Hello,
It has been a very long time since I used this website for assistance but do recall when I did you guys were very helpful! I want to thank you for that. I had to give up my computer to my girlfriend due to her is running very poorly. So I am trying to use it and can hardly work with it. It responds slow sometimes. It seems to work semi ok right after restarts however as time goes on it acts up. The mouse gets very choppy and sometimes unresponsive. I know she has run a bunch of programs to remove a lot of junk like Crap Cleaner and "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe". I am not sure what else has been run. I do know there has been a bunch of item quarantined. Also on this computer she has used bit torrent sites for years and seem to be ok with using them (until lately). I have run the scan that you have requested and here it is. Again thank you for you help in the past and hope you can help me with this! There was also Extras so I posted that below the OTL.
OTL logfile created on: 12/17/2014 12:13:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kristen White\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 46.24% Memory free
7.95 Gb Paging File | 5.45 Gb Available in Paging File | 68.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.38 Gb Total Space | 107.19 Gb Free Space | 37.43% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: KRISTEN | User Name: Kristen White | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/12/17 00:12:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kristen White\Downloads\OTL.exe
PRC - [2014/12/15 17:09:58 | 001,381,208 | ---- | M] (BitTorrent Inc.) -- C:\Users\Kristen White\AppData\Roaming\BitTorrent\BitTorrent.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/13 12:31:40 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/09 21:04:06 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/03/14 06:05:10 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\postgres.exe
PRC - [2011/03/14 06:05:10 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\pg_ctl.exe
PRC - [2011/03/14 06:04:38 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\jre\bin\java.exe
PRC - [2011/03/14 06:04:34 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\syncthru5.exe
PRC - [2010/12/02 04:30:36 | 000,626,688 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/04/16 20:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/30 18:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/03/17 18:36:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/10 20:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/06 19:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
========== Modules (No Company Name) ==========
MOD - [2014/10/09 21:04:02 | 008,910,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
MOD - [2014/10/09 21:03:53 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
MOD - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/12/02 04:30:36 | 000,626,688 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
========== Services (SafeList) ==========
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/01 09:30:06 | 000,508,464 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV:64bit: - [2012/04/30 18:56:52 | 000,334,720 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
SRV:64bit: - [2011/10/24 17:17:36 | 001,431,824 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/10/24 16:57:38 | 000,840,976 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/04/14 19:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/04/09 18:03:58 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/03/17 13:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 20:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 16:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/08/22 12:26:52 | 000,535,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2008/03/18 14:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/13 21:42:31 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/23 19:31:59 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/01 09:30:06 | 000,508,464 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/03/14 06:05:10 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\postgresql\engine\bin\pg_ctl.exe -- (SyncThru Admin 5 Database)
SRV - [2011/03/14 06:04:34 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Admin 5\syncthru5.exe -- (SyncThru Admin 5)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/01/28 14:34:52 | 000,032,336 | ---- | M] (Sanford, L.P.) [Auto | Running] -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/01/24 18:52:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/16 20:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/03/30 18:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 19:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/12/16 23:48:28 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/21 06:14:18 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/10/31 14:45:16 | 008,399,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys -- (NETwNv64)
