Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16
  1. #11
    Member
    Join Date
    Jan 2013
    Posts
    7
    Points
    0

  2. #12
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,524
    Points
    563

    Default

    Hi cath555,

    Very good! Thank you. I see Google Earth is quite the beast amongst other things that is taking up space. I'm going to have you install yet another program to get the full picture here before we do attempt to remove items to gain some space. If you may uninstall WinDirStat if you'd like. We will no longer need that.

    Please download OTL to your Desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #13
    Member
    Join Date
    Jan 2013
    Posts
    7
    Points
    0

    Default

    OTL logfile created on: 1/30/2013 10:38:04 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cathy\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.60 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 59.94% Memory free
    2.99 Gb Paging File | 1.42 Gb Available in Paging File | 47.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 454.29 Gb Total Space | 61.41 Gb Free Space | 13.52% Space Free | Partition Type: NTFS
    Drive D: | 11.37 Gb Total Space | 1.00 Gb Free Space | 8.80% Space Free | Partition Type: NTFS

    Computer Name: CATHY-HP | User Name: cathy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/30 10:37:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cathy\Downloads\OTL (2).exe
    PRC - [2013/01/08 14:17:43 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    PRC - [2013/01/01 13:40:32 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
    PRC - [2012/12/02 12:41:52 | 000,635,264 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe
    PRC - [2012/10/21 15:52:45 | 000,107,520 | ---- | M] () -- C:\Users\cathy\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    PRC - [2011/12/08 16:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
    PRC - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
    PRC - [2011/10/05 12:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
    PRC - [2011/08/12 11:07:58 | 000,287,488 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe
    PRC - [2011/08/12 11:07:58 | 000,103,136 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask2.exe
    PRC - [2011/08/12 11:07:56 | 000,421,376 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe
    PRC - [2010/11/26 08:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    PRC - [2010/11/20 21:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/08 16:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
    MOD - [2011/09/13 16:57:20 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/06/15 09:10:43 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/01/08 14:17:46 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/02 12:41:52 | 000,635,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
    SRV - [2012/10/21 15:52:45 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\cathy\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
    SRV - [2011/08/12 11:07:58 | 000,287,488 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe -- (.AVQWindowsMonitorService)
    SRV - [2011/08/12 11:07:56 | 000,421,376 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe -- (Fix-It Utilities Task Manager)
    SRV - [2010/11/26 08:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/12/12 17:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
    DRV:64bit: - [2011/08/12 11:07:58 | 000,017,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AQFileRestore.sys -- (AQFileRestore)
    DRV:64bit: - [2011/07/22 10:33:48 | 000,025,056 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
    DRV:64bit: - [2011/06/16 03:41:55 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2011/06/15 09:24:54 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2011/06/15 09:24:52 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2011/06/15 09:11:03 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/06/15 09:11:01 | 009,358,336 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/06/09 07:19:24 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/02/03 11:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{9B7B7DB5-BC63-4A55-89E4-3DB7FC5EF3CA}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZO^xdm036^YY^us&si=pd&ptb=31E0EE5A-D8D1-4DF4-8069-A05AAB4300A0&ind=2013012903&n=77fc23a7&psa=&st=sb&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{9B7B7DB5-BC63-4A55-89E4-3DB7FC5EF3CA}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home - Welcome to CenturyLink
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=116262&tt=4812_6&babsrc=SP_ss&mntrId=42ff6bfa000000000000008ef27bc809
    IE - HKCU\..\SearchScopes\{280C9A2D-40F6-4342-9E1C-1E7EB4C4FE4F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=L6&apn_dtid=YYYYYYYYUS&apn_uid=d94a07ba-c40d-4455-b5a3-694874f462af&apn_sauid=7E1F9F2F-378D-44F4-BB56-446C6DFF6BF5
    IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{7569D82A-612E-482A-8822-ED7F4DBA3E5E}: "URL" = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
    IE - HKCU\..\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZO^xdm036^YY^us&si=pd&ptb=31E0EE5A-D8D1-4DF4-8069-A05AAB4300A0&ind=2013012903&n=77fc23a7&psa=&st=sb&searchfor={searchTerms}
    IE - HKCU\..\SearchScopes\{9B7B7DB5-BC63-4A55-89E4-3DB7FC5EF3CA}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20121043,17118,0,18,0
    IE - HKCU\..\SearchScopes\{BC09F015-F5E4-4834-AA62-BB6275440209}: "URL" = http://ws.infospace.com/gamers_brw/ws/redir?_iceUrl=true&user_id=%userid&tool_id=%toolid&qkw={searchTerms}
    IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKCU\..\SearchScopes\{E114D024-097E-41A0-9412-FD9F84831DA8}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/01/25 20:43:56 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@vshsolutions.com: C:\Users\cathy\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com [2012/12/02 12:47:25 | 000,000,000 | ---D | M]

