I help diagnose and fix PCs for elderly and non-tech savvy people as part of my ministry.
Lately, I've been noticing a significant number of machines that have been very sluggish.
I use the following AntiMalware Products: Malwarebytes Premium, SuperAntispyware, Ccleaner, Glary Utilities, Hijack This, Rkill, and Adwcleaner.
For Malware protection in browsers I use the following:
AdblockPlus, ghostery, Noscript
My antivirus preference:
On my personal machine: Symantec Endpoint Security
On other's machines: Bitdefender Free
The only program that finds the problem is Adwcleaner and the key usually resembles this:
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
I have ran Malwarebytes, Rkill, Adwcleaner, SuperAntispyware, all in safe mode and their logs are readily available.
Additionally and per the FAQ page, I have ran OTL and posted the log is posted below:
OTL Extras logfile created on: 12/19/14 2:53:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ORNERY\Desktop
64bit- An unknown product (Version = 6.3.9600) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy
11.99 Gb Total Physical Memory | 9.59 Gb Available Physical Memory | 80.01% Memory free
23.99 Gb Paging File | 21.67 Gb Available in Paging File | 90.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.47 Gb Total Space | 120.02 Gb Free Space | 50.33% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 528.55 Gb Free Space | 37.83% Space Free | Partition Type: NTFS
Drive E: | 2794.52 Gb Total Space | 1480.70 Gb Free Space | 52.99% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 387.94 Gb Free Space | 27.76% Space Free | Partition Type: NTFS
Drive J: | 931.41 Gb Total Space | 225.42 Gb Free Space | 24.20% Space Free | Partition Type: NTFS
Drive Q: | 465.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: SNOOPYII | User Name: ORNERY | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0038741E-7020-409E-9BEA-75825DDD5F16}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BFEFA3E-CB3D-4C4A-818F-E59120339E1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{0DA913FC-36D4-4595-9323-5CF3B2D9F0CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45426F99-39C8-4BC8-A8B2-16E2F8506A74}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CE15CDA-DD2D-4301-9AA2-E76A1B8F2AD5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{622A7ECA-4ADB-4082-8C34-4F57C6C2033A}" = lport=139 | protocol=6 | dir=in | app=system |
"{64B2075D-EF65-4848-BBE4-A2C177E69B3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{6C329D86-AC93-44F8-8532-8CFAD7BD8D3D}" = rport=137 | protocol=17 | dir=out | app=system |
"{7072E831-483B-407B-A458-78CD6F6EE901}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{79F82A82-2B4E-4882-AB6C-570DFA6FD283}" = rport=10243 | protocol=6 | dir=out | app=system |
"{81A54D64-2845-4ED3-B54F-0D6ED0EFAE2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{94782F52-4EE1-48CD-A9FF-8BE882929F3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{AE4C6D47-A856-49E3-991E-EB954D7A8721}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE33761F-889F-4EF6-9B45-41D1799B2F3E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF392255-3852-4BA8-BADC-0127B73A4AA5}" = rport=139 | protocol=6 | dir=out | app=system |
"{C4339AA5-8F04-41A5-9565-B1A75DE6C82A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4A1B2C9-D030-4C6F-B688-B274190F71E8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C6BC763F-00D1-4534-85F4-6AD2CD0D0C5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE061D7C-4B35-48E4-AA93-39AE3A1A557F}" = rport=138 | protocol=17 | dir=out | app=system |
"{D1FA49CC-CB33-47F2-A381-E647AF7AC41F}" = lport=137 | protocol=17 | dir=in | app=system |
"{D8FC7224-B0C4-44DC-9D23-3F580B6E8CAC}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF904244-D5A6-427A-9490-E11AA5512470}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9E830E8-1C0C-476A-9F35-3E18B9C29A97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B1824A-518C-4AB9-A046-5E9AF259AC19}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{04D928C0-2E95-4162-A120-5B459E748DA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{058982E6-D3DC-438C-9633-400BAE30C270}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{0757081F-7367-41EA-80BA-21BE6CE95854}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F09114F-1D03-49C6-815F-DBF904319026}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{130DCA9F-6CD9-43B6-BBB5-380AA1559F2B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe |
"{151400EF-880F-4145-BE99-A4B6BC2F03F9}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.177_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{190F8718-B142-4B64-BD4F-632E15092BB0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{26895B5C-F078-4084-9AFA-BD72E3F77877}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{27D0E4A2-D48C-44CF-A2CD-0CB33FFCDB2E}" = protocol=6 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\123copydvdplatinum.exe |
"{2B2F120A-377C-4631-86D8-4F2A839C2DA5}" = protocol=17 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\helper.exe |
"{31D4B4D4-C8F6-4D96-B4D6-65334B7CA5F9}" = dir=in | name=skype |