DRV:64bit: - [2010/06/23 08:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/04/29 12:40:54 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/10/27 00:58:53 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009/10/24 00:52:12 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp)
DRV:64bit: - [2009/10/22 20:44:20 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/08/19 16:49:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/03/25 19:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/03/23 15:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/03/18 13:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009/03/18 12:20:08 | 000,265,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/03/03 14:14:24 | 008,040,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/02/12 17:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/01/27 21:12:14 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/01/14 15:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/12/30 18:52:32 | 000,254,464 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2008/11/17 09:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/09/22 08:49:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/03/21 14:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 21:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 16:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 12:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV - [2009/10/22 22:28:12 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E9AA86C9-F4E7-4D81-BA92-AF201D81EDDA}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;192.168.*.*
========== FireFox ==========
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.4
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.12
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.6
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kristen White\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kristen White\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kristen White\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Kristen White\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/12/14 21:29:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/24 20:05:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/24 20:05:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/12/14 21:29:35 | 000,000,000 | ---D | M]
[2009/06/27 21:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Extensions
[2014/12/12 21:15:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions
[2012/10/14 16:29:49 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/07/01 12:29:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/13 21:31:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2014/12/12 19:36:07 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2014/11/26 16:46:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/14 21:02:57 | 000,000,000 | ---D | M] (FireTorrent) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\
[email protected]
[2012/02/13 21:36:51 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\
[email protected]
[2011/05/17 21:48:17 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Users\Kristen White\AppData\Roaming\mozilla\Firefox\Profiles\vzb6qhcv.default\extensions\
[email protected]
[2013/02/21 22:37:40 | 000,119,925 | ---- | M] () (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\extensions\
[email protected]
[2014/12/12 19:36:04 | 000,730,412 | ---- | M] () (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
[2014/11/26 16:46:20 | 000,392,877 | ---- | M] () (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2014/11/26 16:46:20 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/26 09:30:48 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011/12/03 16:35:52 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011/01/02 11:15:30 | 000,001,919 | ---- | M] () -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\searchplugins\bing-zugo.xml
[2010/02/19 10:45:10 | 000,009,977 | ---- | M] () -- C:\Users\Kristen White\AppData\Roaming\mozilla\firefox\profiles\vzb6qhcv.default\searchplugins\mywebsearch.xml
[2014/03/24 20:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/26 16:41:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/06/06 12:25:45 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/06/06 12:25:45 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\internal-nacl-plugin
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