    [2012/12/02 12:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cathy\AppData\Roaming\Mozilla\Extensions
    [2012/12/02 12:47:25 | 000,000,000 | ---D | M] (Special Savings) -- C:\Users\cathy\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage:
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Norton Identity Protection = C:\Users\cathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\

    O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (UnfriendApp) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\cathy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
    O2 - BHO: (CenturyLink Toolbar) - {83453B9B-B889-4659-9144-20F081542BDC} - C:\Program Files (x86)\centurytoolbar\centurytoolbarDx.dll ()
    O2 - BHO: (Swiki_IE) - {A2B6C1C5-ACDE-415E-A965-9FCB42E95952} - C:\Program Files (x86)\Swiki_IE\ScriptHost.dll (Swiki)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (CenturyLink Toolbar) - {83453B9B-B889-4659-9144-20F081542BDC} - C:\Program Files (x86)\centurytoolbar\centurytoolbarDx.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Co...IKEA_Win32.cab (20-20 3D Viewer for IKEA)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B130B83-C9C2-48EE-9AFF-1377B736EDAD}: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{569DE92F-1408-4075-80C7-44C71A181425}: DhcpNameServer = 10.0.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\25912~1.8\{16cdf~1\pcpmngr.dll) - File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{845340a6-1bd6-11e2-97a0-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{845340a6-1bd6-11e2-97a0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/28 17:12:12 | 000,000,000 | ---D | C] -- C:\Users\cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
    [2013/01/28 17:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
    [2013/01/28 17:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat
    [2013/01/28 16:44:47 | 000,000,000 | ---D | C] -- C:\Users\cathy\Documents\Add-in Express
    [2013/01/28 16:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
    [2013/01/28 15:58:09 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
    [2013/01/26 20:26:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/01/26 19:43:09 | 000,000,000 | ---D | C] -- C:\Users\cathy\AppData\Roaming\Roxio Log Files
    [2013/01/25 17:45:51 | 000,000,000 | ---D | C] -- C:\Users\cathy\AppData\Local\AVG Secure Search
    [2013/01/25 17:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2013/01/25 17:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2013/01/25 17:44:44 | 000,000,000 | ---D | C] -- C:\Users\cathy\AppData\Roaming\Nico Mak Computing
    [2013/01/25 17:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Registry Optimizer
    [2013/01/21 14:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
    [2013/01/20 13:29:14 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2013/01/20 13:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2013/01/20 13:28:52 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccSetx64.sys
    [2013/01/20 13:28:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
    [2013/01/20 13:28:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1402000.013
    [2013/01/20 13:28:31 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
    [2013/01/20 13:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
    [2013/01/20 13:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
    [2013/01/19 17:55:51 | 000,000,000 | ---D | C] -- C:\Users\cathy\AppData\Roaming\Systweak
    [2013/01/19 17:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    [2013/01/19 17:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
    [2013/01/19 17:53:30 | 000,000,000 | ---D | C] -- C:\Users\cathy\AppData\Local\Coupon Companion Plugin
    [2013/01/13 17:52:10 | 000,000,000 | ---D | C] -- C:\Users\cathy\AppData\Local\ElevatedDiagnostics
    [2013/01/11 19:33:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\20-20 Technologies
    [2013/01/10 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\cathy\AppData\Local\Zoom_Downloader
    [2013/01/10 18:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
    [2013/01/10 18:34:02 | 000,000,000 | ---D | C] -- C:\Users\cathy\AppData\Local\Shopping Sidekick Plugin
    [2013/01/10 18:18:21 | 000,000,000 | ---D | C] -- C:\Users\cathy\AppData\Roaming\SmartDraw

