Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reimage Repair removal


  • This topic is locked This topic is locked
13 replies to this topic

#1 niknik

niknik

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 07 July 2014 - 02:13 AM

Hi all
 
My computer was slow, so I stupidly downloaded Reimage Repair a while back (along with some other software).  I think I've been able to remove most of it, but reimage isn't showing up in any of my program lists.  I get popups from it daily, so I know it's there.  Firefox still crashes frequently, and google chrome crashes occasionally.

 

 

=====

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Nikki at 2:50:12 on 2014-07-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3691.1005 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files (x86)\Wi-Fi Connect\WiFiConnect.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Users\Nikki\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Nikki\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Nettalk6\Nettalk.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\splwow64.exe
C:\Program Files\Symform\Node Service\symformstatus.exe
C:\Program Files\Symform\Node Service\symformsync.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\Nikki\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Symform\Node Service\symformcontrib.exe
C:\Program Files\Symform\Node Service\symformupdater.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [4F22CBF1F487464E18901136EF381D3EBBEE2F13._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
uRun: [WiFiConnect] C:\Program Files (x86)\Wi-Fi Connect\WiFiConnect
uRun: [Amazon Cloud Player] "C:\Users\Nikki\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
uRun: [GoogleChromeAutoLaunch_A79E39EC3BBD8C5CE6581CF629811CA3] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2540 Series"
uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2540 Series"
uRun: [Symform Status] "C:\Program Files\Symform\Node Service\symformstatus.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe -update plugin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Nikki\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nikki\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Nikki\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Nettalk.lnk - C:\Program Files (x86)\Nettalk6\Nettalk.exe
StartupFolder: C:\Users\Nikki\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: LastPass - C:\Users\Nikki\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Nikki\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4D374E2C-BE61-42B3-B2B4-24B67962E0E3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7C687AC1-2CA9-42FF-B7B1-F7FBA326A126} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7C687AC1-2CA9-42FF-B7B1-F7FBA326A126}\458696379637478656E6564777F627B6 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{7C687AC1-2CA9-42FF-B7B1-F7FBA326A126}\B496E646C65684F6473707F647D203436455 : DHCPNameServer = 192.168.43.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [ShipWorksScheduler$EBA6070F223C4952B574D2CF708E3516] C:\Program Files\ShipWorks\ShipWorks.exe /s=Scheduler
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\lykdoepy.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on\plugins\npEWPSPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Nikki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\lykdoepy.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - ExtSQL: !HIDDEN! 2013-04-11 12:52; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-28 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-28 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-10 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-10 421704]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-5-3 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-6 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-10 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-28 50344]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-6-3 173792]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-5-3 46136]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-14 80184]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-5 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-5-3 1857600]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-5-3 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-5-3 44672]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2013-11-8 57024]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-1-10 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-10 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-10 30208]
S4 RsFx0200;RsFx0200 Driver;C:\Windows\System32\drivers\RsFx0200.sys [2012-2-11 334936]
.
=============== Created Last 30 ================
.
2014-07-06 09:03:42 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{40554FAE-8412-481C-A164-297852B17478}\offreg.dll
2014-07-04 19:48:13 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{40554FAE-8412-481C-A164-297852B17478}\mpengine.dll
2014-07-02 06:54:11 135824 ----a-w- C:\Windows\System32\escsvc64.exe
2014-07-02 06:54:08 466432 ----a-w- C:\Windows\System32\esxw2ud.dll
2014-07-02 06:52:55 -------- d-----w- C:\Program Files (x86)\epson
2014-07-02 05:00:40 -------- d-----w- C:\Program Files (x86)\EPSON Software
2014-06-29 18:49:12 -------- d-----w- C:\SymformContribution
2014-06-29 17:53:58 -------- d-----w- C:\Program Files\Symform
2014-06-29 17:40:33 -------- d-----w- C:\Program Files\Common Files\EPSON
2014-06-29 17:40:19 -------- d-----w- C:\ProgramData\EPSON
2014-06-29 17:39:43 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL
2014-06-29 17:39:40 120320 ----a-w- C:\Windows\System32\E_YLMIUE.DLL
2014-06-29 17:39:39 83968 ----a-w- C:\Windows\System32\E_YD4BIUE.DLL
2014-06-26 18:59:51 -------- d-----w- C:\Users\Nikki\AppData\Local\{17B961D8-D4E5-481A-8427-1B53948447ED}
2014-06-25 22:08:41 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-06-13 20:22:57 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-11 02:24:59 810200 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-06-11 02:20:47 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 02:20:43 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-14 06:41:00 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-14 06:40:59 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 06:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-15 00:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-12 01:19:01 14883840 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH:  2:52:26.95 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:29 PM

Posted 07 July 2014 - 03:51 PM

Good evening. :)

 

Where did you get the installation file from?
How long ago did you you install it?

When do the pop-ups occur? When you are online or offline? Does it only happen when you use a particular browser, assuming you have one open when you get them?


So long, and thanks for all the fish.

 

 


#3 niknik

niknik
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 08 July 2014 - 12:56 AM

I got the installation file from C-Net, and the pop ups don't seem to have a pattern. It doesn't matter if I've got a browser open or not.  They are very occasional (once every day or two.  I get them on the bottom right of my screen and it just tells me that I need to run the program.  I installed it a few months ago and can not figure out how to get rid of it.



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:29 PM

Posted 08 July 2014 - 11:18 AM

Good evening. :)

This may not be as easy as you would like as the time that has elapsed doesn't help, nor does the fact that what you removed may have pointed to what you left behind.

 

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.


So long, and thanks for all the fish.

 

 


#5 niknik

niknik
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 09 July 2014 - 02:20 AM

I was afraid it would be difficult to remove... Thanks for your help.  I will be posting the requested logs below. 