CHR - plugin: DYMO Label Framework (Enabled) = C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Kristen White\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kristen White\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kristen White\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Kristen White\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.35_0\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\Kristen White\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit0.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBit0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (FileOpen Systems Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Users\Kristen White\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_5DFC549E6620A000F91C82F3D4A8D03C] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: &Search - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8:64bit: - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8:64bit: - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cmf.org ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cmf.org ([remote] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CDA61DC-6312-447C-BCBC-6270408EB988}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CDA61DC-6312-447C-BCBC-6270408EB988}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F438E491-54FC-49BC-B94C-01F288683755}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F438E491-54FC-49BC-B94C-01F288683755}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Kristen White\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kristen White\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34fee7bb-d0b3-11e2-af0f-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{34fee7bb-d0b3-11e2-af0f-001e33ca2ded}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{4bab3c51-34ef-11e0-ac4a-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{4bab3c51-34ef-11e0-ac4a-001e33ca2ded}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{4bab3e3a-34ef-11e0-ac4a-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{4bab3e3a-34ef-11e0-ac4a-001e33ca2ded}\Shell\AutoRun\command - "" = E:\DTSP_Launcher.exe
O33 - MountPoints2\{6c1dd31f-7250-11e2-aca5-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{6c1dd31f-7250-11e2-aca5-001e33ca2ded}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{7132c698-2aca-11e3-9bd7-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{7132c698-2aca-11e3-9bd7-001e33ca2ded}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{83f46eb0-0996-11e4-aa76-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{83f46eb0-0996-11e4-aa76-001e33ca2ded}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{c518dfd9-679f-11e4-95be-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{c518dfd9-679f-11e4-95be-001e33ca2ded}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{e3598b32-168b-11e0-9922-001e33ca2ded}\Shell - "" = AutoRun
O33 - MountPoints2\{e3598b32-168b-11e0-9922-001e33ca2ded}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/12/12 19:39:12 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/12 19:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/12 19:35:47 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/12 19:35:47 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/12 19:35:47 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/12/12 19:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/12/12 19:33:15 | 020,447,072 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kristen White\Desktop\mbam-setup-2.0.4.1028.exe
[2014/12/12 19:30:49 | 020,447,072 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kristen White\Desktop\mbam-setup-2.0.4.1028.exe.part
[2014/11/26 15:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/26 15:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2012/09/05 05:30:04 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[2009/10/22 20:44:20 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Kristen White\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/12/16 23:48:28 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/16 23:42:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/16 23:42:42 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/16 23:42:42 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/16 23:42:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/16 23:40:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/16 23:23:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000UA.job
[2014/12/16 21:23:04 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-232412378-3118420049-1387226345-1000Core.job
[2014/12/16 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job
[2014/12/13 18:53:17 | 000,151,250 | ---- | M] () -- C:\Users\Kristen White\Desktop\xmass2014.jpg
[2014/12/12 19:35:58 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/12 19:33:41 | 020,447,072 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kristen White\Desktop\mbam-setup-2.0.4.1028.exe
[2014/12/12 19:30:53 | 020,447,072 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kristen White\Desktop\mbam-setup-2.0.4.1028.exe.part
[2014/11/26 16:41:55 | 000,000,883 | ---- | M] () -- C:\Users\Kristen White\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/11/26 16:41:51 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/11/22 14:50:49 | 000,759,582 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/22 14:50:49 | 000,642,990 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/22 14:50:49 | 000,120,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/21 06:14:18 | 000,064,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/12/13 18:53:12 | 000,151,250 | ---- | C] () -- C:\Users\Kristen White\Desktop\xmass2014.jpg
