Removing bizcoaching pop-up

Status
Not open for further replies.
Good, more garbage removed, I will be back on line in a few hours so take your time. So far nothing really malicious that I could see, just a bunch of garbage

Lived in Winter Park Florida for many years :)
 
Correct OTL file with your boxes checked...

OTL logfile created on: 7/27/2013 11:44:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hebert\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.94 Gb Total Physical Memory | 4.23 Gb Available Physical Memory | 53.23% Memory free
9.13 Gb Paging File | 5.18 Gb Available in Paging File | 56.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 909.55 Gb Total Space | 803.62 Gb Free Space | 88.35% Space Free | Partition Type: NTFS
Drive D: | 20.49 Gb Total Space | 2.53 Gb Free Space | 12.37% Space Free | Partition Type: NTFS
Drive K: | 149.04 Gb Total Space | 102.86 Gb Free Space | 69.02% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Hebert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hebert\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
PRC - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
PRC - c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\baf7ee27e655e5fac217c4d2957a17eb\System.ServiceModel.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\69a399f4391ac030822eec29359156b1\System.IdentityModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7c997aecab8a83df524e081283d66bc6\System.ServiceModel.Internals.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\de1d908e04221344949ab6da55aa4aba\SMDiagnostics.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a78b71db2984a6ec1cf110e4118603f3\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\ea416bc5d73e3b06a0f428c74a32337d\System.Xml.Linq.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\05b44a1e63e3783b11917d612cf75d5f\System.Xaml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\cae4b27345e2bab9e11b8c9c8ca3fe83\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\b6fd410545458d0160528c1b03e88776\System.ServiceModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\63c905a4148011c72921a8b986ab8526\System.Runtime.Serialization.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\b870ab514ef224fd59cd5c72554152cf\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\a237f503e206d5c091327b2cdd813629\System.Net.Http.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\6a84c818148c37e1585c0422cae02fb0\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\f7eb12f973b31390974c3858523fd3cb\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5f9957f3dee5c7bc9f1bef69a923cf9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\178b22f2da7c2497aa67a36f4edf0674\PresentationFramework.Aero2.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\df2f0c372aad4d363f071625a9df28e7\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6531f34b3e528a70be121dee8ee129fa\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\2753f437d6e45747bcf7077d338fd8a3\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\9823be5b56f36a3be7905df81b9c3683\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e3a9f3d64adfb3c69b49d37368bf454\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Windows\SysWOW64\BsProfileFunc.dll ()
MOD - C:\Windows\SysWOW64\BsTrace.dll ()
MOD - C:\Windows\SysWOW64\BsExtendFunc.dll ()
MOD - C:\Windows\SysWOW64\SCChangeMonitor.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (ClassicShellService) -- C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (ExpressCache) -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (BlueSoleilCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
SRV - (HPConnectedRemote) -- C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Hewlett-Packard)
SRV - (BsHelpCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (IVT Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (AdobeActiveFileMonitor10.0) -- c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\symnets.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\Drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\Drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (btUrbFilterDrv) -- C:\Windows\SysNative\Drivers\IvtUrbBtFlt.sys (Ralink Corporation)
DRV:64bit: - (rtbth) -- C:\Windows\SysNative\Drivers\rtbth.sys (Ralink Technology, Corp.)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\Drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\Drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\Drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (CompFilter64) -- C:\Windows\SysNative\Drivers\lvbflt64.sys (Logitech Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\Drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (BthL2caScoIfSrv) -- C:\Windows\SysNative\Drivers\BtL2caScoIf.sys (Ralink Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Corel Corporation)
DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\symelam.sys (Symantec Corporation)
DRV:64bit: - (BtAudioBusSrv) -- C:\Windows\SysNative\Drivers\BtAudioBus.sys (IVT Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation)
DRV:64bit: - (CpqDfw) -- C:\Windows\SysNative\Drivers\cpqdfw.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (excsd) -- C:\Windows\SysNative\Drivers\excsd.sys (Diskeeper Corporation)
DRV:64bit: - (excfs) -- C:\Windows\SysNative\Drivers\excfs.sys (Diskeeper Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130726.018\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130726.018\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130726.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F91A159C-90EA-41C8-A5EB-AC4EF23EA7B4}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\..\SearchScopes\{F91A159C-90EA-41C8-A5EB-AC4EF23EA7B4}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/?fr=yfp-t-403
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\..\SearchScopes,DefaultScope = {D66FBE0F-8710-4B7D-96D7-C7F1E296550D}
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\..\SearchScopes\{D66FBE0F-8710-4B7D-96D7-C7F1E296550D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn\ [2013/07/26 23:19:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPlgn\ [2013/01/12 13:41:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files (x86)\LyricsContainer\125.xpi


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pool = C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb\1.0.4_0\
CHR - Extension: LessTabs = C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb\1.7.2.0_0\
CHR - Extension: Google Search = C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
CHR - Extension: Norton Identity Protection = C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Users\Hebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
Second half of report...