OTL logfile created on: 7/9/2014 2:09:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nikki\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.60 Gb Total Physical Memory | 0.46 Gb Available Physical Memory | 12.86% Memory free
7.21 Gb Paging File | 2.35 Gb Available in Paging File | 32.67% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.98 Gb Total Space | 205.02 Gb Free Space | 45.87% Space Free | Partition Type: NTFS
Drive D: | 14.62 Gb Total Space | 1.62 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.37% Space Free | Partition Type: FAT32
 
Computer Name: JANIE | User Name: Nikki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/09 02:09:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nikki\Downloads\OTL(1).exe
PRC - [2014/06/17 22:40:59 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/06/17 01:03:18 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/06/05 09:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/06/03 13:44:20 | 000,173,792 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2014/05/19 20:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nikki\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/05/14 02:40:59 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/04/02 05:24:13 | 003,774,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2014/03/07 16:39:48 | 003,168,576 | ---- | M] () -- C:\Users\Nikki\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
PRC - [2014/02/19 19:18:00 | 000,153,088 | ---- | M] (Code 42 Software) -- C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
PRC - [2014/02/19 19:17:07 | 000,209,920 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
PRC - [2014/01/28 17:23:33 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/13 21:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 15:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/29 05:28:58 | 002,587,136 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
PRC - [2012/10/30 22:40:14 | 002,080,768 | ---- | M] (Nicolas Kruse) -- C:\Program Files (x86)\Nettalk6\Nettalk.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 05:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/15 20:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/10/16 12:47:20 | 000,320,968 | ---- | M] (Verizon) -- C:\Program Files (x86)\Wi-Fi Connect\WiFiConnect.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/07 21:53:50 | 000,043,008 | ---- | M] () -- c:\users\nikki\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpauszaf.dll
MOD - [2014/06/17 22:40:56 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/06/05 09:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 09:58:37 | 014,612,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
MOD - [2014/06/05 09:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 09:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 09:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 09:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/05/15 03:50:55 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\15c45f1932751583dc3c2d49e5786acd\System.Web.Services.ni.dll
MOD - [2014/05/14 02:40:58 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/04/11 21:18:55 | 001,020,928 | ---- | M] () -- C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\lykdoepy.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2014/03/07 16:39:48 | 003,168,576 | ---- | M] () -- C:\Users\Nikki\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MOD - [2014/02/12 05:07:10 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/12 04:53:35 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 04:53:17 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 04:53:04 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 04:52:55 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 04:51:59 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 04:51:44 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/14 23:32:04 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/01/02 21:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Nikki\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/23 15:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Nikki\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/12/29 05:30:42 | 000,209,408 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2012/12/29 05:28:58 | 002,587,136 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
MOD - [2012/06/17 09:22:08 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lfs.dll
MOD - [2012/05/16 15:01:30 | 000,140,800 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lua52.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/19 10:46:48 | 000,018,872 | ---- | M] (Symform, Inc.) [Auto | Running] -- C:\Program Files\Symform\Node Service\symformcontrib.exe -- (symformcontrib)
SRV:64bit: - [2014/06/19 10:46:20 | 000,029,112 | ---- | M] (Symform, Inc.) [Auto | Running] -- C:\Program Files\Symform\Node Service\symformupdater.exe -- (symformupdater)
SRV:64bit: - [2014/06/19 10:46:18 | 000,021,944 | ---- | M] (Symform, Inc.) [Auto | Running] -- C:\Program Files\Symform\Node Service\symformsync.exe -- (symformsync)
SRV:64bit: - [2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/28 17:23:33 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/07 12:37:50 | 005,084,008 | ---- | M] (Reimage®) [Auto | Running] -- C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe -- (ReimageRealTimeProtection)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/27 07:01:02 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV:64bit: - [2011/12/12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2011/07/06 03:08:26 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/05 14:27:04 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 21:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2014/07/09 00:40:05 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/17 22:40:57 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/06/03 13:44:20 | 000,173,792 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2014/02/19 19:18:00 | 000,153,088 | ---- | M] (Code 42 Software) [Auto | Running] -- C:\Program Files (x86)\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/13 21:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/01/28 17:23:39 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/28 17:23:39 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/28 17:23:39 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/28 17:23:38 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/14 23:32:11 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/14 23:32:11 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/14 23:32:10 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/12/19 09:11:27 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/04/29 09:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2013/04/04 15:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/02 05:26:37 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/10/02 05:26:36 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/05 20:39:44 | 001,857,600 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/11 07:59:34 | 000,334,936 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0200.sys -- (RsFx0200)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/09 00:00:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/09 00:00:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/06 03:50:28 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/06 02:32:20 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/16 06:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 06:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/15 14:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 20:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/11/08 01:13:52 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 2B 14 70 73 7B CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2013.75
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.1
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: e-webprint%40epson.com:1.19.00
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nikki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/28 17:23:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/04/11 12:52:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014/07/02 03:01:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/17 22:40:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/04/11 12:52:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/06/17 22:40:38 | 000,000,000 | ---D | M]
 