[2014/12/12 19:35:58 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/26 16:41:51 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/15 06:45:16 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2014/01/26 12:15:53 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/12/14 21:18:22 | 000,208,277 | ---- | C] () -- C:\Windows\hpoins40.dat
[2013/12/14 21:18:22 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat
[2013/09/09 21:35:04 | 000,000,081 | ---- | C] () -- C:\Users\Kristen White\CTX.DAT
[2013/09/06 10:51:29 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2013/07/01 09:13:08 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\ssdevm.dll
[2011/10/06 16:14:29 | 000,002,560 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\wklnhst.dat
[2011/06/09 16:20:34 | 000,012,498 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\SmarThruOptions.xml
[2011/04/18 20:05:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\Spooler opens temp file
[2011/03/19 15:24:32 | 000,004,096 | -H-- | C] () -- C:\Users\Kristen White\AppData\Local\keyfile3.drm
[2011/01/18 23:26:35 | 000,005,652 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\91E0.3B7
[2011/01/12 23:06:09 | 000,000,002 | -HS- | C] () -- C:\Users\Kristen White\AppData\Roaming\.zreglib
[2011/01/12 23:04:33 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/02 11:22:00 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/12/24 16:20:37 | 001,063,763 | ---- | C] () -- C:\Users\Kristen White\Hunter and Santa 2010.jpg
[2010/07/22 20:47:11 | 000,024,226 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\UserTile.png
[2010/06/09 20:04:01 | 000,012,978 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\Tab Separated Values (Windows).CAL
[2010/06/09 19:40:06 | 000,012,980 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/02/13 23:13:00 | 000,000,036 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\lZJoYI4Nl0eqQ3j+wCKUIry3uRhdqX5UaAaHS9bsjLeHjA==.trl
[2010/01/14 23:48:38 | 000,054,093 | ---- | C] () -- C:\Program Files (x86)\EULA.eng
[2009/11/04 17:19:56 | 000,000,732 | ---- | C] () -- C:\Users\Kristen White\AppData\Local\d3d9caps64.dat
[2009/10/22 20:44:20 | 000,099,384 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\inst.exe
[2009/10/22 20:44:20 | 000,007,859 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\pcouffin.cat
[2009/10/22 20:44:20 | 000,001,167 | ---- | C] () -- C:\Users\Kristen White\AppData\Roaming\pcouffin.inf
[2009/10/04 07:18:18 | 000,156,672 | ---- | C] () -- C:\Users\Kristen White\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/10 21:30:25 | 000,006,080 | ---- | C] () -- C:\Users\Kristen White\AppData\Local\d3d9caps.dat
[2009/06/27 21:12:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/04/11 02:11:24 | 012,897,792 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/04/11 01:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2010/03/21 17:03:22 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Audio Recorder Titanium
[2011/01/12 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\AviDvdBurner
[2014/12/17 00:25:04 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\BitTorrent
[2011/06/06 12:25:45 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Catalina Marketing Corp
[2014/01/21 12:37:26 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/03/15 16:19:05 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\com.vespertinesoft.PatternFile
[2010/05/13 15:33:34 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Downloaded Installations
[2013/01/05 19:59:30 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Dropbox
[2010/05/10 19:56:05 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\FileOpen
[2011/05/20 17:09:31 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\GetRightToGo
[2009/11/22 14:25:00 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Leadertech
[2011/12/30 23:51:22 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Leawo
[2012/10/16 08:23:26 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Motorola
[2011/04/18 22:59:15 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Nugent7e
[2013/07/16 19:07:36 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Oracle
[2010/02/09 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\pdf995
[2010/07/22 20:47:11 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\PeerNetworking
[2010/02/21 19:53:27 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\PowerCinema
[2010/02/21 18:00:08 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\SharePod
[2010/10/10 21:57:19 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\SmartDVDCreatorPro
[2013/04/24 22:56:42 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\SystemRequirementsLab
[2013/05/27 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\TaxCut
[2013/04/24 21:21:46 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Template
[2011/12/30 23:53:03 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\tiger-k