    ========== Files - Modified Within 30 Days ==========

    [2013/01/30 10:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/30 09:45:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/30 08:33:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_cathy.job
    [2013/01/29 23:11:40 | 000,178,672 | ---- | M] () -- C:\Users\cathy\Documents\screenshot2.png
    [2013/01/29 23:01:58 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/29 23:01:58 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/29 17:53:16 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/29 17:53:16 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/29 17:53:16 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/29 17:51:42 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/29 17:51:21 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_cathy.job
    [2013/01/29 17:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/29 17:50:17 | 2093,912,064 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/29 11:24:28 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForcathy.job
    [2013/01/29 02:20:09 | 000,177,092 | ---- | M] () -- C:\Users\cathy\Documents\screenshot.png
    [2013/01/28 19:29:02 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_cathy.job
    [2013/01/28 17:12:12 | 000,001,033 | ---- | M] () -- C:\Users\cathy\Desktop\WinDirStat.lnk
    [2013/01/28 16:11:59 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/26 21:29:25 | 000,006,832 | ---- | M] () -- C:\bootsqm.dat
    [2013/01/25 17:44:45 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer.job
    [2013/01/20 13:29:14 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2013/01/11 09:33:44 | 000,000,187 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg
    [2013/01/09 03:29:56 | 000,772,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== Files Created - No Company Name ==========

    [2013/01/29 23:11:40 | 000,178,672 | ---- | C] () -- C:\Users\cathy\Documents\screenshot2.png
    [2013/01/29 02:20:08 | 000,177,092 | ---- | C] () -- C:\Users\cathy\Documents\screenshot.png
    [2013/01/28 17:12:12 | 000,001,033 | ---- | C] () -- C:\Users\cathy\Desktop\WinDirStat.lnk
    [2013/01/26 21:29:25 | 000,006,832 | ---- | C] () -- C:\bootsqm.dat
    [2013/01/25 17:44:45 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\Registry Optimizer.job
    [2013/01/20 13:28:34 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccSetx64.inf
    [2013/01/20 13:28:33 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccSetx64.cat
    [2013/01/20 13:28:33 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtsp64.cat
    [2013/01/11 09:33:44 | 000,000,187 | ---- | C] () -- C:\Windows\SysWow64\userawacs.cfg
    [2012/11/28 19:24:04 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
    [2011/08/31 22:57:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/08/31 22:46:54 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/06/21 01:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2011/06/07 23:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
    [2011/02/11 11:15:43 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/10/25 18:11:36 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\Avanquest
    [2012/12/20 12:38:43 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\AVG2013
    [2012/12/02 12:44:56 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\Babylon
    [2012/12/04 11:15:06 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\BitZipper
    [2012/12/04 11:19:00 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\Blio
    [2012/10/21 15:52:45 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\DefaultTab
    [2013/01/25 17:44:44 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\Nico Mak Computing
    [2012/12/04 11:09:29 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\PerformerSoft
    [2013/01/10 18:21:12 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\SmartDraw
    [2012/12/02 12:47:24 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\SpecialSavings
    [2013/01/19 18:52:08 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\Systweak
    [2012/12/20 12:37:54 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\TuneUp Software
    [2012/10/28 07:42:41 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\WeatherBug
    [2012/12/09 00:01:00 | 000,000,000 | ---D | M] -- C:\Users\cathy\AppData\Roaming\WildTangent