O1 HOSTS File: ([2012/07/26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (SelectionLinks) - {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O2 - BHO: (LessTabs) - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (LyricsContainer) - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files (x86)\LyricsContainer\125.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [BtTray] c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001..\Run: [CAHeadless] c:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-2218671483-2505651539-3046418940-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/imgag/cp/install/Crusher.cab (Creative Toolbox Plug-in)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7376FC6E-6DCE-4BB5-A341-CFF13DF9E368}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD2DDF7B-9CC5-4FBA-8AF1-DEC82BACE58C}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/27 11:21:49 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/07/26 22:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/26 22:25:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/07/26 22:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/26 21:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2013/07/26 21:54:40 | 000,000,000 | ---D | C] -- C:\Users\Hebert\AppData\Roaming\Yahoo!
[2013/07/26 21:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/07/26 10:39:11 | 000,000,000 | ---D | C] -- C:\Users\Hebert\Documents\ProcAlyzer Dumps
[2013/07/25 01:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/07/25 01:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/07/25 01:31:38 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2013/07/25 01:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/07/25 01:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solid Savings
[2013/07/24 11:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/07/24 11:28:17 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/07/24 11:28:15 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/07/24 11:28:15 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/07/24 11:28:15 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/23 00:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LessTabs
[2013/07/17 12:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013/07/17 12:06:44 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2013/07/17 12:06:21 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmcore.dll
[2013/07/17 12:06:21 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dwmcore.dll
[2013/07/17 12:06:20 | 006,987,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/07/17 12:06:20 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2013/07/17 12:06:20 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2013/07/17 12:06:20 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samsrv.dll
[2013/07/17 12:06:19 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfcore.dll
[2013/07/17 12:06:18 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfcore.dll
[2013/07/17 12:06:18 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2013/07/17 12:06:18 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2013/07/17 12:06:18 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2013/07/17 12:06:18 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/07/17 12:06:17 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2013/07/17 12:06:17 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfasfsrcsnk.dll
[2013/07/17 12:06:17 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mscms.dll
[2013/07/17 12:06:17 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/07/17 12:06:17 | 000,213,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\UCX01000.SYS
[2013/07/17 12:06:15 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfasfsrcsnk.dll
[2013/07/17 12:06:15 | 000,337,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBXHCI.SYS
[2013/07/17 12:06:15 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DeviceSetupManager.dll
[2013/07/17 12:06:15 | 000,194,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys
[2013/07/17 12:06:15 | 000,125,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys
[2013/07/17 12:06:15 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samlib.dll
[2013/07/17 12:06:15 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MbaeParserTask.exe
[2013/07/17 12:06:14 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsutil.dll
[2013/07/17 12:06:14 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys
[2013/07/15 17:58:34 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tssdisai.dll
[2013/07/11 09:43:28 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/07/11 09:43:27 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/07/11 09:43:27 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/07/11 09:43:15 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/07/11 09:43:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/07/11 09:43:09 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/07/11 09:43:05 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/07/11 09:42:59 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/07/11 09:42:53 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/07/11 09:42:53 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/07/06 17:25:14 | 000,000,000 | ---D | C] -- C:\Users\Hebert\AppData\Roaming\Oracle
[2013/07/05 20:02:13 | 000,043,680 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SymIMV.sys
[2013/07/04 17:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2013/07/04 17:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Weather Channel
[2013/07/04 17:52:05 | 000,000,000 | ---D | C] -- C:\Users\Hebert\AppData\Local\The Weather Channel
[2013/06/29 18:12:53 | 000,000,000 | ---D | C] -- C:\windows\Hewlett-Packard
[2013/06/29 10:03:45 | 000,000,000 | ---D | C] -- C:\Users\Hebert\AppData\Local\bluesoleil
[2013/06/29 10:00:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013/06/29 09:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Bluetooth Stack
[2013/06/29 09:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ralink Corporation