[2009/06/26 21:07:21 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\TOSHIBA
[2009/09/18 13:22:10 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Ulead Systems
[2011/01/21 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Vso
[2010/02/28 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\VTExtra
[2012/08/12 10:03:18 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\WinAVI
[2009/06/26 18:04:32 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\WinBatch
[2011/01/08 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\WindSolutions
[2013/01/06 13:55:41 | 000,000,000 | ---D | M] -- C:\Users\Kristen White\AppData\Roaming\Xilisoft
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 7460708 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax00002B300001
@Alternate Data Stream - 7460708 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax0000143C0001
@Alternate Data Stream - 3730356 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax000016CC0001
@Alternate Data Stream - 3730356 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax00000CF00002
@Alternate Data Stream - 3730356 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax000009580001
@Alternate Data Stream - 11191060 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax000015400001
@Alternate Data Stream - 11191060 bytes -> C:\ProgramData\Spooler opens temp file:
SamPCFax00000AFC0002
< End of report >
EXTRAS
OTL Extras logfile created on: 12/17/2014 12:13:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kristen White\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 46.24% Memory free
7.95 Gb Paging File | 5.45 Gb Available in Paging File | 68.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.38 Gb Total Space | 107.19 Gb Free Space | 37.43% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: KRISTEN | User Name: Kristen White | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 55 52 C9 02 10 7A CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04208BA6-B4AE-42FC-B66E-05981D4566BD}" = lport=427 | protocol=17 | dir=in | name=hp printer |
"{1E32D0B9-D874-4644-97A8-6DD97119143B}" = lport=53338 | protocol=6 | dir=in | name=akamai netsession interface |
"{3175BC5D-303F-4707-998F-23457D5880BF}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{356A448D-0954-49B3-9386-B8CF802F5E38}" = rport=138 | protocol=17 | dir=out | app=system |
"{3629B105-41CA-454C-A970-E02999CA4157}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{38652EBD-5C58-4912-82F5-C0D39F714EF0}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{386FE4B7-2435-4524-9DE3-8AB198081F1F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3E834E6C-0F76-4AB1-BEE9-9D46BA3D53F5}" = rport=137 | protocol=17 | dir=out | app=system |
"{400812F5-568C-4734-B307-728945CE880F}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{4ACC2533-A61F-4BD2-AC59-05BAD15EA8B1}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{4BCB0644-0497-4A0D-A628-16F13517810C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4D37FBAD-3B54-499D-A4E1-0F80D966BFB4}" = rport=445 | protocol=6 | dir=out | app=system |
"{4ED6A17A-4B48-43B3-81D3-8775FF2D9F6E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{4F20AD64-AE89-427F-9EAB-6CB17FC2A168}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{52A03311-236F-4B85-AA8A-3383C535378D}" = lport=445 | protocol=6 | dir=in | app=system |
"{568AEC8B-C898-4305-B45D-C6A3E849A59D}" = lport=1701 | protocol=17 | dir=in | app=system |
"{5C5396ED-4AF7-4FFC-A027-A7C89768E92A}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{632B0D58-3CDA-4B52-BF3F-8008AB339CA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{633E17BB-DE40-4791-BC9B-3F34C8EB7EE2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{674E7711-8CCC-4BF8-8E98-0A93569FA834}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{6A1D39FE-9BA2-4ABB-8CF1-F9A42AFCB15B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6B7221A7-E47E-40C3-803B-FAA1342B3124}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{722198FF-A01D-45C0-B8A8-35B9A8F0ACF7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{7734370E-4C2E-45A5-9548-3EC2C8EB403E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{7A6A8A40-1F28-426A-8943-9B159689A738}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7AA11027-3630-4388-A0EC-7EC9D781D9AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D170649-02FF-45AA-9138-F2ECC78B98FA}" = rport=1701 | protocol=17 | dir=out | app=system |
"{85A7547A-872D-4514-8029-78575FCDFD00}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{868918DB-8A7C-4937-86BD-D5FB132FA3E2}" = lport=49332 | protocol=6 | dir=in | name=akamai netsession interface |
"{8838E033-908E-4D4D-A389-0EEF62619E96}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{88BF281A-C4DA-4C91-80DE-8B89111E911B}" = rport=139 | protocol=6 | dir=out | app=system |
"{8C3B76CE-4714-4878-805F-8D92A68558CA}" = lport=1723 | protocol=6 | dir=in | app=system |
"{8EB9D07E-E236-40DE-857A-5A4F53245F2B}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{91A3B1E5-B330-459E-85A7-D0AE579575DE}" = rport=1723 | protocol=6 | dir=out | app=system |