"{358A7D06-19C1-482F-85D1-273A20914171}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{39A8B52E-490F-4891-8ED2-39EEA1DA402B}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\snac64.exe |
"{3DD2043C-C395-4190-A040-B4C3A0C8DDC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FEC0181-2914-43E4-8EC4-1213209B9A04}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{401200CB-4F2B-4EED-8A16-836EC9EBC82D}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4764B5A8-6690-439A-A559-050416EC07E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4E18FD5E-9AF5-4017-8A27-3EED3FED8869}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{58E2DF6B-58E4-49F0-B911-3A8F9FDB99A8}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{5C4EE47D-3055-404C-AA32-FCB551073CF9}" = protocol=6 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\helper.exe |
"{5D75D50C-204A-485B-821D-B3F0DDE5CB4B}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\smc.exe |
"{5EDF11D1-CFA8-49D9-8253-A9B3FEB931A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{60EA1ECB-D518-4800-A69B-7EEFF986D146}" = protocol=58 | dir=in |
[email protected],-28545 |
"{6233EDDC-6774-4307-BCDA-F642F270B3C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6807EED9-1293-463B-9926-10324A6582A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E9DE8EA-2C0D-4C9F-8C3C-3A26D9843E09}" = protocol=17 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\123copydvdplatinum.exe |
"{706FAE1B-15EE-47BC-B408-7479D3245BE7}" = protocol=17 | dir=in | app=c:\users\ornery\appdata\roaming\dropbox\bin\dropbox.exe |
"{7224A9F7-DE18-4601-85A0-042E67312808}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe |
"{73027832-3D77-43B7-A763-94F070216B73}" = protocol=1 | dir=out |
[email protected],-28544 |
"{73D71DBB-0702-4916-B1DB-34EC6B86EA9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{7FE62C8C-79C5-41C7-88A6-88DAD6CF397A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{8072AFB7-6465-4ECE-9DD5-D0B69F41D2C8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{80E6FF79-5B10-4C98-8339-C1CBD3DC57F4}" = protocol=6 | dir=out | app=system |
"{82A83F68-8741-4FF1-B7D0-CB33337E860C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{84E57BE4-1AF1-4DCF-98F0-DD0C412908C5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{85AF647F-8F07-4D1C-9514-84F3BE521466}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{93D87E74-8DF5-4258-AF0C-ADF29BBF752C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{93F665FB-0A09-4EB3-A8BE-2C55587A5DB6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{94C663AF-0416-4D4A-BF6C-6B5A792B5DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\smc.exe |
"{96AB4054-8154-4619-87B7-4323EBE37870}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{96AB7489-F7A0-4CBE-A565-097BDB2C1EA4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{974643CA-469F-40C0-A8E2-7B721A3D201C}" = protocol=6 | dir=in | app=c:\users\ornery\appdata\roaming\dropbox\bin\dropbox.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A0D716BD-7522-4450-A1E4-03EF07AADD21}" = dir=out | name=skype |
"{A35151F0-41BA-4AD7-B764-ADF9B5209D0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACCA4D46-F63E-43C1-B2FC-FC5834C17753}" = dir=out | name=@{microsoft.bingtravel_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{B21DACE4-0933-4ABB-8F32-1901CEE67046}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{B381A568-E83F-4123-A68B-6D33A64041A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{B8C68FE3-653F-45C8-AEF8-0B631E839AE4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{BA85BB3C-32AD-4608-B4D5-22A2804EABA2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{BBDBC13D-4E6B-47DB-BF75-A998987BA77D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{BD5E9F7F-4108-417C-BC48-60BE68DD026B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{BD8C0BA9-D131-4BFC-B2B8-D1778BDD643C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C53476E4-7001-46B1-A815-4ECEED366992}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.176_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{CB09630B-1AA0-4B29-BAAE-AC661B98D769}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\snac64.exe |
"{D2FE1F66-3B6E-46E8-B74D-7D157E474DE9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DB2F54A1-7EDC-40ED-BE69-5EDD2D015098}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{DB39683E-7C80-43F6-80D6-A736578DE2F1}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DB5A6A2A-50CF-4EF1-B36F-0B2A1309706C}" = protocol=58 | dir=out |
[email protected],-28546 |
"{E49FDBED-A6CB-42DB-A8A0-992D9B4440D5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{E7A8E90A-1AB1-4FC1-9FB8-54B27CB1E39D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{EBEB7E81-F8B4-4F8F-A247-BB1CACD045E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{ED4F80E5-7110-4DC2-BC94-A5EB4FD7024A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE07A576-C28A-4130-B6AA-A4AA751455BC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{F5AA858D-0155-46A2-82FF-BE38AD91B22A}" = protocol=1 | dir=in |
[email protected],-28543 |