========== Files - Modified Within 30 Days ==========

[2013/07/27 11:14:04 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/27 10:41:57 | 000,000,346 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForHebert.job
[2013/07/27 10:39:52 | 000,000,983 | ---- | M] () -- C:\windows\SysWow64\bscs.ini
[2013/07/27 10:37:16 | 000,003,619 | ---- | M] () -- C:\windows\SysWow64\LOCALSERVICE.INI
[2013/07/27 10:37:02 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/27 10:36:50 | 000,000,043 | ---- | M] () -- C:\windows\SysWow64\LOCALDEVICE.INI
[2013/07/27 10:36:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/26 23:25:21 | 000,878,438 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/07/26 23:25:21 | 000,728,036 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/07/26 23:25:21 | 000,151,362 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/07/26 23:19:29 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/07/26 23:19:26 | 2526,257,151 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/25 08:04:46 | 000,000,702 | ---- | M] () -- C:\windows\wininit.ini
[2013/07/24 11:28:13 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/07/24 11:28:13 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/07/24 11:28:13 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/07/24 11:28:13 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/07/24 11:28:13 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/07/24 11:28:13 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/17 15:17:37 | 000,002,285 | ---- | M] () -- C:\Users\Hebert\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/17 15:17:37 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/17 12:14:43 | 000,000,045 | ---- | M] () -- C:\windows\SysWow64\Configurations.plist.signed
[2013/07/17 12:14:42 | 000,001,735 | ---- | M] () -- C:\windows\SysWow64\UserPref.json
[2013/07/15 22:07:54 | 000,452,648 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/07/15 17:48:57 | 000,009,728 | ---- | M] () -- C:\Users\Hebert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/09 21:00:48 | 000,001,314 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel App.lnk
[2013/06/29 09:58:23 | 000,000,032 | ---- | M] () -- C:\windows\0
[2013/06/27 18:04:51 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/06/27 18:04:51 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/07/25 08:04:19 | 000,000,702 | ---- | C] () -- C:\windows\wininit.ini
[2013/07/25 01:31:51 | 000,001,397 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/07/17 12:14:41 | 000,000,045 | ---- | C] () -- C:\windows\SysWow64\Configurations.plist.signed
[2013/07/17 12:14:40 | 000,001,735 | ---- | C] () -- C:\windows\SysWow64\UserPref.json
[2013/07/17 12:06:14 | 000,386,642 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/07/15 22:07:47 | 000,452,648 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/07/04 17:52:26 | 000,001,314 | ---- | C] () -- C:\Users\Public\Desktop\The Weather Channel App.lnk
[2013/06/29 09:58:24 | 000,003,619 | ---- | C] () -- C:\windows\SysWow64\LOCALSERVICE.INI
[2013/06/29 09:58:24 | 000,000,043 | ---- | C] () -- C:\windows\SysWow64\LOCALDEVICE.INI
[2013/04/29 13:27:41 | 000,227,049 | ---- | C] () -- C:\windows\hpwins14.dat.temp
[2013/04/29 13:27:41 | 000,000,613 | ---- | C] () -- C:\windows\hpwmdl14.dat.temp
[2013/03/22 10:00:08 | 000,000,983 | ---- | C] () -- C:\windows\SysWow64\bscs.ini
[2013/01/31 17:04:00 | 000,070,904 | ---- | C] () -- C:\windows\SysWow64\BsProfileFunc.dll
[2013/01/13 11:27:40 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/01/11 20:33:27 | 000,009,728 | ---- | C] () -- C:\Users\Hebert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/11 20:19:45 | 000,226,503 | ---- | C] () -- C:\windows\hpwins14.dat
[2013/01/11 20:19:45 | 000,000,613 | ---- | C] () -- C:\windows\hpwmdl14.dat
[2013/01/11 18:54:32 | 000,000,126 | ---- | C] () -- C:\windows\QUICKEN.INI
[2013/01/11 17:49:03 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/01/10 12:59:24 | 000,019,456 | ---- | C] () -- C:\windows\SysWow64\BsTrace.dll
[2013/01/10 11:25:58 | 000,353,280 | ---- | C] () -- C:\windows\SysWow64\BsExtendFunc.dll
[2013/01/10 11:25:58 | 000,049,248 | ---- | C] () -- C:\windows\SysWow64\BSSkypeAgent.dll
[2013/01/10 11:25:56 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\BsVistaCommon.dll
[2013/01/10 11:25:56 | 000,073,820 | ---- | C] () -- C:\windows\SysWow64\BSVoIPComm.dll
[2013/01/10 11:25:56 | 000,049,664 | ---- | C] () -- C:\windows\SysWow64\BSWMPPlugin.dll
[2013/01/10 11:25:56 | 000,011,264 | ---- | C] () -- C:\windows\SysWow64\SCChangeMonitor.dll
[2012/11/28 22:05:55 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/10/26 20:42:24 | 000,336,232 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012/10/26 20:42:22 | 010,919,784 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012/10/26 20:42:22 | 000,103,272 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2012/08/01 22:08:37 | 000,893,372 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/07/25 16:22:54 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2012/07/25 16:22:54 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2012/07/25 16:22:54 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2012/07/05 13:34:18 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/07/05 13:34:18 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/06/13 08:45:02 | 000,008,704 | ---- | C] () -- C:\windows\SysWow64\SROF.dll
[2012/06/04 21:31:00 | 000,000,417 | ---- | C] () -- C:\windows\SysWow64\RaoBLE.ini
[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/05/11 17:32:48 | 000,002,528 | ---- | C] () -- C:\windows\FCIC.INI
[2012/04/20 17:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2011/09/13 10:06:16 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2012/11/28 22:14:24 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 02:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 01:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/13 14:02:05 | 000,000,000 | ---D | M] -- C:\Users\Hebert\AppData\Roaming\Garmin
[2013/05/18 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\Hebert\AppData\Roaming\InstallX, LLC
[2013/07/06 17:25:14 | 000,000,000 | ---D | M] -- C:\Users\Hebert\AppData\Roaming\Oracle
[2013/01/19 12:20:02 | 000,000,000 | ---D | M] -- C:\Users\Hebert\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2013/02/26 00:05:35 | 000,000,000 | ---D | M] -- C:\Users\Hebert\AppData\Roaming\Serif
[2013/01/11 18:44:28 | 000,000,000 | ---D | M] -- C:\Users\Hebert\AppData\Roaming\TreeCardGames
[2013/01/24 11:59:56 | 000,000,000 | ---D | M] -- C:\Users\Hebert\AppData\Roaming\WebApp
[2013/01/12 11:09:48 | 000,000,000 | ---D | M] -- C:\Users\Hebert\AppData\Roaming\WildTangent
[2013/02/02 11:01:39 | 000,000,000 | ---D | M] -- C:\Users\Hebert\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 965 bytes -> C:\Users\Hebert\Documents\Travelocity Fare Watcher Alert #2.eml:OECustomProperty
@Alternate Data Stream - 965 bytes -> C:\Users\Hebert\Documents\Travelocity Fare Watcher Alert #1.eml:OECustomProperty
@Alternate Data Stream - 945 bytes -> C:\Users\Hebert\Documents\Spoof Mail.eml:OECustomProperty
@Alternate Data Stream - 809 bytes -> C:\Users\Hebert\Documents\help_rr_com Chat Transcript.eml:OECustomProperty
@Alternate Data Stream - 779 bytes -> C:\Users\Hebert\Documents\Cool.eml:OECustomProperty
@Alternate Data Stream - 436 bytes -> C:\Users\Hebert\Documents\Bowel Capsule.ppp:SummaryInformation
@Alternate Data Stream - 1585 bytes -> C:\Users\Hebert\Documents\ATTAC.eml:OECustomProperty