"{971C0E0D-AB56-4B9E-9A68-D60AA73B4744}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{9D36679F-BA96-4AD4-86A9-529144FC4DAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A10E0269-2C27-41FD-BDE0-5E47FB9DC84C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B22250F1-4BA9-4C95-91FC-876D0BDDB61A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{B8463E2C-211B-4B29-9470-04100B5117D3}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB156C81-4B5A-47BB-AD14-1EB6338B1B8F}" = lport=445 | protocol=6 | dir=in | app=system |
"{BBCE9493-488E-4C9C-ADD5-9310944C85BA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{BF2287F0-AF0C-46EF-B431-0B924216EF37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C142071C-7637-463C-8ABB-D6D165DC4F04}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{D5E9E037-ADB0-4108-817A-ADCC76E2D44D}" = lport=138 | protocol=17 | dir=in | app=system |
"{DB2888DD-8F39-449D-8ABA-426A28B54529}" = lport=139 | protocol=6 | dir=in | app=system |
"{E6416DFA-D099-48D2-9397-7474A0C6541B}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{EA56118B-09DD-47CE-91DC-272171E9D4DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{ECC7C4F7-D471-4B9B-892D-30979D61E4A3}" = lport=5985 | protocol=6 | dir=in | app=system |
"{EDC42144-3438-42DA-A6B1-B533CBC7DC97}" = lport=137 | protocol=17 | dir=in | app=system |
"{EE6A1F35-17F2-4199-B432-E32928425CFA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{F2812F56-C4F6-450D-9287-88E4F791E126}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{F60E529F-BEF2-443B-B890-510A65919AFB}" = lport=445 | protocol=6 | dir=in | app=system |
"{F84CE5B0-63EB-4A0B-B88B-89E85988C4CD}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{FA9AFB0B-98DE-46F1-B9A8-8D93E2DF0D56}" = lport=80 | protocol=6 | dir=in | name=windows remote management - compatibility mode (http-in) |
"{FDAC5901-1DA6-4213-A788-7D4ADAF96CAC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E37A94-AFD0-420C-BF93-FD3601E2A294}" = protocol=58 | dir=out |
[email protected],-28546 |
"{02293F46-0405-4525-A84D-C5FDB9DF84AB}" = dir=in | app=c:\program files (x86)\samsung network printer utilities\syncthru admin 5\jre\bin\java.exe |
"{03C5C30C-0571-423F-BDD3-FF75108385A9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{065A9766-E797-4209-94D7-E98FFBBAA9EA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0731B3A7-44EF-4F33-B6A5-647F82C3C1B8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{0AF5CE5A-C28E-47BB-B8A0-3F271580C252}" = protocol=6 | dir=in | app=c:\users\kristen white\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1337544A-6A01-4E8F-89A5-CFA29DF788D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{1400A0F0-F57A-4572-9B71-BDDBB56F1006}" = protocol=6 | dir=in | app=c:\program files\toshiba\utilities\tacsprop.exe |
"{19084B58-88AF-405B-A482-5AE48C2E3234}" = protocol=17 | dir=in | app=c:\program files\toshiba\utilities\tacsprop.exe |
"{1A02D5DC-6EB3-4E15-82E2-3B52D2FCB6A1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{1D1254D5-9C93-463D-AEB7-52F73D3CB1DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{2A24BFE4-D82F-4FF5-9E99-A3767AC1AFBD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2CB3611A-1E01-410A-B090-FC2D38E20D8A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2E830948-2BC9-4BE0-ACD6-247E5857D8F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3701C7DB-AEA0-491B-A8D4-8395267327B6}" = dir=in | app=c:\users\kristen white\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{3736759E-88AE-47AE-9E9F-DB7433AE6B75}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx4623w\sscan2io.exe |
"{374366E0-42DE-4502-9F3C-60EA93F6D784}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{37B7BC0D-FC49-4630-A366-986E5128877E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3D005340-9C8B-4356-9448-58017BE56EC8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{43A7B96A-096C-445C-8C4A-2959C56DE321}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{455FAD3C-DEB4-47A2-ADC6-787EB4541969}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx4623w\sscan2io.exe |
"{47E369D2-D968-497C-991A-33643EB82755}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{49671804-19D6-40E3-8970-EFBBCE143DFD}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{49ABBEAF-1E65-434F-B390-98658A10A67D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{4A84477D-3A97-4AFB-AD6D-B9CE1BC229AD}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx4623w\scan2pc.exe |
"{5754E289-73E3-4CE7-BD13-34B7967D5753}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{60630A19-BBA7-46A1-B9F7-FB3A51B010F4}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{632861E2-7BC6-4B66-9524-3AF041265DD5}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx4623w\scan2pc.exe |