"{F5FAA0B1-39A1-4415-9817-82752A8A905C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F6F26F2D-3CAE-4577-967B-8E83FB72C6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F827B975-8282-4310-97FC-B05EB23514C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F92385BB-62DC-4DA2-AC07-84767FAE85D9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{FEF29FB5-01E3-4659-B5B4-344F9629565F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{26A24AE4-039D-4CA4-87B4-2F06417067FF}" = Java 7 Update 67 (64-bit)
"{3E494002-985C-4908-B72C-5B4DD15BE090}_is1" = Start Menu X version 5.30
"{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}" = AMD Catalyst Install Manager
"{41F22D89-7F71-E83A-08E7-7E7473F4A55D}" = AMD Accelerated Video Transcoding
"{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}" = WD My Cloud
"{49C2B7C1-A4E7-4770-8E30-255795AD4712}" = HP Officejet Pro 8500 A909 Series
"{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.1
"{69F860CB-69A0-991D-C0A7-2967286A8DDC}" = ccc-utility64
"{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}" = WinPatrol
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B53661DC-CD94-4B14-B15F-D9DDCFF72558}" = Symantec Endpoint Protection
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E7ACB435-E0B4-4770-77DE-ED38887CD133}" = AMD Fuel
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Speccy" = Speccy
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001296EA-6321-1D93-6D07-C56469336B6F}" = CCC Help Chinese Traditional
"{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1" = AOMEI Partition Assistant Pro Edition 5.6
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}" = CCC Help Turkish
"{08BF5606-B92B-91D9-550E-45C40EF82146}" = CCC Help Swedish
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0c8ebb00-4909-459c-8347-b2068b7f0319}" = OEM Share Pack
"{104DE091-6C4F-C5A9-F619-5D6C965A0296}" = CCC Help Chinese Traditional
"{11960C5F-F2A2-1A1C-F884-2579A22E70BA}" = CCC Help Finnish
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.20
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D968C74-5200-4331-F74D-83E30797B736}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2B6EDD-9374-B327-8F8E-E31AF6A805B0}" = CCC Help German
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{278D58D4-2B08-4ABF-957C-F0A2F8A1FBB7}_is1" = WonderFox DVD Video Converter version 7.0
"{285722F0-59D5-9468-BA6F-72985A2CE931}" = CCC Help Czech
"{285C9F30-3BF8-697B-BD1D-353435E94B78}" = CCC Help Hungarian
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29967A7C-6E18-91CD-BBE4-9C09F401E950}" = CCC Help Italian
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2B68CAC1-5B99-3465-8982-E4FAB2AE036A}" = CCC Help Russian
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{31AC9515-5F70-41D1-F740-B1978B8D48EA}" = CCC Help Greek
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{3AE82D96-752D-1505-8F07-FF9504D6D0E5}" = Catalyst Control Center Localization All
"{3CE42A9D-F659-4FF0-87EB-A14699AB2D1C}_is1" = Video to Picture version 5.0
"{3D2E0EFF-7E27-ED90-809A-7E59FB05AE63}" = CCC Help Portuguese
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{481C8C2A-D764-E7B9-8155-316540E71082}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FCA6934-2AE3-4ACA-9931-A6D38A3EDB13}" = BPDSoftware
"{54D05374-2428-7BE0-58CD-CE8031163DE6}" = CCC Help Russian
"{565B9F3F-3617-6859-B821-6F103537489D}" = CCC Help Danish
"{59F0E916-7B87-4F09-888B-850F3F0700B5}" = Catalyst Control Center - Branding
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C6AFE98-08BF-086A-300D-18F77D284966}" = CCC Help Swedish
"{5C757800-27E8-2AE3-889A-8B959AE689F8}" = CCC Help Japanese
"{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}" = AMD Catalyst Control Center
"{5D3EC645-B957-36A1-068A-FE8450963669}" = CCC Help Spanish
"{61B90A4D-8CC9-2FED-2495-AC8C9467C984}" = CCC Help Norwegian
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{6EB5B377-BD22-2E2E-772F-4A993EAC38FD}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714549D0-C470-4757-B10C-FB932F3C98D0}}_is1" = Aneesoft Flash Gallery Classic
"{76BAD284-3559-25EE-AB8C-FBAA8042B24B}" = CCC Help English
"{777C7020-402D-4F73-D4C8-B375AFB5CFF7}" = CCC Help Polish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR
"{7C5B13DA-6A68-86C7-ED29-610CA0F49555}" = CCC Help French
"{7E090AA3-1AA3-749F-4C2F-16CDB816651F}" = CCC Help Turkish
"{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy
"{8162B13E-896E-40DF-EB30-5252BF25CC03}" = CCC Help Norwegian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8689A64A-60C9-B821-EF82-89C8D3A12B91}" = VUDU To Go
"{89CE7F9B-B4DF-8585-638B-6BD807ADE9C7}" = HydraVision
"{8A17260E-6572-1DE2-6E73-C297A31093C1}" = CCC Help Chinese Standard
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8E0AFE95-5099-1CB1-A3D1-1BFB2546F1F1}" = CCC Help Thai
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}" = CyberLink MediaShow 6
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3806AB7-AB46-7672-A825-F9AE0DE6910A}" = CCC Help Finnish
"{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
"{A83F6EE0-A42E-66D8-88B6-90A475602565}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup 2.6