[2013/12/01 03:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikki\AppData\Roaming\mozilla\Extensions
[2014/06/05 22:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikki\AppData\Roaming\mozilla\Firefox\Profiles\lykdoepy.default\extensions
[2014/02/07 23:49:28 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Nikki\AppData\Roaming\mozilla\Firefox\Profiles\lykdoepy.default\extensions\2020Player_IKEA@2020Technologies.com
[2014/04/11 21:18:55 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Nikki\AppData\Roaming\mozilla\Firefox\Profiles\lykdoepy.default\extensions\support@lastpass.com
[2014/06/05 22:17:56 | 000,014,426 | ---- | M] () (No name found) -- C:\Users\Nikki\AppData\Roaming\mozilla\firefox\profiles\lykdoepy.default\extensions\remoku@remoku.tv.xpi
[2014/06/04 21:57:23 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Nikki\AppData\Roaming\mozilla\firefox\profiles\lykdoepy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/06/17 22:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/17 22:41:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/02 03:01:16 | 000,000,000 | ---D | M] (E-Web Print) -- C:\PROGRAM FILES (X86)\EPSON SOFTWARE\E-WEB PRINT\FIREFOX ADD-ON
[2014/01/28 17:23:40 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.41_0\
CHR - Extension: Motorola Connect = C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh\1.5.1_0\
CHR - Extension: Motorola Connect = C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh\2.0.8.1_0\
CHR - Extension: Google Wallet = C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/06/13 19:26:03 | 000,000,768 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [ShipWorksScheduler$EBA6070F223C4952B574D2CF708E3516] C:\Program Files\ShipWorks\ShipWorks.exe (Interapptive®, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [4F22CBF1F487464E18901136EF381D3EBBEE2F13._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\Nikki\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2540 Series" File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2540 Series" File not found
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_A79E39EC3BBD8C5CE6581CF629811CA3] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [Symform Status] C:\Program Files\Symform\Node Service\symformstatus.exe (Symform, Inc.)
O4 - HKCU..\Run: [WiFiConnect] C:\Program Files (x86)\Wi-Fi Connect\WiFiConnect.exe (Verizon)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKLM..\RunOnce: [PromoteInstaller] C:\ProgramData\Promote Installer\Starter.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe -update plugin File not found
O4 - Startup: C:\Users\Nikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nikki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Nikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk = C:\Program Files (x86)\Nettalk6\Nettalk.exe (Nicolas Kruse)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Nikki\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Nikki\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: LastPass - file://C:\Users\Nikki\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Nikki\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D374E2C-BE61-42B3-B2B4-24B67962E0E3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C687AC1-2CA9-42FF-B7B1-F7FBA326A126}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (PCloudBroom64.exe \systemroot\system32\BroomData.bit)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/02 09:54:21 | 000,000,000 | -H-D | C] -- C:\Users\Nikki\Documents\.symform-store
[2014/07/02 09:54:20 | 000,000,000 | -H-D | C] -- C:\Users\Nikki\Documents\.symform
[2014/07/02 02:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2014/07/02 02:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/07/02 01:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2014/07/02 01:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPSON Software
[2014/06/29 15:55:51 | 000,000,000 | -H-D | C] -- C:\Users\Nikki\Desktop\.symform-store
[2014/06/29 15:55:51 | 000,000,000 | -H-D | C] -- C:\Users\Nikki\Desktop\.symform
[2014/06/29 14:49:12 | 000,000,000 | ---D | C] -- C:\SymformContribution
[2014/06/29 13:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symform
[2014/06/29 13:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Symform
[2014/06/29 13:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2014/06/29 13:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2014/06/26 14:59:51 | 000,000,000 | ---D | C] -- C:\Users\Nikki\AppData\Local\{17B961D8-D4E5-481A-8427-1B53948447ED}
[2014/06/17 22:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/13 16:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/04/11 21:18:48 | 014,883,840 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[1 C:\Users\Nikki\Documents\*.tmp files -> C:\Users\Nikki\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/09 02:08:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/09 01:39:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/09 01:08:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/07 22:02:51 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/07 22:02:51 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/07 21:58:47 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNikki.job
[2014/07/07 21:50:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/07 21:50:21 | 2902,646,784 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/06 18:38:08 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJANIE$.job
[2014/07/06 15:28:25 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/07/06 04:25:32 | 000,082,509 | ---- | M] () -- C:\Windows\SysNative\ScanResults.xml
[2014/07/06 03:43:38 | 000,007,312 | ---- | M] () -- C:\Windows\SysNative\SettingsFile
[2014/07/04 22:39:43 | 000,264,035 | ---- | M] () -- C:\Users\Nikki\Documents\townmap2.xcf
[2014/07/04 22:39:43 | 000,003,947 | ---- | M] () -- C:\Users\Nikki\AppData\Local\recently-used.xbel
[2014/07/04 22:38:05 | 000,472,715 | ---- | M] () -- C:\Users\Nikki\Documents\townmap.xcf
[2014/07/04 22:36:51 | 000,365,401 | ---- | M] () -- C:\Users\Nikki\Documents\godillashirt.xcf
[2014/07/02 02:54:21 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/06/13 07:14:48 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Users\Nikki\Documents\*.tmp files -> C:\Users\Nikki\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/04 22:39:43 | 000,003,947 | ---- | C] () -- C:\Users\Nikki\AppData\Local\recently-used.xbel
[2014/07/04 22:39:40 | 000,264,035 | ---- | C] () -- C:\Users\Nikki\Documents\townmap2.xcf
[2014/07/04 22:38:02 | 000,472,715 | ---- | C] () -- C:\Users\Nikki\Documents\townmap.xcf
[2014/07/04 22:36:50 | 000,365,401 | ---- | C] () -- C:\Users\Nikki\Documents\godillashirt.xcf
[2014/07/02 02:54:21 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/11/06 19:30:45 | 000,000,000 | ---- | C] () -- C:\Users\Nikki\defogger_reenable
[2013/11/06 18:44:58 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/11/06 10:20:44 | 000,000,088 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2013/07/31 20:42:20 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
[2013/04/05 01:22:45 | 000,904,090 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/20 13:14:02 | 000,207,633 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
[2013/02/20 13:14:02 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2012/08/11 00:17:10 | 000,208,187 | ---- | C] () -- C:\Windows\hpoins43.dat
[2012/08/11 00:17:10 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/03/02 18:45:31 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\.mono
[2013/11/19 04:49:36 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\.purple
[2014/01/14 23:37:58 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\AVAST Software
[2013/12/05 12:59:45 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\BitTorrent
[2013/09/18 23:36:21 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\calibre
[2014/04/18 03:45:56 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\com.amazon.music.uploader
[2014/05/29 22:57:17 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\CrashPlan
[2014/05/29 13:14:35 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\DriverCure
[2014/07/07 21:54:57 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\Dropbox
[2014/07/07 21:54:21 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\DropboxMaster
[2014/06/28 01:13:32 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\Nettalk
[2014/04/19 13:12:40 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\Oracle
[2014/02/08 03:49:49 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\Origin
[2013/08/16 21:52:28 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\PayPalize
[2013/09/11 15:51:31 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\ReadyShipper
[2014/05/29 13:14:35 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\SpeedyPC Software
[2013/08/04 01:43:54 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\Stamps.com Internet Postage
[2013/07/09 01:24:56 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\Subversion
[2012/08/10 21:11:18 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\Synaptics
[2012/12/28 13:02:00 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\Unity
[2013/10/10 23:17:28 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\Warp
[2012/08/12 05:04:00 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\WildTangent
[2013/05/14 00:26:51 | 000,000,000 | ---D | M] -- C:\Users\Nikki\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:A3B8F70C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
 



#6 niknik

niknik
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 09 July 2014 - 02:23 AM

OTL Extras logfile created on: 7/9/2014 2:09:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nikki\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.60 Gb Total Physical Memory | 0.46 Gb Available Physical Memory | 12.86% Memory free
7.21 Gb Paging File | 2.35 Gb Available in Paging File | 32.67% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.98 Gb Total Space | 205.02 Gb Free Space | 45.87% Space Free | Partition Type: NTFS
Drive D: | 14.62 Gb Total Space | 1.62 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.37% Space Free | Partition Type: FAT32
 