"{66BE8052-5036-44EC-ACBD-B87617B4A1B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{69F03470-36E6-42CA-89B3-CCBE3C47771C}" = protocol=17 | dir=in | app=c:\users\kristen white\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{73C7BFDE-D998-422B-938B-4060530DC3FB}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{7F60903C-4DBF-49DC-A5F2-E4399C58A36B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{8490BA8A-5BB2-4CFD-B02A-011A5B1134E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8557A27E-171E-4CEF-B85A-555F3715B553}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8FED605D-D91B-45D5-AA38-B7CD494E4015}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{93074673-EF6E-4FC8-AB03-47523ED15F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{990B2156-8B9D-4492-9E61-DD03E6B2E7D6}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{A01357B0-79A4-4C58-9798-9A038C798235}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{A05A474D-FD17-4EF4-8887-FFC76F6B465E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A185C8DE-CD36-42EA-B0A4-B1BB9D0F5290}" = protocol=1 | dir=in |
[email protected],-28543 |
"{A419AACB-3AEE-4164-9404-40B3D6610032}" = dir=in | app=d:\setup\hpznui40.exe |
"{A5DF3681-CF91-4D2B-A03B-0D8672FFA1C6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{AD4DF4E5-BE1B-4112-87D2-793FC3610690}" = protocol=17 | dir=in | app=c:\users\kristen white\appdata\roaming\bittorrent\bittorrent.exe |
"{B91F6345-358F-4F0E-A165-4C9CD46BCBB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{C0665B97-2DC3-4F4C-83E9-657919C7A35A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C6416FAC-DF71-4A29-A0F8-EC7AE5389FE3}" = protocol=1 | dir=out |
[email protected],-28544 |
"{C7B4B8BC-9FA7-49E0-8930-9ABEAF0D3673}" = protocol=6 | dir=in | app=c:\users\kristen white\appdata\roaming\bittorrent\bittorrent.exe |
"{D6C94E38-455C-4FAD-9726-279F3782C652}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{DCFABA6B-A01A-4442-B5F9-F4283DFB1317}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{E78EC6CE-A466-4C0D-817A-3B95B04D1063}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{F1E92206-AEED-4827-8411-F997E371AA4E}" = protocol=58 | dir=in |
[email protected],-28545 |
"{F6978C44-A93D-4015-B5F1-1D333BD86CF7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{FB5D9481-7079-4463-971F-38E0C8358C99}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FBEF20D1-E0B8-450D-9240-1438A094E0BF}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"TCP Query User{0ABFD8C0-ECBD-4D91-A92F-15A85549174D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{3F15B9DD-8DF1-4F60-9BC2-106550D1FA56}C:\program files\verizon cloud\verizon.exe" = protocol=6 | dir=in | app=c:\program files\verizon cloud\verizon.exe |
"TCP Query User{5CE86F5F-7A63-4C6E-9BD4-3266CAF65DBF}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{9EB4FE0F-D42E-41A8-A318-5A9863867CDA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{A29427EA-9C48-46ED-BA20-E720569D5365}C:\program files\verizon cloud\verizon cloud service.exe" = protocol=6 | dir=in | app=c:\program files\verizon cloud\verizon cloud service.exe |
"TCP Query User{E77D1123-800E-4506-841F-34F2936C4487}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{F41A99BC-5899-4180-A4CA-F1D71AF25AAD}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"UDP Query User{712727F8-0526-4E2C-8639-D642FBA51DE8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{7B86DCAE-F843-40EC-9132-ECE41CCC649E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{8A2A299D-1408-491C-8A3A-6FC74957F48A}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"UDP Query User{8BF88F2A-217A-4E1E-AAB3-A07B64D36C4D}C:\program files\verizon cloud\verizon cloud service.exe" = protocol=17 | dir=in | app=c:\program files\verizon cloud\verizon cloud service.exe |
"UDP Query User{E2A955EF-44F7-4F26-8E2F-3D98CAB3CDFE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{E98CBC45-1330-4EB6-90D2-D71BEA041EFC}C:\program files\verizon cloud\verizon.exe" = protocol=17 | dir=in | app=c:\program files\verizon cloud\verizon.exe |
"UDP Query User{FE2262C7-006C-440E-B9FE-66C706DD4CA2}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{B239E0BC-D88A-47B1-935B-9707C7EB9CC9}" = FileOpen Client (x64)
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8005A7B-9638-41DD-B83B-AF277754E211}" = Intel® PROSet/Wireless WiFi Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}" = iCloud
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" = ScorpionSaver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E617721F-B66C-4D5A-AA2A-B2D60820CDC3}" = B209a-m
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2F7EAE2-43B8-B331-73C2-7768F727BB11}" = PatternFile
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.vespertinesoft.PatternFile" = PatternFile
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Google Chrome" = Google Chrome
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 33.1.1 (x86 en-US)" = Mozilla Firefox 33.1.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"Samsung SCX-4623FW Series" = Maintenance Samsung SCX-4623FW Series
"Verizon Cloud" = Verizon Cloud
"VLC media player" = VLC media player 2.1.2
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"CopyTrans Suite" = CopyTrans Suite Remove Only
"MusicManager" = Music Manager