"{B079957C-3276-4B9F-DB08-D1CA8C090D9E}" = CCC Help Greek
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B12BE177-DC00-5746-3AB9-91CD090AF555}" = Catalyst Control Center Localization All
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF5509A0-250A-25EA-0C19-61505E9EBA13}" = CCC Help Chinese Standard
"{C086E8FA-7445-4E07-1310-4616EC120EE7}" = CCC Help Dutch
"{C2F88EE6-D343-F986-E8F1-F012B294CEA7}" = CCC Help Korean
"{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}" = CCC Help Thai
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}" = CCC Help German
"{C92AB6F1-9C93-0F51-ED50-15ABBCBDD142}_is1" = Ashampoo Snap 7 v.7.0.10
"{CCE2DCFE-4A89-4BC0-B3EF-6A3F8E30A2D6}" = CyberLink OEM Share Pack 2
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CF0228E9-A5A7-4703-A0A5-F5E3532937B4}" = ProductContext
"{D8735515-0DB5-DCBD-C303-37D32DE4363F}" = CCC Help Japanese
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5
"{E4F406B9-319B-2C33-54CE-84A46DA47BFB}" = CCC Help French
"{EB766D4A-C56C-946D-F74D-43C78FE4521E}" = CCC Help Korean
"{EC0FD3E2-A241-4D37-BF16-7815EC1E7A29}_is1" = Video Rotator V1.0.9
"{EC58A9C9-22D8-FA14-785E-37B8C290AA8D}" = CCC Help Spanish
"{ED0D7699-1943-0C29-7465-6530F8DE2DA2}" = CCC Help Polish
"{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}" = CCC Help Czech
"{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}" = CCC Help Danish
"{F132000C-1CBA-458F-BF2F-FD43D59410F9}" = LightScribe System Software
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC125E14-4162-49BE-8BE9-AA4E2D6A9BE9}" = 8500A909a
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}" = CCC Help Portuguese
"{FDF2FE33-426D-45C2-4E70-76C162F1B790}" = CCC Help English
"123CopyDVDPlatinum 2012" = 123CopyDVDPlatinum
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Advanced Renamer_is1" = Advanced Renamer
"Audacity_is1" = Audacity 2.0.6
"AviSynth" = AviSynth 2.5
"BackRex Outlook Backup Demo" = BackRex Outlook Backup Demo
"com.vudu.air.Downloader" = VUDU To Go
"Cook'n" = Cook'n
"Cool Record Edit Pro_is1" = Cool Record Edit Pro v8.8.3
"EaseUS Partition Master Trial Edition_is1" = EaseUS Partition Master 10.1 Trial Edition
"Glary Utilities 5" = Glary Utilities PRO 5.14
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"LeaderTask_is1" = LeaderTask 9.0
"MagniDriver" = marvell 91xx driver
"MakeMKV" = MakeMKV v1.9.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 34.0 (x86 en-US)" = Mozilla Firefox 34.0 (x86 en-US)
"Mozilla Thunderbird 31.3.0 (x86 en-US)" = Mozilla Thunderbird 31.3.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlue Art Effects for PDR10" = Art Effects for PDR10
"Office14.SingleImage" = Microsoft Office Professional 2010
"Revo Uninstaller" = Revo Uninstaller 1.95
"TeamViewer" = TeamViewer 10
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player
"Wise Care 365_is1" = Wise Care 365 3.34
"WUCCCApp" = Catalyst Control Center
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Flux" = f.lux
========== Last 20 Event Log Errors ==========
[ Symantec Endpoint Protection Client Events ]
Error - 9/5/14 11:48:24 AM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Suspicious.MH690 in File: D:\IMPORTANT BACKUPS\ANGLER\Retrospect
Copies\Backup of Local Disk ©\Program Files\support.com\client\bin\ResetTMID.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 9/19/14 3:07:38 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Suspicious.MH690 in File: E:\ANGLER\Retrospect
Copies\Backup of Local Disk ©\Program Files\support.com\client\bin\ResetTMID.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 11/10/14 11:41:22 AM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: d:\important backups\snoopyii
install0n 1172012\software\winzip170.exe by: Manual scan. Action: Quarantine succeeded.
Action Description: The file was quarantined successfully.
Error - 11/10/14 8:33:02 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: j:\users\ornery\downloads\malware
toolkit\combofix.exe by: Manual scan. Action: Quarantine succeeded. Action Description:
The file was quarantined successfully.
Error - 11/14/14 6:13:14 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: S:\BERTA\Berta\Downloads\libreoffice_d154772.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.
Error - 11/14/14 6:13:40 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!RegCleanPro in File: S:\BERTA\Berta\Downloads\rcpafterdownloadcm_ad_13375_cm4.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 11/14/14 6:41:32 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: F:\BERTA\DOWNLOADS\libreoffice_d154772.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.
Error - 11/14/14 6:41:55 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!RegCleanPro in File: F:\BERTA\DOWNLOADS\rcpsetup_r.exe
by: Auto-Protect scan. Action: Quarantine failed : Access denied. Action Description:
The file was left unchanged.
Error - 11/24/14 10:13:15 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!WS.Reputation.1 in File: c:\users\ornery\downloads\chrome_updater.exe
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.