Computer Name: JANIE | User Name: Nikki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FEF7DF-6D5A-4554-B707-CA817AF1D891}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06D64F51-1E72-4DB9-93ED-2BBE70544A51}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0C24E3C0-42D3-4C3C-BA78-D5FB4C23F609}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1066A602-FD5B-4C1F-91C0-7DBCB7BF545F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{19FA8623-476E-4C12-8656-E3C1D28943C5}" = rport=445 | protocol=6 | dir=out | app=system |
"{324D37E6-A9F6-4057-BF31-DD9C36E8C898}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4443631E-B09F-4468-9C3E-E138FCCE9671}" = lport=137 | protocol=17 | dir=in | app=system |
"{455D785C-0E25-499D-9AFA-7B9123E42030}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{4995F954-2F2B-4D29-B2A0-7E597E93EA53}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{55F162DD-0383-4A44-B632-8430D26B4935}" = lport=10243 | protocol=6 | dir=in | app=system |
"{562887F1-010E-4C9B-AEEB-D5B30DF55D1A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{80B88290-50B1-4D99-9CEB-A469D6609711}" = rport=137 | protocol=17 | dir=out | app=system |
"{8193DEEE-205E-4D58-9293-48E31CB42408}" = rport=139 | protocol=6 | dir=out | app=system |
"{A473A3E5-FA7B-453E-9E03-B1FBEE09C35B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{AB1CE9A6-6FE5-43E7-8A32-BB4F88B2BF4A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFB78CA8-368B-4DC0-B33A-23C1A7ACB989}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B0B86D78-2FFD-4AB6-822E-546C8C008EE0}" = lport=139 | protocol=6 | dir=in | app=system |
"{B3712731-EBAF-45E2-9A14-D2DC070BA346}" = lport=138 | protocol=17 | dir=in | app=system |
"{B4E03742-0CCA-44BF-B771-2A8F1A5ED08A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8BE6574-9DA8-4FC2-9198-1401D56BF7BA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C354D73A-B040-4F5B-B0D9-383CC261B336}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C93C83AA-92BD-4911-A163-ED4BECA72AB1}" = rport=138 | protocol=17 | dir=out | app=system |
"{D286D621-2000-45DC-AF9E-68BC40CB8A76}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D69BBABF-7AB7-49EA-A362-9775BA12CCB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0B227E4-E29A-4463-92A7-DE8D7C3A6EDE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{EEAD7A41-75A1-4D1A-88DA-555916E6D06F}" = lport=445 | protocol=6 | dir=in | app=system |
"{F6CD6BC7-D50C-4D56-8FE2-2469B7F88B55}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CFB8091-9E1C-44B6-8A0A-3CE679490A03}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe |
"{10CAC881-8CCD-40DD-B561-DC7DD6481512}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{12EB5DF3-BB17-4117-A93D-531C6CAA924A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{14BE408F-DCA8-4282-9D21-00A6163B1E0D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{16A2D027-EEFE-4DA2-A69B-A5A6197C5F56}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{194BE34F-E3A6-467B-8C43-344C6FF16A58}" = protocol=6 | dir=in | app=c:\users\nikki\appdata\local\temp\7zs5d8d\hpdiagnosticcoreui.exe |
"{1FA760E7-A909-449B-ABEB-C49137994D9D}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{1FF313E5-7C88-4584-8D68-B18B0E6BAF2F}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{20AEF0CE-9C86-4CDF-A40D-7EA02FA29826}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe |
"{21725B55-F2C2-4E87-B99D-8C48A3B44C37}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2520B914-6504-47E7-A090-757E8740E293}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{26088F80-2F3E-44D6-8EF4-3F05C1B64534}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{2930D0B5-F009-4627-9184-7A5485D3E56F}" = protocol=17 | dir=in | app=c:\users\nikki\appdata\roaming\dropbox\bin\dropbox.exe |
"{2E04FF8A-9969-44B9-A03F-67C423E77CF7}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{2F84FDCB-BD50-484C-BD8B-879ACD6817FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{300BD0B8-2947-4729-8E16-42FE55E421A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{30A5F8E5-D1F4-444E-A1EC-F7D92CC18720}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{3356D8DB-6B27-4B23-8663-A7FAAEF48B38}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{36567AC1-B2CA-4ACD-8FD0-E0AF26859DA2}" = protocol=17 | dir=in | app=c:\users\nikki\appdata\roaming\bittorrent\bittorrent.exe |
"{3B17C553-2255-41D9-AC09-DEA2FFE4785D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3CCFF671-6CDF-4D8B-B198-45258B8C9F8F}" = protocol=17 | dir=in | app=c:\program files\microsoft sql server\mssql11.shipworks\mssql\binn\sqlservr.exe |
"{4137F315-9760-4B66-A6F0-CA053D867DE9}" = protocol=17 | dir=in | app=c:\users\nikki\appdata\local\temp\7zs0700\hpdiagnosticcoreui.exe |
"{46A1212A-4CF5-42A2-9697-4991455B7BF5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe |
"{48C97043-9FE3-4FC5-96DF-161D5211105B}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{4B2C4946-C757-4BED-A7B7-7102A98A77DC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{53D0F711-5858-49A4-A527-EC688C6F67EE}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{54025A5B-4E32-4D0E-8FC0-A00273E0E1A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5852F7AA-9B0D-4CB4-9450-81A28893C119}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C745836-EF75-4D28-980A-C4833FE34845}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5CE97F6F-5D98-4B40-AD0B-9BEFE8746A67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D1123F4-CABC-4E98-91A9-28D13AD23793}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F1BB741-2911-4C79-9143-62816F7D616C}" = dir=in | app=c:\users\nikki\appdata\local\temp\7zs25a3\setup\hpznui40.exe |
"{5F7D3771-32C1-47B7-84FE-31BEE8763365}" = protocol=6 | dir=in | app=c:\users\nikki\appdata\local\temp\7zs0700\hpdiagnosticcoreui.exe |
"{626FDC38-A6AD-463E-B01C-E76B75194DBA}" = protocol=6 | dir=in | app=c:\program files\symform\node service\symformconfig.exe |
"{64D70F7D-5D85-4B1B-BF7A-ABBBC31DB4D4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{69942F53-A76F-4B9E-9F95-A0D9D46F4A68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7059C0E3-C716-4955-8741-4D339D51803D}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{72C6932C-B696-4ADE-8F3F-6B4F4040FA3F}" = protocol=6 | dir=in | app=c:\program files (x86)\crashplan\crashplanservice.exe |
"{740656BD-CA35-4AD4-BD6F-5F8293C45CB0}" = protocol=17 | dir=in | app=c:\users\nikki\appdata\local\temp\7zs5d8d\hpdiagnosticcoreui.exe |
"{7889874D-907F-40BE-B6F7-4FDC0145F70D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{791B1ED1-28DA-49E8-B623-1129B73D375E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{798369BA-842B-4A19-B7BD-625D6C69CA1B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{7E2B164E-6FB5-4CF0-A0D6-8BF1CDA235EA}" = dir=in | app=c:\program files\symform\node service\symformcontrib.exe |
"{8B2010BD-A6B5-4575-9787-F6C55617EABC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E049514-272B-4A2B-9A9D-CC8A7C900E76}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{8F6CB753-7CA9-4812-A55F-21EDDF92C4EC}" = protocol=17 | dir=in | app=c:\users\nikki\appdata\local\temp\7zs609f\hpdiagnosticcoreui.exe |
"{9016AAC5-4B8D-4439-ACC4-CEBCEFB7D33A}" = protocol=6 | dir=out | app=system |
"{92589284-1F64-4BE9-BB82-449013434DF5}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{94130932-C2E1-4434-8AD2-8A2B958D325A}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{95A9BC55-47B7-464D-859C-817A0DD23DA4}" = protocol=6 | dir=in | app=c:\users\nikki\appdata\local\temp\7zs4da6\hpdiagnosticcoreui.exe |
"{9638F280-D28E-4D90-A06C-79B8961D7467}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{96A38AF6-8B55-428A-B381-41ABCD57F466}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{96B48D2C-CEE0-441B-BC89-7BFA0F728286}" = protocol=17 | dir=in | app=c:\program files\microsoft sql server\mssql11.shipworks\mssql\binn\sqlservr.exe |
"{A1C88C63-3CA0-4549-B45B-6CF067D0D73C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A2682A7C-3D2B-4411-BFA5-83A0CF7D483F}" = protocol=6 | dir=in | app=c:\users\nikki\appdata\roaming\dropbox\bin\dropbox.exe |
"{A436A882-CB4F-4381-8666-0B9216BC2111}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6C8CF62-125F-42BD-BCAC-0FF27BA71257}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{A6D9CE56-5094-45D9-9C39-90E7E330C61D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{A7F5C9F7-4E71-4008-A664-889EEC06CF9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD15E27D-79CF-4DFD-AA4B-56DD4046B169}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{AED8FED5-5040-4207-91A9-C92B1F0C4043}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{B0675907-B75A-4859-87E8-8AE6DB886C05}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B30D743C-5DFD-4ED0-ABF2-54F3BE77BF96}" = protocol=17 | dir=in | app=c:\users\nikki\appdata\local\temp\7zs4da6\hpdiagnosticcoreui.exe |
"{BB91889D-E402-4692-A2C5-37EA9EF02D8C}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{C110DD2B-537D-47FD-8244-B4B739BA1667}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe |
"{C4491D23-D71B-4430-9B28-6367CB23AB93}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4D22301-D517-4AD1-BAF4-30411571F775}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C4E976BF-B4E5-4DAA-8D2A-D41A852E2A66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0E9AA43-6416-4DF0-AB01-FFBF4B0F16AB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{D2E25034-8BEE-44C8-A27A-C7A47A55A732}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D34D89B8-30BC-4F1D-AF82-6F1CDBA9D578}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D3C1FE2F-2265-4FDE-9EF2-DD242732F9F5}" = protocol=17 | dir=in | app=c:\program files (x86)\crashplan\crashplanservice.exe |
"{D6F10449-DDBD-47FC-A8F2-40C62C82EF93}" = protocol=6 | dir=in | app=c:\users\nikki\appdata\local\temp\7zs609f\hpdiagnosticcoreui.exe |
"{D73DA925-2477-4944-A94A-A2E925CBAF1D}" = protocol=6 | dir=in | app=c:\program files\microsoft sql server\mssql11.shipworks\mssql\binn\sqlservr.exe |
"{DB7D9D2D-DDEE-4136-B813-2DEC780C1227}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{E16D558C-1573-482C-8647-F15DCF877CE4}" = protocol=6 | dir=in | app=c:\users\nikki\appdata\roaming\bittorrent\bittorrent.exe |
"{E58AC3B9-F19F-4C10-9613-ACBD588FAA93}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{E6064A41-5D98-414C-BBA3-4D4BD25A3B33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBB5EC5E-DAD5-4006-B180-A75FE904D42E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{EBDEBE8D-32ED-47CC-B30B-84E96F29D581}" = protocol=6 | dir=in | app=c:\program files\microsoft sql server\mssql11.shipworks\mssql\binn\sqlservr.exe |
"{EFB2025E-0F60-4B59-A61F-1931D00D4B2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F90A69DF-8FD2-4235-9D23-972451741B52}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FA03A360-2B13-42D0-8654-13747A4BE35B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FFF8FF91-419E-46D8-8B99-445912A26C95}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{0305269B-1482-4AA1-8091-B078C1BFAEDE}C:\Program Files (x86)\Calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"TCP Query User{0F297CCB-99F6-4D18-B681-0A657535B7A9}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |