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/16/2014 8:19:08 PM | Computer Name = Kristen | Source = PostgreSQL | ID = 0
Description =
Error - 12/16/2014 8:19:08 PM | Computer Name = Kristen | Source = PostgreSQL | ID = 0
Description =
Error - 12/16/2014 8:19:09 PM | Computer Name = Kristen | Source = PostgreSQL | ID = 0
Description =
Error - 12/16/2014 8:19:09 PM | Computer Name = Kristen | Source = PostgreSQL | ID = 0
Description =
Error - 12/16/2014 8:19:09 PM | Computer Name = Kristen | Source = PostgreSQL | ID = 0
Description =
Error - 12/16/2014 8:19:09 PM | Computer Name = Kristen | Source = PostgreSQL | ID = 0
Description =
Error - 12/16/2014 8:24:10 PM | Computer Name = Kristen | Source = WinMgmt | ID = 10
Description =
Error - 12/16/2014 8:31:07 PM | Computer Name = Kristen | Source = MsiInstaller | ID = 11921
Description =
Error - 12/17/2014 12:44:15 AM | Computer Name = Kristen | Source = WinMgmt | ID = 10
Description =
Error - 12/17/2014 12:52:32 AM | Computer Name = Kristen | Source = MsiInstaller | ID = 11921
Description =
[ Media Center Events ]
Error - 12/21/2011 5:04:21 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (4676.1128)
Error - 12/21/2011 5:04:21 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (4676.1129)
Error - 12/21/2011 5:04:27 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (4676.1128)
Error - 12/21/2011 5:04:27 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (4676.1129)
Error - 12/21/2011 6:04:32 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (8372.1128)
Error - 12/21/2011 6:04:32 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (8372.1129)
Error - 12/21/2011 6:04:37 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (8372.1128)
Error - 12/21/2011 6:04:37 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (8372.1129)
Error - 12/24/2011 10:50:25 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (7932.1128)
Error - 12/24/2011 10:50:25 AM | Computer Name = Kristen | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (7932.1129)
[ OSession Events ]
Error - 12/19/2012 5:45:58 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 179
seconds with 120 seconds of active time. This session ended with a crash.
Error - 12/19/2012 6:13:43 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1252
seconds with 180 seconds of active time. This session ended with a crash.
Error - 12/19/2012 6:59:49 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2757
seconds with 60 seconds of active time. This session ended with a crash.
Error - 3/15/2013 4:18:05 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4229
seconds with 1500 seconds of active time. This session ended with a crash.
Error - 4/2/2013 11:48:24 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5482
seconds with 3540 seconds of active time. This session ended with a crash.
Error - 6/29/2013 1:16:49 AM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 62
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10/24/2013 10:01:29 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 263
seconds with 180 seconds of active time. This session ended with a crash.
Error - 2/11/2014 9:45:45 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8342
seconds with 420 seconds of active time. This session ended with a crash.
Error - 2/16/2014 4:38:46 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 999
seconds with 240 seconds of active time. This session ended with a crash.
Error - 2/24/2014 9:19:09 PM | Computer Name = Kristen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 407
seconds with 300 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 10/16/2009 7:13:44 PM | Computer Name = Kristen-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 10/16/2009 7:13:44 PM | Computer Name = Kristen-Laptop | Source = Service Control Manager | ID = 7009
Description =
Error - 10/16/2009 7:13:44 PM | Computer Name = Kristen-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 10/16/2009 7:22:12 PM | Computer Name = Kristen-Laptop | Source = HTTP | ID = 15016
Description =
Error - 10/17/2009 12:24:29 AM | Computer Name = Kristen-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:04:39 AM on 10/17/2009 was unexpected.
Error - 10/17/2009 12:24:31 AM | Computer Name = Kristen-Laptop | Source = HTTP | ID = 15016
Description =
Error - 10/19/2009 3:17:27 AM | Computer Name = Kristen-Laptop | Source = HTTP | ID = 15016
Description =
Error - 10/19/2009 4:46:06 PM | Computer Name = Kristen-Laptop | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.80 for the Network Card with network
address 0022FAE755C8 has been denied by the DHCP server 172.21.0.1 (The DHCP Server
sent a DHCPNACK message).
Error - 10/19/2009 10:26:47 PM | Computer Name = Kristen-Laptop | Source = Dhcp | ID = 1002
Description = The IP address lease 172.21.235.221 for the Network Card with network
address 0022FAE755C8 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).
Error - 10/21/2009 7:08:51 PM | Computer Name = Kristen-Laptop | Source = HTTP | ID = 15016
Description =
< End of report >