< End of report >
 
PArt one of 'Extras Report'

OTL Extras logfile created on: 7/27/2013 11:44:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hebert\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.94 Gb Total Physical Memory | 4.23 Gb Available Physical Memory | 53.23% Memory free
9.13 Gb Paging File | 5.18 Gb Available in Paging File | 56.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 909.55 Gb Total Space | 803.62 Gb Free Space | 88.35% Space Free | Partition Type: NTFS
Drive D: | 20.49 Gb Total Space | 2.53 Gb Free Space | 12.37% Space Free | Partition Type: NTFS
Drive K: | 149.04 Gb Total Space | 102.86 Gb Free Space | 69.02% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Hebert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2218671483-2505651539-3046418940-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6EADA2-5161-4567-8777-E30B8B56D27B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{15F09445-742A-442A-BE6A-A3354832061C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{22BFCFAB-E540-4ECC-BF09-5B6510AA7D41}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23D00868-B7FE-42B2-9EEE-9EFD867E7F59}" = lport=10243 | protocol=6 | dir=in | app=system |
"{25B64AF6-C576-447D-A634-F07660387F0C}" = lport=445 | protocol=6 | dir=in | app=system |
"{45E4194E-5376-4329-9152-DA8AC117B040}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4622FA79-982D-463F-9129-323F591AE80A}" = rport=137 | protocol=17 | dir=out | app=system |
"{5376D640-A44B-480E-AB02-5D4106BAC361}" = rport=445 | protocol=6 | dir=out | app=system |
"{5830E05F-0C1C-4CA6-A46C-D080A6A8BFD2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{630DE6B9-65BA-49A7-B31C-088F0B6403E8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{641FE1D0-8FD1-4834-ACC3-985E5A989E93}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{654A7797-C6C0-45BE-A397-90448D535037}" = lport=138 | protocol=17 | dir=in | app=system |
"{661E5FB7-AAE4-4E42-8FA2-FD1044C3AC76}" = lport=52000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe |
"{712D2FB6-3381-4E71-A12C-51F8556FAE5C}" = lport=137 | protocol=17 | dir=in | app=system |
"{7A841C7A-5356-4175-8F0A-8D31E70B193B}" = lport=139 | protocol=6 | dir=in | app=system |
"{975FA564-D9E3-46C5-A5F1-E599DDC5C1F6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A1DCCAC1-0175-40C3-9E74-7318D28C5027}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC6DF0C0-9EF8-457A-B20D-301CCD8D53C9}" = lport=53000 | protocol=6 | dir=in | name=hpconnectedremoteservice.exe |
"{ADE75C78-A8D9-4BA3-B04A-BF8C8D58D35A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{BA49C123-A9C8-4189-85E9-B1FDA35681AF}" = lport=54000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe |
"{C642D98A-29EB-4555-B2B8-69EC117E1450}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CC73D5F4-3C8C-48E1-941B-C448E55EDAA5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE993D1E-E1F1-4C49-8973-43E002390057}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DAA32010-23A3-40DE-89CE-328A1D1CABB0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DC3CD87B-1E99-493C-88E1-85D12368EB0B}" = rport=139 | protocol=6 | dir=out | app=system |
"{E2C3BF49-BC50-43C0-88B8-13F726287C86}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E79A9B39-40AB-4370-9A40-B2318CF94F39}" = lport=810 | protocol=17 | dir=in | name=firstclass client |
"{EECCB947-B1AE-43B7-9DA1-7597E4F5BF20}" = rport=138 | protocol=17 | dir=out | app=system |
"{F4FF3C8B-FB4E-47D3-A67F-576895BAEBE9}" = lport=55001 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe |
"{FE108D54-B1CB-4B11-8BDD-51080C524991}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04795437-DA4E-43C5-8AA6-BF3693536A43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07051CA5-ADA1-4D19-806B-3B644C5C984C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{0762635B-1FC8-4AFF-B3E3-BFA42931EF17}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{08E30730-6B13-4548-AE97-DAE6280FD5EB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0D9C5EAD-2408-4475-90E6-05598BD5616D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10365A86-A451-4135-8915-808848041F5B}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{1642C2DE-CF45-4BED-9DE2-BA947C1B8784}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{172EDC87-0424-461D-8344-B3DF222518BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18B04651-A545-4A51-824E-54D97248A828}" = dir=out | name=@{microsoft.bingnews_1.7.0.31_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{1A0D9730-6F81-4E52-896E-3EEDA4943F57}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{204681BA-F24B-429F-8947-B17F44FDE4D6}" = dir=out | name=microsoft mahjong |
"{25416AB3-FCCB-4DE0-9195-0B15C6CAC713}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{2707E588-6CEA-4AC8-92E3-0CF32249E0BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2E149654-848D-4522-B7C2-ECB4DD9B7124}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2F17EFD3-10D1-4AD7-AF12-96CA7DEFE062}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{341D3A21-9FEC-418C-9292-81C83BDF1E90}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{390B1A08-15E1-4A28-95B3-F372229DDBA4}" = dir=out | name=microsoft solitaire collection |
"{3DAE4949-E558-4C3C-A9A5-E1791BD4FAB1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{42767E15-306E-46FF-A3E4-6509E5934ACC}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{437E51E3-8AD4-4F9E-B269-50FD806509AF}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{474B69D5-A580-4ADD-9BEC-93B87ACE71A1}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{482A34F7-F255-4538-8DFA-602E10DC8926}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{4928206B-09CB-45B1-AF79-5D945C8DA9A1}" = dir=out | name=@{microsoft.bingsports_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{4D427F0B-AC24-4F74-A685-DDDA93C6C5BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51F9C8DA-4709-46EA-8705-3E037631FD58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54CBE140-C2F8-48D8-B29A-2809A05AA098}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{587BF8C7-FC6D-499A-96BA-3E5240D9110C}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{6102CF42-6967-4847-9583-D63951FB9808}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{628317E9-49A8-40D4-83E2-5F0A1D38E82D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{672394A6-ACC1-4A65-B8BD-979440FBD8CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{69C5FED5-EEF8-48F1-B947-AD30B851E0AB}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{6BAFD774-1F08-4F68-87D2-9A0E7AEB1482}" = dir=in | name=hp+ |