Error - 12/7/14 3:31:43 AM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: H:\MALWARE TOOLKIT\ComboFix.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
[ System Events ]
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
< End of report >
OTL Extras logfile created on: 12/19/14 2:53:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ORNERY\Desktop
64bit- An unknown product (Version = 6.3.9600) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy
11.99 Gb Total Physical Memory | 9.59 Gb Available Physical Memory | 80.01% Memory free
23.99 Gb Paging File | 21.67 Gb Available in Paging File | 90.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.47 Gb Total Space | 120.02 Gb Free Space | 50.33% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 528.55 Gb Free Space | 37.83% Space Free | Partition Type: NTFS
Drive E: | 2794.52 Gb Total Space | 1480.70 Gb Free Space | 52.99% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 387.94 Gb Free Space | 27.76% Space Free | Partition Type: NTFS
Drive J: | 931.41 Gb Total Space | 225.42 Gb Free Space | 24.20% Space Free | Partition Type: NTFS
Drive Q: | 465.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: SNOOPYII | User Name: ORNERY | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "$($env:ProgramFiles)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0038741E-7020-409E-9BEA-75825DDD5F16}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BFEFA3E-CB3D-4C4A-818F-E59120339E1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{0DA913FC-36D4-4595-9323-5CF3B2D9F0CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45426F99-39C8-4BC8-A8B2-16E2F8506A74}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CE15CDA-DD2D-4301-9AA2-E76A1B8F2AD5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{622A7ECA-4ADB-4082-8C34-4F57C6C2033A}" = lport=139 | protocol=6 | dir=in | app=system |
"{64B2075D-EF65-4848-BBE4-A2C177E69B3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{6C329D86-AC93-44F8-8532-8CFAD7BD8D3D}" = rport=137 | protocol=17 | dir=out | app=system |
"{7072E831-483B-407B-A458-78CD6F6EE901}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{79F82A82-2B4E-4882-AB6C-570DFA6FD283}" = rport=10243 | protocol=6 | dir=out | app=system |
"{81A54D64-2845-4ED3-B54F-0D6ED0EFAE2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{94782F52-4EE1-48CD-A9FF-8BE882929F3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{AE4C6D47-A856-49E3-991E-EB954D7A8721}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE33761F-889F-4EF6-9B45-41D1799B2F3E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF392255-3852-4BA8-BADC-0127B73A4AA5}" = rport=139 | protocol=6 | dir=out | app=system |
"{C4339AA5-8F04-41A5-9565-B1A75DE6C82A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4A1B2C9-D030-4C6F-B688-B274190F71E8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C6BC763F-00D1-4534-85F4-6AD2CD0D0C5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE061D7C-4B35-48E4-AA93-39AE3A1A557F}" = rport=138 | protocol=17 | dir=out | app=system |
"{D1FA49CC-CB33-47F2-A381-E647AF7AC41F}" = lport=137 | protocol=17 | dir=in | app=system |
"{D8FC7224-B0C4-44DC-9D23-3F580B6E8CAC}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF904244-D5A6-427A-9490-E11AA5512470}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9E830E8-1C0C-476A-9F35-3E18B9C29A97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B1824A-518C-4AB9-A046-5E9AF259AC19}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{04D928C0-2E95-4162-A120-5B459E748DA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{058982E6-D3DC-438C-9633-400BAE30C270}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{0757081F-7367-41EA-80BA-21BE6CE95854}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F09114F-1D03-49C6-815F-DBF904319026}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{130DCA9F-6CD9-43B6-BBB5-380AA1559F2B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe |
"{151400EF-880F-4145-BE99-A4B6BC2F03F9}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.177_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{190F8718-B142-4B64-BD4F-632E15092BB0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{26895B5C-F078-4084-9AFA-BD72E3F77877}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{27D0E4A2-D48C-44CF-A2CD-0CB33FFCDB2E}" = protocol=6 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\123copydvdplatinum.exe |
"{2B2F120A-377C-4631-86D8-4F2A839C2DA5}" = protocol=17 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\helper.exe |
"{31D4B4D4-C8F6-4D96-B4D6-65334B7CA5F9}" = dir=in | name=skype |
"{358A7D06-19C1-482F-85D1-273A20914171}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{39A8B52E-490F-4891-8ED2-39EEA1DA402B}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\snac64.exe |
"{3DD2043C-C395-4190-A040-B4C3A0C8DDC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FEC0181-2914-43E4-8EC4-1213209B9A04}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{401200CB-4F2B-4EED-8A16-836EC9EBC82D}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4764B5A8-6690-439A-A559-050416EC07E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4E18FD5E-9AF5-4017-8A27-3EED3FED8869}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{58E2DF6B-58E4-49F0-B911-3A8F9FDB99A8}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{5C4EE47D-3055-404C-AA32-FCB551073CF9}" = protocol=6 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\helper.exe |