"TCP Query User{147D6F75-F64A-4548-978D-9C9EE616BC96}C:\users\nikki\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nikki\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2CD15730-E922-45D5-8359-7DD5B59BA09D}C:\users\nikki\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\nikki\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe |
"TCP Query User{2E8D0E31-4216-4772-8EF5-062BCAC0B762}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{4A456AC8-4431-462C-B815-AFE7CD6B1C17}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{97DC5AAC-CF14-4EC0-9AF6-0066DF41E497}C:\program files (x86)\hydrairc\hydrairc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hydrairc\hydrairc.exe |
"TCP Query User{AABDEEBD-36A7-4CBE-895D-01EF86CBB494}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{D7958D17-FCED-44A9-B979-07289F76C835}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{0C5EBEBA-4092-4D42-9D91-D7661B5441EC}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{2FF4AD23-0CCD-443F-B239-588893839EEC}C:\program files (x86)\hydrairc\hydrairc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hydrairc\hydrairc.exe |
"UDP Query User{3F467954-967F-4D5B-8B38-D41B03770C17}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{682FA098-609B-4448-8D4E-BC5F34CD770D}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{984D9BF7-4307-49DD-93D8-B89875AEF99D}C:\Program Files (x86)\Calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"UDP Query User{9E6FF289-75D5-42AF-BCD1-3C58F68EEED2}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |
"UDP Query User{A93D020F-A709-46FB-A8E2-FB9606C69BAE}C:\users\nikki\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\nikki\appdata\roaming\readyshipper\db_runtime\bin\mysqld.exe |
"UDP Query User{CB452337-FBD3-4CF6-9049-2ECFE2918DB0}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{FD5DF58B-60F1-4B60-8D89-1D79B4601A68}C:\users\nikki\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nikki\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}" = SQL Server 2012 Database Engine Services
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D411379-9CE0-4B13-A19B-72D3222DD620}" = SQL Server 2012 Common Files
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}" = SQL Server 2012 Common Files
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}" = Microsoft VSS Writer for SQL Server 2012
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{48C46F0E-7B86-AC31-ACFC-2B40F1C90ACE}" = ccc-utility64
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{4AE29B5C-87B1-3C4E-8E15-17B83BA745CB}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{541356E9-6517-43C4-831D-167B94709BD1}" = Symform
"{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}" = SQL Server 2012 Database Engine Shared
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6153098B-60DB-6A9F-EA0F-B006A96B57D5}" = ATI Catalyst Install Manager
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}" = SQL Server 2012 Database Engine Shared
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}" = SQL Server 2012 Database Engine Services
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CB0713F-CFE0-445D-BCB2-538465860E1A}" = Microsoft SQL Server 2012 Setup (English)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box
"{A0F05048-7653-4FCD-9F3A-C740E4052ACE}" = Microsoft SQL Server 2012 RsFx Driver
"{AADE02D5-DCBF-04C3-CD05-ABA83D28BC4A}" = AMD Fuel
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BED1EA3D-592D-4305-9D1F-20F03726EFC1}" = Sql Server Customer Experience Improvement Program
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBA2849B-6C95-9FD2-7ACC-BF456F1958AA}" = AMD Media Foundation Decoders
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E75776B2-EAE5-42F9-A800-0A10763DEDF0}" = Microsoft SQL Server 2012 Express LocalDB
"{EBA6070F-223C-4952-B574-D2CF708E3516}_is1" = ShipWorks® 3.6.0.4651
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 3.0
"EPSON WF-2540 Series" = EPSON WF-2540 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft SQL Server 11" = Microsoft SQL Server 2012 (64-bit)
"Microsoft SQL Server SQLServer2012" = Microsoft SQL Server 2012 (64-bit)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"MiKTeX 2.9" = MiKTeX 2.9
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics TouchPad Driver
"TeXnicCenter_is1" = TeXnicCenter Version 2.0 Beta 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0F44DC3F-6E62-4961-A14B-95323C512F9B}_is1" = NCDownloader
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15412249-0AFA-D2A1-E7E2-E57AE1A96781}" = CCC Help Swedish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EAB36E-A979-0870-F58F-6F4F34017D29}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2070F457-B044-FCEE-B6DA-CB2C12CD76A5}" = CCC Help German
"{224CA902-F494-FD2A-4211-771454ED464B}" = CCC Help English
"{252FC4D1-4056-7237-6B19-4C66D0CF45A9}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 55
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BE2E4AA-C164-FEB5-6C82-BBBC90C88915}" = CCC Help Hungarian
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection
"{44D822AA-DA6D-1915-4B64-60D06AE613CE}" = CCC Help Danish
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A917E5E-2567-C01E-7F41-AF09DAE523A1}" = AMD VISION Engine Control Center
"{4B9E6EB0-0EED-4E74-9479-F982C3254F71}" = SQL Server Browser for SQL Server 2012
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{5377D0E6-0B77-5C94-A3F8-2A7C0E5791A1}" = CCC Help French
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5FE625A7-E8D6-2E41-4693-F6AC6310C467}" = CCC Help Polish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65A5E87D-7A3F-4819-807D-B86990D5F369}" = inSSIDer
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6B49AD82-52A4-43D9-BA5D-76C2CFD11A30}" = calibre
"{6F076041-F337-5F67-75E7-6C1324D43EC6}" = CCC Help Japanese
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{7FA82763-D04B-A656-159B-BD8847176377}" = CCC Help Russian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{932C1B35-B18E-447C-9E4C-5040ACA03E89}_is1" = Syberia 1
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{955CB8C1-F5F9-B649-FC65-FD65F9EC0459}" = CCC Help Korean
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{97E33108-2206-087B-9399-29F5201AAC98}" = CCC Help Portuguese
"{9854AEDC-EEB0-4182-B137-626CFC2F38E8}" = CrashPlan
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3CC933-5EF7-A868-7B74-1A227394566E}" = CCC Help Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D994879-5A05-2E8A-6D21-321221AFFF32}" = Amazon Music Importer
"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = The Sims™ 3 Into the Future
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1ACD45F-0D8E-0566-0EC0-530CDCD7E8F4}" = Catalyst Control Center Graphics Previews Common
"{A3D1D38D-9C85-7BEB-5AC8-EC2D90E2882A}" = CCC Help Czech
"{A440179F-D169-B9DA-B478-6CE97FDB3D4C}" = CCC Help Greek
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B898ABBB-4723-84B5-04C4-32A15F9DBD48}" = CCC Help Chinese Standard
"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
"{B91459FD-63A9-71E3-68F1-82352B0892B3}" = Catalyst Control Center Localization All
"{B976E52C-93A3-5CD1-FF67-658877850EDD}" = CCC Help Italian
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEDC570A-C947-D0C8-3014-A1EAA042779D}" = CCC Help Turkish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}" = Software Updater
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C29CE41A-3268-4A5C-8B29-5799906785E9}" = Wi-Fi Connect
"{C2EE0EA6-826F-63EA-8751-E2F3714DBA40}" = CCC Help Thai
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}" = Epson E-Web Print
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims™ 3 Island Paradise
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5441D19-417C-8C34-3F31-CCBD563C946E}" = Catalyst Control Center InstallProxy
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA8CC2F2-BC30-141C-92B6-CC870B4B2977}" = CCC Help Spanish
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8FBF4C7-5ADA-66B1-6509-09E05C257963}" = CCC Help Norwegian
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"AbiWord2" = AbiWord 2.8.6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"BFG-Azada - Ancient Magic" = Azada: Ancient Magic ™
"BFGC" = Big Fish Games: Game Manager
"Bookworm" = Bookworm
"Bookworm Adventures" = Bookworm Adventures
"Bookworm Adventures Vol. 2" = Bookworm Adventures Vol. 2
"com.amazon.music.uploader" = Amazon Music Importer
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"HydraIRC" = HydraIRC
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"mIRC" = mIRC
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nettalk_is1" = Nettalk 6.7
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"Peggle Nights" = Peggle Nights
"Pidgin" = Pidgin
"Rainlendar2" = Rainlendar2 (remove only)
"ReadyShipper_is1" = ReadyShipper 7.0.3
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
"Syberia" = Syberia
"TeXstudio_is1" = TeXstudio 2.3
"The Whispered World" = The Whispered World
"VLC media player" = VLC media player 2.1.2
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WriteWay1.9.4" = WriteWay
"WTA-01f56657-a518-46da-9f3a-13869c14972c" = Slingo Supreme
"WTA-028cb45d-88b7-4a73-8972-bebd772e305d" = Governor of Poker 2 Premium Edition
"WTA-15853f67-ff9a-43d4-82ba-1020d0af056d" = Zuma Deluxe
"WTA-1bbf1ab4-860c-40d7-97a4-daffc14d1793" = Blackhawk Striker 2
"WTA-2a780506-d4a6-4222-b135-b13fbe04a5af" = Vacation Quest - The Hawaiian Islands
"WTA-2f1fea9a-1a16-4f47-9cf1-caafccca18f6" = Namco All-Stars: PAC-MAN
"WTA-38df255c-c0d6-4d6e-a761-fd76bdb3c8eb" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-3ea4045b-7a72-42af-9e9c-86545de43de6" = Farm Frenzy
"WTA-3f5344f6-9073-4d79-9f91-6249c52089f4" = Mah Jong Medley
"WTA-3fbd1b6a-cb28-40a2-bcb3-083a95a731f0" = Plants vs. Zombies - Game of the Year
"WTA-4233f013-469f-483b-a117-49e9327ddb66" = Blasterball 3
"WTA-543c2727-a0b9-4621-9ec3-f9752f315510" = Poker Superstars III
"WTA-56f0f831-0d10-43ac-adb6-8dc06426619d" = Bounce Symphony
"WTA-7497ca49-a35f-41db-bb98-3591103c404e" = Chronicles of Albian
"WTA-76cb86aa-d32e-465b-9201-60601d184921" = Polar Bowler
"WTA-8367bcac-d225-41b5-8475-3f2573051da4" = Polar Golfer
"WTA-8898f13a-b6de-4c19-84d4-d1bee1dceacf" = Mystery of Mortlake Mansion
"WTA-8bfb1ab2-9994-44c9-a4e6-4fd5a92a5aff" = Penguins!
"WTA-9fc0e47b-e236-4584-a199-b32a4a9a9fda" = Cradle of Rome 2
"WTA-a307b701-1b38-4efe-b1ce-a986a50f5eb1" = Cake Mania
"WTA-acded29b-e906-4839-8ece-fa7b19aaf0ab" = Virtual Villagers 5 - New Believers
"WTA-ba152df7-7dc1-4e98-b67f-fc9888b85353" = FATE
"WTA-cc128f2b-21e9-4403-9aa8-46b3e4ac752f" = Chuzzle Deluxe
"WTA-e50c5ace-1225-4b32-a336-a5887a8876f9" = Agatha Christie - Peril at End House
"WTA-f6fc44d2-2ce2-4682-a2cb-02954a585536" = Bejeweled 3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"Amazon Amazon Cloud Player" = Amazon Cloud Player
"DB165FE98538A10E91D51C46B1461C279DDBA833" = PayPal Invoicing Template for Microsoft Excel
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/28/2014 1:20:56 AM | Computer Name = Janie | Source = WinMgmt | ID = 10
Description =
 