    ========== Purity Check ==========



    < End of report >
    OTL Extras logfile created on: 1/30/2013 10:38:04 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cathy\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.60 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 59.94% Memory free
    2.99 Gb Paging File | 1.42 Gb Available in Paging File | 47.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 454.29 Gb Total Space | 61.41 Gb Free Space | 13.52% Space Free | Partition Type: NTFS
    Drive D: | 11.37 Gb Total Space | 1.00 Gb Free Space | 8.80% Space Free | Partition Type: NTFS

    Computer Name: CATHY-HP | User Name: cathy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04129791-FB5C-44C0-8A12-B70BEA80F0A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{06D6B646-E8DC-4062-B756-5D787C5B0A94}" = lport=138 | protocol=17 | dir=in | app=system |
    "{0FF5D481-4FDB-43CB-8D61-24AB0D71ED4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2C4F743D-82FF-4E9E-AFB4-4066CB473ADB}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{51957E90-85B4-432D-A336-DD5337AEA97D}" = lport=137 | protocol=17 | dir=in | app=system |
    "{5924F3DF-B6C8-4866-A870-4C84CB34BD5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5D2EC718-A192-4996-9DE1-F764F2411724}" = lport=445 | protocol=6 | dir=in | app=system |
    "{6020C6FE-AF1F-4E84-B3F2-912C34F01CFB}" = lport=139 | protocol=6 | dir=in | app=system |
    "{7439B07A-43EB-4AC6-9119-97155A06A29D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{746E6A9C-CA26-4F52-920C-C8CCE1E105DA}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7A467CAB-8C81-42B0-BF5A-A48A66A3B7F0}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{7FE370A1-D51B-4FFE-8972-53498B19B275}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8ADE6D1E-B611-4592-B201-198E9D7D7290}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{98E9961C-F6E5-4563-AB6C-9E7566CCA9D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9D2220C2-4167-4135-A736-27787D84E56C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A81B75E9-6DF9-46B8-9DEA-206BCCC67D34}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{B655DDE7-0CEC-4DCA-9901-EBEEC34274F1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{B985FF0B-D5CF-4930-BAAD-78DEF19AFC85}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C803E676-ED56-4988-86F7-D946C25AB152}" = rport=137 | protocol=17 | dir=out | app=system |
    "{C99DD2AA-5E5E-4E17-86BB-030EF4682DD6}" = rport=445 | protocol=6 | dir=out | app=system |
    "{CF88BC79-2692-420B-A2FB-BC63E136B56B}" = rport=139 | protocol=6 | dir=out | app=system |
    "{D0545F59-86AC-42E3-A336-DA5CAAFB1DEC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D45A4749-CAD5-4A37-A293-6B81C5524B3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DBAD3663-7F96-4203-A9B9-A50EC8398BF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E7920FD8-F003-4280-8B37-D44913E69341}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00916A73-727D-4892-BCE2-B44EC6F7C6A5}" = protocol=6 | dir=out | app=system |
    "{063381B7-85B2-4EB5-B3A9-D71E187B38B6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{0D2E676D-39ED-4165-9C91-DC4E99CC8E38}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{12C1A8F2-9697-46C9-968C-B5A362E576CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{16E22055-C585-47C8-A2F0-6014A9D78217}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1E8648FB-126C-4314-BA04-8E9E3585FB8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{205589E4-FCFD-4FA7-AF4B-4BCC5DAF3581}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{24E681A3-7D09-4D91-B642-237A914FE3A8}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{2F8F43E8-BDA6-49F9-B14A-1C0D5BE158DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{32E63DD0-3458-4B66-A552-C90B68778CD5}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
    "{3E9A5250-0EDC-4F42-BAC3-766EF74E9618}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{3F5FBEB1-57E3-47FA-87E5-BB6AE269E248}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4EC54AB9-107B-415B-BB6A-5079D2A9209E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{58FF54C7-EC99-4619-BE49-4626E96EF957}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{5DC674E6-AEF0-444D-97D5-22046E45E6FC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{62A24980-BBDD-470B-AFBD-5B45FB0B1B76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{660860B7-C71C-4DB9-9283-72FC3530CD92}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{664D4D32-5C8C-4C30-9CC4-7582E33C36E0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{6C1638F0-62DD-477C-BC8C-F29204C0E871}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