"{5D75D50C-204A-485B-821D-B3F0DDE5CB4B}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\smc.exe |
"{5EDF11D1-CFA8-49D9-8253-A9B3FEB931A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{60EA1ECB-D518-4800-A69B-7EEFF986D146}" = protocol=58 | dir=in |
[email protected],-28545 |
"{6233EDDC-6774-4307-BCDA-F642F270B3C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6807EED9-1293-463B-9926-10324A6582A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E9DE8EA-2C0D-4C9F-8C3C-3A26D9843E09}" = protocol=17 | dir=in | app=c:\program files (x86)\123copydvdplatinum 2012\123copydvdplatinum.exe |
"{706FAE1B-15EE-47BC-B408-7479D3245BE7}" = protocol=17 | dir=in | app=c:\users\ornery\appdata\roaming\dropbox\bin\dropbox.exe |
"{7224A9F7-DE18-4601-85A0-042E67312808}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe |
"{73027832-3D77-43B7-A763-94F070216B73}" = protocol=1 | dir=out |
[email protected],-28544 |
"{73D71DBB-0702-4916-B1DB-34EC6B86EA9F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{7FE62C8C-79C5-41C7-88A6-88DAD6CF397A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{8072AFB7-6465-4ECE-9DD5-D0B69F41D2C8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{80E6FF79-5B10-4C98-8339-C1CBD3DC57F4}" = protocol=6 | dir=out | app=system |
"{82A83F68-8741-4FF1-B7D0-CB33337E860C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{84E57BE4-1AF1-4DCF-98F0-DD0C412908C5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{85AF647F-8F07-4D1C-9514-84F3BE521466}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{93D87E74-8DF5-4258-AF0C-ADF29BBF752C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{93F665FB-0A09-4EB3-A8BE-2C55587A5DB6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{94C663AF-0416-4D4A-BF6C-6B5A792B5DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\smc.exe |
"{96AB4054-8154-4619-87B7-4323EBE37870}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{96AB7489-F7A0-4CBE-A565-097BDB2C1EA4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{974643CA-469F-40C0-A8E2-7B721A3D201C}" = protocol=6 | dir=in | app=c:\users\ornery\appdata\roaming\dropbox\bin\dropbox.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A0D716BD-7522-4450-A1E4-03EF07AADD21}" = dir=out | name=skype |
"{A35151F0-41BA-4AD7-B764-ADF9B5209D0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACCA4D46-F63E-43C1-B2FC-FC5834C17753}" = dir=out | name=@{microsoft.bingtravel_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{B21DACE4-0933-4ABB-8F32-1901CEE67046}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{B381A568-E83F-4123-A68B-6D33A64041A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{B8C68FE3-653F-45C8-AEF8-0B631E839AE4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe |
"{BA85BB3C-32AD-4608-B4D5-22A2804EABA2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{BBDBC13D-4E6B-47DB-BF75-A998987BA77D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{BD5E9F7F-4108-417C-BC48-60BE68DD026B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{BD8C0BA9-D131-4BFC-B2B8-D1778BDD643C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C53476E4-7001-46B1-A815-4ECEED366992}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.176_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{CB09630B-1AA0-4B29-BAAE-AC661B98D769}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\12.1.4013.4013.105\bin64\snac64.exe |
"{D2FE1F66-3B6E-46E8-B74D-7D157E474DE9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DB2F54A1-7EDC-40ED-BE69-5EDD2D015098}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{DB39683E-7C80-43F6-80D6-A736578DE2F1}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DB5A6A2A-50CF-4EF1-B36F-0B2A1309706C}" = protocol=58 | dir=out |
[email protected],-28546 |
"{E49FDBED-A6CB-42DB-A8A0-992D9B4440D5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{E7A8E90A-1AB1-4FC1-9FB8-54B27CB1E39D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{EBEB7E81-F8B4-4F8F-A247-BB1CACD045E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{ED4F80E5-7110-4DC2-BC94-A5EB4FD7024A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE07A576-C28A-4130-B6AA-A4AA751455BC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{F5AA858D-0155-46A2-82FF-BE38AD91B22A}" = protocol=1 | dir=in |
[email protected],-28543 |
"{F5FAA0B1-39A1-4415-9817-82752A8A905C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F6F26F2D-3CAE-4577-967B-8E83FB72C6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F827B975-8282-4310-97FC-B05EB23514C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F92385BB-62DC-4DA2-AC07-84767FAE85D9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{FEF29FB5-01E3-4659-B5B4-344F9629565F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{26A24AE4-039D-4CA4-87B4-2F06417067FF}" = Java 7 Update 67 (64-bit)
"{3E494002-985C-4908-B72C-5B4DD15BE090}_is1" = Start Menu X version 5.30
"{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}" = AMD Catalyst Install Manager