Error - 6/29/2014 10:35:11 PM | Computer Name = Janie | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
 time stamp: 0x4ce7ae7f  Faulting module name: wmp.dll, version: 12.0.7601.18150,
time stamp: 0x518c8c81  Exception code: 0xc0000005  Fault offset: 0x00000000000e23d7
Faulting
 process id: 0x114c  Faulting application start time: 0x01cf9290e27d5cc0  Faulting application
 path: C:\Program Files\Windows Media Player\wmpnetwk.exe  Faulting module path: C:\Windows\system32\wmp.dll
Report
 Id: 2809eea5-ffff-11e3-94f3-a0b3ccc2ff75
 
Error - 6/30/2014 10:52:23 PM | Computer Name = Janie | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
 time stamp: 0x4ce7ae7f  Faulting module name: wmp.dll, version: 12.0.7601.18150,
time stamp: 0x518c8c81  Exception code: 0xc0000005  Fault offset: 0x00000000000e23d7
Faulting
 process id: 0x26e4  Faulting application start time: 0x01cf940c08122236  Faulting application
 path: C:\Program Files\Windows Media Player\wmpnetwk.exe  Faulting module path: C:\Windows\system32\wmp.dll
Report
 Id: b974c139-00ca-11e4-94f3-a0b3ccc2ff75
 