    "{707579BF-00A5-4B38-AE7E-EA15A71A1247}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
    "{7E99ECF8-FF6D-481A-85D7-241BF114E619}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{7EAD2AE8-AAC8-4807-AAE0-C98157177ADF}" = dir=out | app=c:\users\cathy\appdata\local\microsoft\windows\temporary internet files\content.ie5\zxm3jhwq\pcperformersetup.exe |
    "{82BCE034-DA59-41D0-A46E-E4D1C6C20222}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
    "{8DAB5E69-36F1-4017-99EE-B95575066422}" = dir=in | app=c:\users\cathy\appdata\local\microsoft\windows\temporary internet files\content.ie5\zxm3jhwq\pcperformersetup.exe |
    "{9AA90308-45B6-4F82-AA1B-9B61CB200190}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{A0442E0A-656A-4267-A947-9F344C325377}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{A04ECFA2-794A-4463-91E8-FB46A5A2F967}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{A663EFE2-2A09-45A1-AE69-0E6B3DB769D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{AA56C143-37EB-472D-B22B-5566B7DB8418}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{ABACDF62-BA52-4391-B33A-CEAC71674E3F}" = dir=out | app=c:\users\cathy\appdata\local\temp\ibtmp3f6c444\component_532.decrpt |
    "{AF4EB825-7683-4646-A80A-CB1A20E25A8F}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
    "{B69AD87B-587E-4E7C-8066-DCD629753EEB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{BAC9D8EC-4A3C-456D-B7B1-871F5171DE8B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{CC75235A-4E85-4079-AE71-1812053A7BC6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{CFA412C1-73B4-4B65-B6BE-3B827F00F639}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
    "{D44579D6-3B4D-4F08-B6DF-51B63361E4DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D64D718F-0621-4A92-A092-35B1739CD03A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D9F4F685-6A51-4CF7-80A6-D5B4F311AF03}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
    "{DAE84FC9-305D-46AE-8F11-AC2EDD80F9E7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{DFC688FE-0358-46CB-96A1-6AF0CDFD1147}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E0A25086-E827-4164-A71F-C5531DF7E156}" = dir=in | app=c:\users\cathy\appdata\local\temp\ibtmp3f6c444\component_532.decrpt |
    "{EA2CE26E-F844-46B8-8721-933175728665}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
    "{EAE02206-B53A-41D5-AAE9-B4C729611610}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{F109A8B5-A747-454C-A8F5-0E87CE8327B5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{FA68D63E-4D0B-41EF-B755-34829AEEC3C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FAF73FC1-BAE2-4E36-8995-978E7141FD09}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{FD9DE20C-B642-4730-AAF5-767241E79741}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{85A5A208-1A5A-A736-170E-AA826BC19B2A}" = ATI Catalyst Install Manager
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{D7C661D9-1B9F-5C73-8A77-85A26D9DB78F}" = AMD Media Foundation Decoders
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EF48631A-7F45-430A-8AD3-B41CFB1D7596}" = HP Deskjet 2050 J510 series Product Improvement Study
    "{F2C07BE3-0F88-4D0C-957B-3557699981E9}" = HP Deskjet 2050 J510 series Basic Device Software
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FEB70794-C52E-5ABC-10EF-8D1022A6A511}" = ccc-utility64
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01542B68-DCFC-04B9-D105-A5BCDDFA7C34}" = CCC Help Turkish
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B30B8D2-9DE0-4EEC-AA68-8E1E77CD8322}" = Uninstall Helper
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
    "{17737752-8324-7D51-D339-DBA6DE6D2DAA}" = AMD VISION Engine Control Center
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3C986C5A-19DA-2744-9666-15A18FF0C2B9}" = CCC Help Korean
    "{3DB90277-3BA2-52D4-089F-F8A8E9EB3C93}" = CCC Help Hungarian
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B76743C-E56D-D33F-F7FA-6C3B305502E9}" = CCC Help Russian
    "{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Utilities Professional
    "{5518148D-3C8D-1C59-86F5-8E3205C4B68E}" = CCC Help French
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{64F52262-3848-08B6-AE57-48AC337B1ABD}" = CCC Help Italian
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A951F56-EF9B-B3BA-7E9B-7ABDFAD6868F}" = CCC Help Danish
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