"{6EF871AF-AA3A-4997-9F0C-D74B9F0084F5}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{706D66EB-F006-413C-B03F-92EC5374A133}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71B6E6EF-C65B-43D0-92AC-F59281AD3249}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{71C91D5C-A372-4373-9BC3-1B49CBF143B9}" = dir=out | name=netflix |
"{725B0CC0-BC46-4A6C-B2FE-C1B8A0DA5045}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{72FACBDC-A25A-43D0-A6E2-F8AF7E32DC4E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7533A37D-AA98-44C2-ABF4-394B12BC0C35}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{7BDBD0A4-40FE-444A-B0C1-0C1A29B9E891}" = protocol=17 | dir=in | name=hpconnectedremoteservice.exe |
"{7DDD91DD-C340-4FE2-95DB-BB3F414F0CD7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{7FE71EE8-15BB-45C3-8EF8-AAE5441F7292}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{7FFF0433-6832-4304-BD89-FD4A151230EA}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{85391242-A385-4428-B05A-045D3C305BFD}" = dir=out | name=hp registration |
"{866F873C-7976-4372-90B2-934DC1668603}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{883E6333-F5EB-45CA-B194-C4CE0DDD329F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8A970C92-9FD1-461E-835F-C55C367FC607}" = dir=out | name=hp+ |
"{8F86E22C-7E62-4FB6-9AFD-6E9D59D5AD72}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8FF3D423-5F6B-4A6B-B2C7-74F5C5366A73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{908B8A7C-0125-49E2-A6AB-4BC94DB8EA0D}" = dir=in | name=hp connected photo powered by snapfish |
"{940BEE35-3D27-42F1-87AD-EFC450351342}" = dir=out | name=norton studio |
"{9F38844F-98D5-4FC0-B137-C876CB62BBB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A00672D6-DF54-4510-B3EF-1A3FC33AE218}" = dir=out | name=@{microsoft.bingfinance_1.7.0.29_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{A9EA0139-3CED-4C4F-9F34-97AA21AA0B0D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD2E6859-DBAC-4CBF-A34C-9086C9C26343}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AD378A5B-989F-48CC-8965-600DF9677C04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{B0E852F6-A950-490B-916A-35AE63A996D7}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B752225B-37E8-4032-A57A-CBFD804FD5B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{B8802B3B-A3B4-4217-BFBF-2EA85F052730}" = dir=out | name=getting started with windows 8 |
"{BDCF32A9-A4BC-4748-96E5-843947E08BD6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{BEC4ADAD-6F18-42A1-960F-ED5DF1806386}" = dir=out | name=kindle |
"{C2DAC29A-1A99-4690-91A5-19388B8CFDD2}" = dir=in | name=ebay |
"{C5EBC917-1ED2-4FD8-A733-7AACFEE1BD53}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{C87CDA66-DAF6-4626-A993-417AD8D2057F}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{CBF1B023-FF26-4BA8-B9D5-50E0EAA59034}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D0340B02-B2A0-496E-8C9F-76A3EB5FE6EC}" = protocol=6 | dir=out | app=system |
"{D15FF220-D2FE-447D-A492-6E250C7A1B44}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D20EF79A-B2F2-4505-8C0D-352456495931}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{D6058164-37D8-43F5-B89D-7C060C562CD7}" = dir=out | name=hp connected photo powered by snapfish |
"{D67DFC4A-5CFB-4631-988E-1B7E8059EF23}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D869AC87-58A4-4FCB-8246-29522FCC3F7E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{DAC7CE33-1AF4-49AE-BB35-78CE70C01888}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{DAEADFF2-8BDB-4ACE-9302-6E20FA272A94}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{DBA3205D-E436-4808-8870-2DDD28EF520B}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{DD5D4F9B-5286-4A9C-B54F-14BF8C60C97D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{DDB8F920-C743-47A7-84C9-F45BF2B8A5F7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E09548F1-4609-42B3-AC68-F0BC59902942}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E41B8C02-76E7-481E-8C90-DBF27044F2E7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E740D8F2-0C09-4A74-8FCC-4E4427723160}" = dir=out | name=ebay |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E9CE27D0-A54F-4349-A681-6871CA664300}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EE17AF4F-31E9-4190-8138-2F818ACEFB80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{EFBBF1A0-1318-4410-908A-71B705373F9F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F254F4F6-4307-405F-8AC9-6F7C30AE2706}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F4C6FB94-A59D-4DCD-8EC1-BF08D9F28AA6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{F5656D99-D489-43C5-A86D-C86EBACFB241}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{F8580D59-951A-4F8F-87C0-53068455D695}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{F89A7E29-B17D-4AAB-B2DB-F554CEF47917}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FA781CF2-4CDD-48C9-969D-B87A3DD241AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FBC3306F-13F8-4D4F-B438-0AEB1CA127CA}" = dir=out | name=iheartradio |
"TCP Query User{9562FB72-686B-457F-B0D4-EFBCC43ED93E}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{EB3B9C08-B56E-4FE7-9BD9-B996CE78FB9A}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F0C6AE7-8930-C5E2-7FB8-40026B03F760}" = ccc-utility64
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}" = ExpressCache
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{307AA214-8490-9119-DA81-C8E875AD1C94}" = Ralink Bluetooth Stack64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{4B4B81D9-3C2C-4388-A281-40F3299B911E}" = HP OfficeJet J6400 14.0 Rel. 6
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}" = Classic Shell
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BF821093-CFD3-EC1B-B357-6817EE34E5C7}" = AMD Catalyst Install Manager
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{E83FDB2A-C81C-403D-8FD3-A816A89AF80C}" = Intel(R) Rapid Storage Technology
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"PremElem100" = Adobe Premiere Elements 10
"Shop for HP Supplies" = Shop for HP Supplies
 