"{41F22D89-7F71-E83A-08E7-7E7473F4A55D}" = AMD Accelerated Video Transcoding
"{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}" = WD My Cloud
"{49C2B7C1-A4E7-4770-8E30-255795AD4712}" = HP Officejet Pro 8500 A909 Series
"{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.1
"{69F860CB-69A0-991D-C0A7-2967286A8DDC}" = ccc-utility64
"{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}" = WinPatrol
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B53661DC-CD94-4B14-B15F-D9DDCFF72558}" = Symantec Endpoint Protection
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E7ACB435-E0B4-4770-77DE-ED38887CD133}" = AMD Fuel
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Speccy" = Speccy
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001296EA-6321-1D93-6D07-C56469336B6F}" = CCC Help Chinese Traditional
"{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1" = AOMEI Partition Assistant Pro Edition 5.6
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}" = CCC Help Turkish
"{08BF5606-B92B-91D9-550E-45C40EF82146}" = CCC Help Swedish
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0c8ebb00-4909-459c-8347-b2068b7f0319}" = OEM Share Pack
"{104DE091-6C4F-C5A9-F619-5D6C965A0296}" = CCC Help Chinese Traditional
"{11960C5F-F2A2-1A1C-F884-2579A22E70BA}" = CCC Help Finnish
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.20
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D968C74-5200-4331-F74D-83E30797B736}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2B6EDD-9374-B327-8F8E-E31AF6A805B0}" = CCC Help German
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{278D58D4-2B08-4ABF-957C-F0A2F8A1FBB7}_is1" = WonderFox DVD Video Converter version 7.0
"{285722F0-59D5-9468-BA6F-72985A2CE931}" = CCC Help Czech
"{285C9F30-3BF8-697B-BD1D-353435E94B78}" = CCC Help Hungarian
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29967A7C-6E18-91CD-BBE4-9C09F401E950}" = CCC Help Italian
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2B68CAC1-5B99-3465-8982-E4FAB2AE036A}" = CCC Help Russian
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{31AC9515-5F70-41D1-F740-B1978B8D48EA}" = CCC Help Greek
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2
"{3AE82D96-752D-1505-8F07-FF9504D6D0E5}" = Catalyst Control Center Localization All
"{3CE42A9D-F659-4FF0-87EB-A14699AB2D1C}_is1" = Video to Picture version 5.0
"{3D2E0EFF-7E27-ED90-809A-7E59FB05AE63}" = CCC Help Portuguese
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{481C8C2A-D764-E7B9-8155-316540E71082}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FCA6934-2AE3-4ACA-9931-A6D38A3EDB13}" = BPDSoftware
"{54D05374-2428-7BE0-58CD-CE8031163DE6}" = CCC Help Russian
"{565B9F3F-3617-6859-B821-6F103537489D}" = CCC Help Danish
"{59F0E916-7B87-4F09-888B-850F3F0700B5}" = Catalyst Control Center - Branding
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C6AFE98-08BF-086A-300D-18F77D284966}" = CCC Help Swedish
"{5C757800-27E8-2AE3-889A-8B959AE689F8}" = CCC Help Japanese
"{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}" = AMD Catalyst Control Center
"{5D3EC645-B957-36A1-068A-FE8450963669}" = CCC Help Spanish
"{61B90A4D-8CC9-2FED-2495-AC8C9467C984}" = CCC Help Norwegian
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{6EB5B377-BD22-2E2E-772F-4A993EAC38FD}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714549D0-C470-4757-B10C-FB932F3C98D0}}_is1" = Aneesoft Flash Gallery Classic
"{76BAD284-3559-25EE-AB8C-FBAA8042B24B}" = CCC Help English
"{777C7020-402D-4F73-D4C8-B375AFB5CFF7}" = CCC Help Polish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR
"{7C5B13DA-6A68-86C7-ED29-610CA0F49555}" = CCC Help French
"{7E090AA3-1AA3-749F-4C2F-16CDB816651F}" = CCC Help Turkish
"{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy
"{8162B13E-896E-40DF-EB30-5252BF25CC03}" = CCC Help Norwegian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8689A64A-60C9-B821-EF82-89C8D3A12B91}" = VUDU To Go
"{89CE7F9B-B4DF-8585-638B-6BD807ADE9C7}" = HydraVision
"{8A17260E-6572-1DE2-6E73-C297A31093C1}" = CCC Help Chinese Standard
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8E0AFE95-5099-1CB1-A3D1-1BFB2546F1F1}" = CCC Help Thai
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}" = CyberLink MediaShow 6
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3806AB7-AB46-7672-A825-F9AE0DE6910A}" = CCC Help Finnish
"{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
"{A83F6EE0-A42E-66D8-88B6-90A475602565}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup 2.6
"{B079957C-3276-4B9F-DB08-D1CA8C090D9E}" = CCC Help Greek
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B12BE177-DC00-5746-3AB9-91CD090AF555}" = Catalyst Control Center Localization All
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF5509A0-250A-25EA-0C19-61505E9EBA13}" = CCC Help Chinese Standard
"{C086E8FA-7445-4E07-1310-4616EC120EE7}" = CCC Help Dutch
"{C2F88EE6-D343-F986-E8F1-F012B294CEA7}" = CCC Help Korean
"{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}" = CCC Help Thai
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}" = CCC Help German
"{C92AB6F1-9C93-0F51-ED50-15ABBCBDD142}_is1" = Ashampoo Snap 7 v.7.0.10