Error - 7/1/2014 7:43:33 AM | Computer Name = Janie | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
 time stamp: 0x4ce7ae7f  Faulting module name: wmp.dll, version: 12.0.7601.18150,
time stamp: 0x518c8c81  Exception code: 0xc0000005  Fault offset: 0x00000000000e23d7
Faulting
 process id: 0x1788  Faulting application start time: 0x01cf94d796b788d7  Faulting application
 path: C:\Program Files\Windows Media Player\wmpnetwk.exe  Faulting module path: C:\Windows\system32\wmp.dll
Report
 Id: ed469221-0114-11e4-94f3-a0b3ccc2ff75
 
Error - 7/2/2014 2:43:32 AM | Computer Name = Janie | Source = RpcNs | ID = 2
Description =
 
Error - 7/4/2014 3:41:25 AM | Computer Name = Janie | Source = Application Error | ID = 1000
Description = Faulting application name: WriteWay.exe, version: 1.9.0.4, time stamp:
 0x50523506  Faulting module name: msxml3.dll, version: 8.110.7601.18431, time stamp:
 0x5332e37c  Exception code: 0xc0000005  Fault offset: 0x0000735b  Faulting process id:
 0x2adc  Faulting application start time: 0x01cf975b13193644  Faulting application path:
 C:\Users\Public\Documents\WriteWay\WriteWay.exe  Faulting module path: C:\Windows\System32\msxml3.dll
Report
 Id: 991ca2d6-034e-11e4-94f3-a0b3ccc2ff75
 
Error - 7/4/2014 11:34:09 PM | Computer Name = Janie | Source = .NET Runtime | ID = 1026
Description =
 
Error - 7/5/2014 12:28:10 PM | Computer Name = Janie | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
 time stamp: 0x4ce7ae7f  Faulting module name: wmp.dll, version: 12.0.7601.18150,
time stamp: 0x518c8c81  Exception code: 0xc0000005  Fault offset: 0x00000000000e23d7
Faulting
 process id: 0x16b4  Faulting application start time: 0x01cf9521e639c4ca  Faulting application
 path: C:\Program Files\Windows Media Player\wmpnetwk.exe  Faulting module path: C:\Windows\system32\wmp.dll
Report
 Id: 59bf74d5-0461-11e4-94f3-a0b3ccc2ff75
 
Error - 7/7/2014 9:51:12 PM | Computer Name = Janie | Source = ESENT | ID = 455
Description = taskhost (3876) WebCacheLocal: Error -1811 occurred while opening
logfile C:\Users\Nikki\AppData\Local\Microsoft\Windows\WebCache\V010011A.log.
 
Error - 7/7/2014 9:52:12 PM | Computer Name = Janie | Source = WinMgmt | ID = 10
Description =
 
[ Hewlett-Packard Events ]
Error - 11/28/2012 3:07:07 PM | Computer Name = Janie | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/28/2012 3:13:17 PM | Computer Name = Janie | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/28/2012 3:26:46 PM | Computer Name = Janie | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/28/2012 3:28:08 PM | Computer Name = Janie | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/28/2012 3:29:14 PM | Computer Name = Janie | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/28/2012 3:29:52 PM | Computer Name = Janie | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/28/2012 3:32:21 PM | Computer Name = Janie | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/28/2012 3:53:57 PM | Computer Name = Janie | Source = HPSF.exe | ID = 4000
Description =
 
Error - 12/1/2012 11:38:03 AM | Computer Name = Janie | Source = HPSF.exe | ID = 4000
Description =
 