    "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{80C1D83D-053C-D801-6961-426E095B7B8D}" = CCC Help Japanese
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8437B03F-5D2B-A8C6-CF2A-EF77D000D600}" = CCC Help Dutch
    "{84A1DD9A-9DCC-FB89-EC55-E4B609C3E328}" = CCC Help Polish
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86DB98B6-6B43-5C6A-0546-10FA3FF86D20}" = CCC Help Norwegian
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E9E8E4A-45DC-6AE8-C1A6-9CBB32D97E8F}" = CCC Help Chinese Standard
    "{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
    "{917EAE5D-B43E-FAD4-FEDD-044B860AA91A}" = CCC Help Finnish
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{980375A3-2C47-E490-B410-0B29EFCF7C4C}" = CCC Help English
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9CA3CFD8-6082-231A-D9EE-F09A9342A1A4}" = CCC Help Chinese Traditional
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2BE22D4-0F66-455E-9783-1D7113CC6F00}" = Catalyst Control Center - Branding
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AD5D7F64-B818-0E00-A852-2A48CF415C02}" = Catalyst Control Center Graphics Previews Common
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{BB27B53A-EBAE-5056-D7E4-295D875B7AA7}" = CCC Help Greek
    "{C0E23D8B-C7B9-8BB3-C6EA-23C193F6CA59}" = CCC Help Czech
    "{C1259093-7E15-7454-6696-1AF276CEBC1F}" = CCC Help Portuguese
    "{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D8A44325-B409-223A-EC28-898ABFACBBCE}" = CCC Help German
    "{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0CAD049-58B6-2A20-0257-C5300E1AD390}" = Catalyst Control Center Localization All
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E800AF2C-A63D-52F2-4AF5-7D31B1BC87C8}" = CCC Help Thai
    "{EB298FF1-6F2E-56A6-CB3D-8A174D2FE011}" = CCC Help Spanish
    "{EB2DABBE-051B-764D-5CC2-428923F80789}" = CCC Help Swedish
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE678BB2-C794-65F3-1D4F-DB5173C66986}" = Catalyst Control Center InstallProxy
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "centurytoolbar" = CenturyLink Toolbar
    "DefaultTab" = DefaultTab
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "Kobo" = Kobo
    "RealPlayer 15.0" = RealPlayer
    "Swiki_IE" = Swiki_IE
    "Swiki_is1" = Swiki version 1.0
    "Trusted Software Assistant_is1" = File Type Assistant
    "Uninstall Helper 2.0.0.0" = Uninstall Helper
    "Updater Service" = Updater Service
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-0b046067-bea9-4628-8749-21629bed3262" = Slingo Supreme
    "WTA-129d46ae-ab33-4fe8-85d3-053253c1359d" = Bounce Symphony
    "WTA-32a3b3de-01f1-4b12-9483-14ff8cd7d75c" = Cake Mania
    "WTA-39cc8d7e-2c12-4a5c-9885-a573c34947aa" = Chronicles of Albian
    "WTA-44872df6-b3b4-44c4-972a-ece2a6f4c2a0" = Poker Superstars III
    "WTA-54755f19-ee6c-4db1-b392-b5b8132ba00b" = Blasterball 3
    "WTA-7e009e99-bf7a-4da7-8c73-a616fd8b1029" = Agatha Christie - Peril at End House
    "WTA-7f9e334c-dc0d-4390-b799-8be5d78bdd4a" = Farm Frenzy
    "WTA-86782925-e5d1-4286-9864-0d02418a728d" = Mystery of Mortlake Mansion
    "WTA-8ae5e46d-76c5-4b5f-8e42-04077814abda" = Zuma Deluxe
    "WTA-907908af-ad92-48d9-8e58-e8c505baa198" = Virtual Villagers 5 - New Believers
    "WTA-967eb080-2fc8-4305-8536-03b6eddfd7c0" = Polar Golfer
    "WTA-9888d5c3-4dca-4e54-9c3b-26c4c8a03823" = Governor of Poker 2 Premium Edition
    "WTA-9da1d162-c288-47ea-9de4-e64a292f06fe" = Jewel Quest: The Sleepless Star - Collector's Edition
    "WTA-a65373ce-9c11-4d8f-a290-29a5b442db23" = Vacation Quest - The Hawaiian Islands
    "WTA-aa0e0b4a-208f-4c47-a683-4269d939a9c1" = Plants vs. Zombies - Game of the Year
    "WTA-aad19bca-c42b-45f1-b5b7-79ff7a16c90e" = FATE
    "WTA-b633b028-573b-4b35-91d7-7c150819939a" = Polar Bowler
    "WTA-bb872e1f-732a-46bc-b949-26b1df21c446" = Chuzzle Deluxe
    "WTA-c60d79cb-5e8d-44bf-8803-7c74b9327352" = Namco All-Stars: PAC-MAN
    "WTA-cc27e778-46a7-406d-89f1-a1db4606a707" = Penguins!
    "WTA-cd9a500e-ac18-4f81-9f59-d32c438d5ff4" = Bejeweled 3
    "WTA-dbc4f2e1-7d53-478c-ac7b-3b40e9bd9aec" = Mah Jong Medley
    "WTA-f6df1d4e-4670-495b-9a03-a1c8ec21f989" = Blackhawk Striker 2
    "WTA-ffe82e4a-c336-4fd9-9b41-8fecf8404742" = Cradle of Rome 2
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/29/2013 3:22:28 PM | Computer Name = cathy-HP | Source = Application Hang | ID = 1002
    Description = The program windirstat.exe version 1.1.2.80 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 2774 Start
    Time: 01cdfe55b2d6670e Termination Time: 31 Application Path: C:\Program Files (x86)\WinDirStat\windirstat.exe