"{CCE2DCFE-4A89-4BC0-B3EF-6A3F8E30A2D6}" = CyberLink OEM Share Pack 2
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CF0228E9-A5A7-4703-A0A5-F5E3532937B4}" = ProductContext
"{D8735515-0DB5-DCBD-C303-37D32DE4363F}" = CCC Help Japanese
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5
"{E4F406B9-319B-2C33-54CE-84A46DA47BFB}" = CCC Help French
"{EB766D4A-C56C-946D-F74D-43C78FE4521E}" = CCC Help Korean
"{EC0FD3E2-A241-4D37-BF16-7815EC1E7A29}_is1" = Video Rotator V1.0.9
"{EC58A9C9-22D8-FA14-785E-37B8C290AA8D}" = CCC Help Spanish
"{ED0D7699-1943-0C29-7465-6530F8DE2DA2}" = CCC Help Polish
"{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}" = CCC Help Czech
"{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}" = CCC Help Danish
"{F132000C-1CBA-458F-BF2F-FD43D59410F9}" = LightScribe System Software
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC125E14-4162-49BE-8BE9-AA4E2D6A9BE9}" = 8500A909a
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}" = CCC Help Portuguese
"{FDF2FE33-426D-45C2-4E70-76C162F1B790}" = CCC Help English
"123CopyDVDPlatinum 2012" = 123CopyDVDPlatinum
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Advanced Renamer_is1" = Advanced Renamer
"Audacity_is1" = Audacity 2.0.6
"AviSynth" = AviSynth 2.5
"BackRex Outlook Backup Demo" = BackRex Outlook Backup Demo
"com.vudu.air.Downloader" = VUDU To Go
"Cook'n" = Cook'n
"Cool Record Edit Pro_is1" = Cool Record Edit Pro v8.8.3
"EaseUS Partition Master Trial Edition_is1" = EaseUS Partition Master 10.1 Trial Edition
"Glary Utilities 5" = Glary Utilities PRO 5.14
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"LeaderTask_is1" = LeaderTask 9.0
"MagniDriver" = marvell 91xx driver
"MakeMKV" = MakeMKV v1.9.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 34.0 (x86 en-US)" = Mozilla Firefox 34.0 (x86 en-US)
"Mozilla Thunderbird 31.3.0 (x86 en-US)" = Mozilla Thunderbird 31.3.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlue Art Effects for PDR10" = Art Effects for PDR10
"Office14.SingleImage" = Microsoft Office Professional 2010
"Revo Uninstaller" = Revo Uninstaller 1.95
"TeamViewer" = TeamViewer 10
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player
"Wise Care 365_is1" = Wise Care 365 3.34
"WUCCCApp" = Catalyst Control Center
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Flux" = f.lux
========== Last 20 Event Log Errors ==========
[ Symantec Endpoint Protection Client Events ]
Error - 9/5/14 11:48:24 AM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Suspicious.MH690 in File: D:\IMPORTANT BACKUPS\ANGLER\Retrospect
Copies\Backup of Local Disk ©\Program Files\support.com\client\bin\ResetTMID.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 9/19/14 3:07:38 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Suspicious.MH690 in File: E:\ANGLER\Retrospect
Copies\Backup of Local Disk ©\Program Files\support.com\client\bin\ResetTMID.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 11/10/14 11:41:22 AM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: d:\important backups\snoopyii
install0n 1172012\software\winzip170.exe by: Manual scan. Action: Quarantine succeeded.
Action Description: The file was quarantined successfully.
Error - 11/10/14 8:33:02 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: j:\users\ornery\downloads\malware
toolkit\combofix.exe by: Manual scan. Action: Quarantine succeeded. Action Description:
The file was quarantined successfully.
Error - 11/14/14 6:13:14 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: S:\BERTA\Berta\Downloads\libreoffice_d154772.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.
Error - 11/14/14 6:13:40 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!RegCleanPro in File: S:\BERTA\Berta\Downloads\rcpafterdownloadcm_ad_13375_cm4.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
Error - 11/14/14 6:41:32 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Trojan.ADH.2 in File: F:\BERTA\DOWNLOADS\libreoffice_d154772.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.
Error - 11/14/14 6:41:55 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!RegCleanPro in File: F:\BERTA\DOWNLOADS\rcpsetup_r.exe
by: Auto-Protect scan. Action: Quarantine failed : Access denied. Action Description:
The file was left unchanged.
Error - 11/24/14 10:13:15 PM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!WS.Reputation.1 in File: c:\users\ornery\downloads\chrome_updater.exe
by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
file was quarantined successfully.
Error - 12/7/14 3:31:43 AM | Computer Name = SNOOPYII | Source = Symantec Endpoint Protection Client | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: H:\MALWARE TOOLKIT\ComboFix.exe
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.
[ System Events ]
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
Error - 12/19/14 5:02:09 AM | Computer Name = SNOOPYII | Source = DCOM | ID = 10005
Description =
< End of report >
Thanking you in advance for the effort and time it takes to review and assist in removing malware infections. Your help in identifying and removing this searchscope nuisance is sincerely appreciated!