Part two of 'Extras Report'

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10145271-3F76-583D-AAAD-02753E604CCE}" = CCC Help Norwegian
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15F32C36-CE5C-F1AE-4D05-B9E5D45F5EBF}" = CCC Help German
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CC2AD85-22B6-BBDB-89E0-EED44752E373}" = CCC Help Finnish
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21453396-C635-2129-F0C5-D806E4D41A1C}" = CCC Help Thai
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2CDAA653-8AEE-ACB0-3135-491ECA3CA5CA}" = Catalyst Control Center Profiles Desktop
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3199A409-EE9A-E445-2270-5789FB461DA9}" = HydraVision
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35505AE1-27E2-4206-B3BF-58771803B8D0}" = IncrediMail
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3EE8F72F-11B5-765E-241C-CD628B47F5A6}" = CCC Help Spanish
"{42CA986E-1D63-B863-2E57-66CF1BA1ECEF}" = CCC Help Polish
"{42EBEC32-7E26-20BB-F73B-054006D8924D}" = CCC Help Korean
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47EBDD27-FE2E-D66F-3F09-D6469722F494}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{551936D3-AE34-71C6-B7E0-9EF4E682BBC4}" = Catalyst Control Center Localization All
"{558A2927-95BC-37CA-E790-A043C6EEA064}" = CCC Help Portuguese
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D29FAE2-3FB8-494F-A990-336D17AAA3E6}" = ProductContext
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{630ABFFB-07A7-D193-D66A-B541D71EC5BA}" = CCC Help Chinese Standard
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6809408A-56A8-4863-A7E9-3723FF8C24A4}" = BPDSoftware_Ini
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}" = HP Connected Backup
"{6D9C5F89-1DAA-4909-9C8A-7681C0CFC3F3}" = CCC Help English
"{6EBED885-73D9-4750-B96E-FD654500E59F}" = FirstClass Client
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72352719-A3A8-8977-72DD-8D41BD6F92BB}" = CCC Help Czech
"{77663A9E-EDA4-4873-907D-6315E6D0462A}" = 6400_Help
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A45C856-CF3A-9E2C-D240-852C9A972C97}" = CCC Help Danish
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}" = Uninstall Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{890ABC27-DD36-0A12-55D4-8ED73CF2B72E}" = CCC Help Italian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E2D9681-5050-D714-E3EE-E1D27C38ABB1}" = CCC Help French
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F5FEF49-4F33-DF60-5697-A408C1ED0447}" = CCC Help Russian
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT3290 802.11bgn Wi-Fi Adapter
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{93B21E92-387A-46AD-81A2-B867C9D5D175}" = Catalyst Control Center - Branding
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98271E36-75B8-7D6E-DD22-F0DCEE9A7E1E}" = Adobe Photoshop.com Inspiration Browser
"{993A144A-1119-0FBF-F157-EF9415CB23B7}" = CCC Help Greek
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{A0516FEE-EDF3-165D-7DD5-5BC71D51DBE6}" = CCC Help Hungarian
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A5456457-4504-CA3B-A028-0B0D432CEE7E}" = CCC Help Turkish
"{A6D8170D-15FB-1737-1F5A-DB09CF985F50}" = Catalyst Control Center Graphics Previews Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B344FEB6-6C65-A66B-A306-AE83CC8F029B}" = CCC Help Japanese
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1" = mPlayer version 1.0
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB7F8847-028B-366C-3BC4-BA3BC65A6D36}" = Catalyst Control Center
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C61FB925-F5DA-4EBB-A942-FD5BE488F80F}" = J6400
"{CAD7A104-AF07-B099-BDD7-FBB93490D34A}" = Catalyst Control Center InstallProxy
"{CB9E92AF-55F4-46A7-BC7A-16005E4BF39D}" = Garmin City Navigator North America NT 2013.40 Update