    Report
    Id: 35b5b298-6a49-11e2-b171-008ef27bc809

    Error - 1/29/2013 3:25:06 PM | Computer Name = cathy-HP | Source = Application Hang | ID = 1002
    Description = The program windirstat.exe version 1.1.2.80 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 2564 Start
    Time: 01cdfe55faaf8fe4 Termination Time: 16 Application Path: C:\Program Files (x86)\WinDirStat\windirstat.exe

    Report
    Id: 93be6eb6-6a49-11e2-b171-008ef27bc809

    Error - 1/29/2013 3:43:40 PM | Computer Name = cathy-HP | Source = Application Hang | ID = 1002
    Description = The program windirstat.exe version 1.1.2.80 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1e1c Start
    Time: 01cdfe5660e4a592 Termination Time: 0 Application Path: C:\Program Files (x86)\WinDirStat\windirstat.exe

    Report
    Id: 2ba53993-6a4c-11e2-b171-008ef27bc809

    Error - 1/29/2013 4:48:54 PM | Computer Name = cathy-HP | Source = Application Hang | ID = 1002
    Description = The program windirstat.exe version 1.1.2.80 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 2bb4 Start
    Time: 01cdfe5cf3a7e4c2 Termination Time: 15 Application Path: C:\Program Files (x86)\WinDirStat\windirstat.exe

    Report
    Id: 46d8d5a8-6a55-11e2-b171-008ef27bc809

    Error - 1/29/2013 5:31:06 PM | Computer Name = cathy-HP | Source = Application Hang | ID = 1002
    Description = The program windirstat.exe version 1.1.2.80 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 3848 Start
    Time: 01cdfe626adb66ed Termination Time: 0 Application Path: C:\Program Files (x86)\WinDirStat\windirstat.exe

    Report
    Id: 2ad69955-6a5b-11e2-b171-008ef27bc809

    Error - 1/29/2013 5:58:27 PM | Computer Name = cathy-HP | Source = ESENT | ID = 482
    Description = wuaueng.dll (936) SUS20ClientDataStore: An attempt to write to the
    file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000)
    for 98304 (0x00018000) bytes failed after 0 seconds with system error 112 (0x00000070):
    "There is not enough space on the disk. ". The write operation will fail with
    error -1808 (0xfffff8f0). If this error persists then the file may be damaged and
    may need to be restored from a previous backup.