Error - 12/13/2012 11:50:53 AM | Computer Name = Janie | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3690
Ram
 Utilization: 40  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 
[ HP Software Framework Events ]
Error - 9/29/2012 10:37:25 AM | Computer Name = Janie | Source = CaslWmi | ID = 5
Description = 2012/09/29 10:37:25.220|00001698|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/3/2012 11:34:31 AM | Computer Name = Janie | Source = CaslWmi | ID = 5
Description = 2012/10/03 11:34:31.180|0000172C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/3/2012 11:34:43 AM | Computer Name = Janie | Source = CaslWmi | ID = 5
Description = 2012/10/03 11:34:43.960|00001640|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/6/2012 4:57:13 PM | Computer Name = Janie | Source = CaslWmi | ID = 5
Description = 2012/10/06 16:57:13.115|0000107C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/13/2012 10:33:30 AM | Computer Name = Janie | Source = CaslWmi | ID = 5
Description = 2012/10/13 10:33:30.521|00000E10|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/13/2012 10:35:26 AM | Computer Name = Janie | Source = CaslWmi | ID = 5
Description = 2012/10/13 10:35:26.230|00000D84|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/13/2012 10:35:34 AM | Computer Name = Janie | Source = CaslWmi | ID = 5
Description = 2012/10/13 10:35:34.127|00000E44|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/3/2012 10:56:39 AM | Computer Name = Janie | Source = CaslWmi | ID = 5
Description = 2012/11/03 10:56:39.659|00001A3C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/3/2012 10:59:33 AM | Computer Name = Janie | Source = CaslWmi | ID = 5
Description = 2012/11/03 10:59:33.593|00000C2C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/3/2012 10:59:42 AM | Computer Name = Janie | Source = CaslWmi | ID = 5
Description = 2012/11/03 10:59:42.143|00001898|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ System Events ]
Error - 7/3/2014 1:54:48 PM | Computer Name = Janie | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Symform
 Contribution Service service to connect.
 
Error - 7/3/2014 1:54:48 PM | Computer Name = Janie | Source = Service Control Manager | ID = 7000
Description = The Symform Contribution Service service failed to start due to the
 following error:   %%1053
 
Error - 7/5/2014 12:29:21 PM | Computer Name = Janie | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
 unexpectedly.  It has done this 1 time(s).  The following corrective action will
 be taken in 30000 milliseconds: Restart the service.
 
Error - 7/6/2014 4:51:19 AM | Computer Name = Janie | Source = Service Control Manager | ID = 7034
Description = The Reimage Real Time Protection service terminated unexpectedly.
 It has done this 1 time(s).
 
Error - 7/7/2014 1:54:47 PM | Computer Name = Janie | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Symform
 Contribution Service service to connect.
 
Error - 7/7/2014 1:54:47 PM | Computer Name = Janie | Source = Service Control Manager | ID = 7000
Description = The Symform Contribution Service service failed to start due to the
 following error:   %%1053
 
Error - 7/7/2014 9:20:06 PM | Computer Name = Janie | Source = DCOM | ID = 10010
Description =
 
Error - 7/7/2014 9:51:53 PM | Computer Name = Janie | Source = DCOM | ID = 10016
Description =
 
Error - 7/7/2014 9:51:54 PM | Computer Name = Janie | Source = DCOM | ID = 10016
Description =
 
Error - 7/7/2014 9:54:23 PM | Computer Name = Janie | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the IPBusEnum service.
 
 
< End of report >
 



#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:29 PM

Posted 09 July 2014 - 04:20 PM

Good evening. :)
 

Run OTL.exe.
 

  • Copy and paste the following bold text into the Custom Scans/Fixes box at the bottom:

    :OTL
    SRV:64bit: - [2013/11/07 12:37:50 | 005,084,008 | ---- | M] (Reimage®) [Auto | Running] -- C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe -- (ReimageRealTimeProtection)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: []  File not found
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe -update plugin File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    :Files
    ipconfig /flushdns /c
    C:\Windows\Reimage.ini
    C:\Program Files\Reimage

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

 

  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.

Please let me have a copy of the log that appears once OTL has completed it's run.

Note: Copies of the logs can be found in the  C:\_OTL\MovedFiles folder - open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403

 


So long, and thanks for all the fish.

 

 


#8 niknik

niknik
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 09 July 2014 - 07:19 PM

All processes killed
========== OTL ==========
Service ReimageRealTimeProtection stopped successfully!
Service ReimageRealTimeProtection deleted successfully!
C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nikki\Downloads\cmd.bat deleted successfully.
C:\Users\Nikki\Downloads\cmd.txt deleted successfully.
C:\Windows\Reimage.ini moved successfully.
C:\Program Files\Reimage\Reimage Repair\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files\Reimage\Reimage Repair folder moved successfully.
C:\Program Files\Reimage folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nikki
->Temp folder emptied: 6764448 bytes
->Temporary Internet Files folder emptied: 1021256 bytes
->Java cache emptied: 975389 bytes
->FireFox cache emptied: 375782352 bytes
->Google Chrome cache emptied: 215941978 bytes
->Flash cache emptied: 76397 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2304446 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304013 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 615.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Nikki
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 07092014_173900
 
Files\Folders moved on Reboot...
File\Folder C:\Users\Nikki\AppData\Local\Temp\ShipWorks\3328284c0de240dd84e74b86de24d3b9\running.lock not found!
C:\Users\Nikki\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nikki\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\hsperfdata_JANIE$\1188 not found!
C:\Windows\temp\jna2459451379350478457.dll moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:29 PM

Posted 10 July 2014 - 11:00 AM

Good evening. :)

Take the PC for a spin and tell me if the problem has been resolved.


So long, and thanks for all the fish.

 

 


#10 niknik

niknik
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 11 July 2014 - 01:33 PM

Hi

 

The PC is a bit faster but reimage repair still shows up when I search for it.



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:29 PM

Posted 11 July 2014 - 02:24 PM

but reimage repair still shows up when I search for it.

 

 

I don't understand what you are doing here - searching in what way?


So long, and thanks for all the fish.

 

 


#12 niknik

niknik
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 11 July 2014 - 08:02 PM

I'm attaching a screenshot.  I know the files in the OTL Moved Files will be deleted, but there's still a few others left behind.  Can I delete those safely, or will it come back??reimagesearch1.png



#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:29 PM

Posted 12 July 2014 - 11:45 AM

Good evening. :)

I assume that the original problem of the pop-up has been resolved? As I can't see your PC I am reliant on what you tell me and you haven't mentioned that.

 

There's nothing there that you shouldn't be able to manually delete as they are just leftovers that shouldn't cause any problems. Obviously you'll know better when you try to delete them, but I don't expect any issues. Let me know how you get on and how the PC is doing.


So long, and thanks for all the fish.

 

 


#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:29 PM

Posted 17 July 2014 - 11:31 AM

Or alternatively don't post again and i'll close the thread.

 

As there has been no response for five days this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users