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DDCC92-93F8-47ED-9068-85E23CC1CDDD}" = BPDSoftware
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A3910B-30EC-1462-7C2E-A1C2365ABD73}" = CCC Help Chinese Traditional
"{E2B22002-9C8B-43CC-A75B-464B6ED4FF6B}" = Serif PagePlus X6
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EFCB4F04-04AD-4B17-999E-E7B54F9817A9}" = Garmin BaseCamp
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote
"{F2BCB229-F472-D13A-3F75-19AF40051262}" = CCC Help Dutch
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA30FFD4-8DF3-4B29-9C2C-EE30584CD795}" = bpd_scan
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"123 Free Solitaire_is1" = 123 Free Solitaire 2011 v8.0
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Google Chrome" = Google Chrome
"IncrediMail" = IncrediMail 2.5
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"LessTabs" = LessTabs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"N360" = Norton 360
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Picasa 3" = Picasa 3
"sl-apl" = SelectionLinks
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"The Weather Channel App" = The Weather Channel App
"Uninstall Helper 2.0.1.0" = Uninstall Helper
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-176e6bfd-f8f0-4f40-95b9-05d6ad10b83b" = Polar Golfer
"WTA-257000e2-5df7-4685-afe5-cb229162c0f8" = Mortimer Beckett and the Crimson Thief Premium Edition
"WTA-2a7e6898-365a-420a-ae43-dc6010387359" = Peggle Nights
"WTA-2e0be2ac-126c-45b5-bf9d-8e589777ccd4" = Cradle of Rome 2
"WTA-3285400b-4a8b-4418-8d89-be8ad5cc46aa" = 4 Elements II
"WTA-37b20bb2-59bb-40df-ade4-8f2f29a4df11" = Mahjongg Dimensions Deluxe: Tiles in Time
"WTA-4239be4a-d461-43ec-af14-fec370f0bef8" = Final Drive Fury
"WTA-52884e51-3ae0-457b-84ca-889ffca3ca29" = Governor of Poker 2 Premium Edition
"WTA-54c2dafe-6996-4f6c-a9d2-24cf7ca4317c" = Penguins!
"WTA-57ad3ab5-9208-433e-b08d-ba0e143f2724" = Chuzzle Deluxe
"WTA-62023cdd-f387-43a7-a592-94ef51d6149d" = Hoyle Card Games
"WTA-7147c6b4-9576-4dae-91c1-fc230c1f4f95" = Polar Bowler
"WTA-739e31f4-30c1-44ef-83bb-4ba7fa6af804" = Vacation Quest™ - Australia
"WTA-7e35b006-e8c4-439f-978b-35375da96be3" = Build-a-lot 4 - Power Source
"WTA-7fefaf7c-3db2-4b81-99ea-73bfe14d102e" = Zuma's Revenge
"WTA-82076691-f02e-4047-88a2-b60e975dfefc" = FATE: The Cursed King
"WTA-97441fc8-24bd-47d4-a48d-59997b47ca57" = Bejeweled 3
"WTA-9b8df2eb-18db-44a1-b20c-9756b2129da4" = Roads of Rome 3
"WTA-aad711ff-e475-4fbb-8167-3c5654527862" = Tales of Lagoona
"WTA-abe83ce9-ecb9-4a5f-8968-317d8dc4ec4c" = John Deere Drive Green
"WTA-ace339e3-5e8f-4a91-8ffb-4e542a89f3f5" = Jewel Match 3
"WTA-aee9a48e-8b03-4080-ae7d-c01ace46e52e" = Cradle Of Egypt Collector's Edition
"WTA-c31a78b9-7c5a-4581-945e-42b1bcfe0bf0" = Luxor Evolved
"WTA-da48de4e-0973-43c5-8289-48827e11883b" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-dd6e38ca-3faf-4708-9d7d-168f42e72928" = FlatOut 2
"WTA-fd96eb51-67ce-444f-908c-27dbf094519e" = Farm Frenzy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2218671483-2505651539-3046418940-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HPConnectedMusic" = HP Connected Music (Meridian - player)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2013 6:14:50 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.9200.16384, time
stamp: 0x5010a60b Faulting module name: MSI54BB.tmp, version: 0.0.0.0, time stamp:
0x51158210 Exception code: 0xc0000005 Fault offset: 0x00002e50 Faulting process id:
0x1cdc Faulting application start time: 0x01ce1ea5d8c8563b Faulting application path:
C:\Windows\syswow64\MsiExec.exe Faulting module path: C:\windows\Installer\MSI54BB.tmp
Report
Id: 1733a08b-8a99-11e2-be89-689423a07498 Faulting package full name: Faulting package-relative
application ID:

Error - 3/12/2013 12:08:58 PM | Computer Name = Home | Source = Perflib | ID = 1008
Description =

Error - 3/13/2013 12:45:04 PM | Computer Name = Home | Source = Perflib | ID = 1008
Description =

Error - 3/14/2013 12:07:45 PM | Computer Name = Home | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "c:\program files (x86)\ralink
corporation\ralink bluetooth stack\BsSMSEditor.exe".Error in manifest or policy
file "" on line . A component version required by the application conflicts with
another component version already active. Conflicting components are:. Component
1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Component
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.

Error - 3/14/2013 12:08:28 PM | Computer Name = Home | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "c:\program files (x86)\ralink
corporation\ralink bluetooth stack\BsSMSEditor.exe".Error in manifest or policy
file "" on line . A component version required by the application conflicts with
another component version already active. Conflicting components are:. Component
1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Component
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.

Error - 3/14/2013 1:39:12 PM | Computer Name = Home | Source = Perflib | ID = 1008
Description =

Error - 3/15/2013 6:12:15 PM | Computer Name = Home | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log
for additional information.

Error - 3/16/2013 8:51:43 AM | Computer Name = Home | Source = Outlook | ID = 1000
Description = Add-in execution error. Outlook crashed during the 'SelectionChange'
callback of the 'ExplorerEvents' interface while calling into the 'IVT BlueSoleil
Outlook Addin' add-in.

Error - 3/16/2013 8:51:44 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 14.0.6131.5000, time
stamp: 0x509b1020 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x36003800 Faulting process id: 0x78e4 Faulting application
start time: 0x01ce2244f53b33bf Faulting application path: C:\Program Files (x86)\Microsoft
Office\Office14\OUTLOOK.EXE Faulting module path: unknown Report Id: 40c1878f-8e38-11e2-be89-689423a07498
Faulting
package full name: Faulting package-relative application ID:

Error - 3/16/2013 8:54:43 AM | Computer Name = Home | Source = Microsoft Office 14 | ID = 2001
Description = Microsoft Outlook: Rejected Safe Mode action : Outlook experienced
a serious problem with the 'ivt bluesoleil outlook addin' add-in. This add-in is
incompatible with Data Execution Prevention mode and should be disabled or upgraded
to the latest version. Do you wish to disable this add-in from loading?.

[ Spybot - Search and Destroy Events ]
Error - 7/25/2013 8:04:47 AM | Computer Name = Home | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/25/2013 9:27:16 AM | Computer Name = Home | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/25/2013 9:54:10 AM | Computer Name = Home | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/26/2013 10:54:25 AM | Computer Name = Home | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/26/2013 10:09:31 PM | Computer Name = Home | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/26/2013 10:32:36 PM | Computer Name = Home | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 7/26/2013 11:21:20 PM | Computer Name = Home | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 7/17/2013 12:15:08 PM | Computer Name = Home | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070103: Intel Corporation - Storage Controller - Intel(R) 7 Series/C216
Chipset Family SATA AHCI Controller.

Error - 7/17/2013 12:15:20 PM | Computer Name = Home | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070103: Intel Corporation - Storage Controller - Intel(R) 7 Series/C216
Chipset Family SATA AHCI Controller.

Error - 7/17/2013 7:46:09 PM | Computer Name = Home | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 7/17/2013 11:08:23 PM | Computer Name = Home | Source = DCOM | ID = 10010
Description =

Error - 7/17/2013 11:08:23 PM | Computer Name = Home | Source = DCOM | ID = 10010
Description =

Error - 7/20/2013 2:14:59 PM | Computer Name = Home | Source = Service Control Manager | ID = 7023
Description = The Interactive Services Detection service terminated with the following
error: %%1

Error - 7/20/2013 2:34:10 PM | Computer Name = Home | Source = DCOM | ID = 10010
Description =

Error - 7/20/2013 2:34:10 PM | Computer Name = Home | Source = DCOM | ID = 10010
Description =

Error - 7/20/2013 6:12:28 PM | Computer Name = Home | Source = DCOM | ID = 10010
Description =

Error - 7/20/2013 6:12:28 PM | Computer Name = Home | Source = DCOM | ID = 10010
Description =


< End of report >
 
Will be off line for rest of today

It is my wife's birthday.
Will be away from the house most of day.
Will look for your instructions tomorrow morning.
Thanks again for the help.
 
No problem, Happy Birthday to your wife :)


Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
O2 - BHO: (SelectionLinks) - {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O2 - BHO: (LessTabs) - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
O2 - BHO: (LyricsContainer) - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files (x86)\LyricsContainer\125.dll File not found
[2013/07/25 01:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solid Savings
[2013/07/23 00:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LessTabs


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
 
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
 
Last edited by a moderator:
Status
Not open for further replies.
Back
Top