32\Windows.UI.dll
Report
Id: edbfdba3-a011-11e3-be8a-7c0507743cef Faulting package full name: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
Faulting
package-relative application ID: Microsoft.Windows.FileManager
Error - 2/27/2014 8:50:29 PM | Computer Name = WebsterFamily | Source = Application Error | ID = 1000
Description = Faulting application name: FileManager.exe, version: 6.3.9600.16507,
time stamp: 0x52cea993 Faulting module name: Windows.UI.dll, version: 6.3.9600.16384,
time stamp: 0x5215d9e1 Exception code: 0xc0000005 Fault offset: 0x00000000000022e0
Faulting
process id: 0xed4 Faulting application start time: 0x01cf341ee41ac8f4 Faulting application
path: C:\WINDOWS\FileManager\FileManager.exe Faulting module path: C:\Windows\System32\Windows.UI.dll
Report
Id: 51463de3-a012-11e3-be8a-7c0507743cef Faulting package full name: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
Faulting
package-relative application ID: Microsoft.Windows.FileManager
[ HP Software Framework Events ]
Error - 9/29/2013 10:35:08 AM | Computer Name = WebsterFamily | Source = CaslSmBios | ID = 5
Description = 2013/09/29 07:35:08.916|0000174C|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state
Error - 9/29/2013 4:46:23 PM | Computer Name = WebsterFamily | Source = CaslSmBios | ID = 5
Description = 2013/09/29 13:46:23.679|00000794|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state
[ System Events ]
Error - 3/1/2014 2:00:01 PM | Computer Name = WebsterFamily | Source = DCOM | ID = 10016
Description =
Error - 3/2/2014 2:00:01 PM | Computer Name = WebsterFamily | Source = DCOM | ID = 10016
Description =
Error - 3/3/2014 2:00:01 PM | Computer Name = WebsterFamily | Source = DCOM | ID = 10016
Description =
Error - 3/7/2014 3:36:38 PM | Computer Name = WebsterFamily | Source = DCOM | ID = 10016
Description =
Error - 3/8/2014 2:00:00 PM | Computer Name = WebsterFamily | Source = DCOM | ID = 10016
Description =
Error - 3/9/2014 1:00:01 PM | Computer Name = WebsterFamily | Source = DCOM | ID = 10016
Description =
Error - 6/24/2014 9:12:35 PM | Computer Name = WebsterFamily | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:20:07 AM on ?3/?10/?2014 was unexpected.
Error - 6/24/2014 9:12:41 PM | Computer Name = WebsterFamily | Source = Service Control Manager | ID = 7000
Description = The AdpeakWFP service failed to start due to the following error:
%%2
Error - 6/24/2014 9:12:47 PM | Computer Name = WebsterFamily | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HP
Registration Service service to connect.
Error - 6/24/2014 9:12:47 PM | Computer Name = WebsterFamily | Source = Service Control Manager | ID = 7000
Description = The HP Registration Service service failed to start due to the following
error: %%1053
< End of report >