    Error - 1/29/2013 6:29:14 PM | Computer Name = cathy-HP | Source = ESENT | ID = 482
    Description = wuaueng.dll (936) SUS20ClientDataStore: An attempt to write to the
    file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000)
    for 98304 (0x00018000) bytes failed after 0 seconds with system error 112 (0x00000070):
    "There is not enough space on the disk. ". The write operation will fail with
    error -1808 (0xfffff8f0). If this error persists then the file may be damaged and
    may need to be restored from a previous backup.

    Error - 1/29/2013 7:48:24 PM | Computer Name = cathy-HP | Source = Application Hang | ID = 1002
    Description = The program windirstat.exe version 1.1.2.80 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: eb4 Start
    Time: 01cdfe747d169b17 Termination Time: 31 Application Path: C:\Program Files (x86)\WinDirStat\windirstat.exe

    Report
    Id: 59ae99f6-6a6e-11e2-8e35-008ef27bc809

    Error - 1/29/2013 9:05:38 PM | Computer Name = cathy-HP | Source = Application Hang | ID = 1002
    Description = The program windirstat.exe version 1.1.2.80 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1fe4 Start
    Time: 01cdfe84a0cdb2e9 Termination Time: 0 Application Path: C:\Program Files (x86)\WinDirStat\windirstat.exe

    Report
    Id: 25add0ca-6a79-11e2-a868-008ef27bc809

    Error - 1/29/2013 9:15:51 PM | Computer Name = cathy-HP | Source = Application Hang | ID = 1002
    Description = The program windirstat.exe version 1.1.2.80 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 17a0 Start
    Time: 01cdfe85ec117f40 Termination Time: 16 Application Path: C:\Program Files (x86)\WinDirStat\windirstat.exe

    Report
    Id: 9413f441-6a7a-11e2-a868-008ef27bc809

    [ Hewlett-Packard Events ]
    Error - 1/26/2013 6:33:07 PM | Computer Name = cathy-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088hpsa_service.exe at interop.Scheduler.ITaskFolder.RegisterTaskDefinition(String
    Path, ITaskDefinition pDefinition, Int32 flags, Object UserId, Object password,
    _TASK_LOGON_TYPE LogonType, Object sddl) at HP.SupportFramework.Service.Scheduler.TaskScheduler.createTask(Boolean
    isAdmin, String strName, String strDescription, String strStartTime, Int16 shrDOW,
    _TASK_TRIGGER_TYPE2 trigType, String strExePath, String strExeArgs) Message: File
    not created by asset agent StackTrace: at interop.Scheduler.ITaskFolder.RegisterTaskDefinition(String
    Path, ITaskDefinition pDefinition, Int32 flags, Object UserId, Object password,
    _TASK_LOGON_TYPE LogonType, Object sddl) at HP.SupportFramework.Service.Scheduler.TaskScheduler.createTask(Boolean
    isAdmin, String strName, String strDescription, String strStartTime, Int16 shrDOW,
    _TASK_TRIGGER_TYPE2 trigType, String strExePath, String strExeArgs) Source: interop.Scheduler

    Name:
    hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\hpsa_service.exe Format: en-US RAM: 2662 Ram Utilization: 80 TargetSite:
    interop.Scheduler.IRegisteredTask RegisterTaskDefinition(System.String, interop.Scheduler.ITaskDefinition,
    Int32, System.Object, System.Object, interop.Scheduler._TASK_LOGON_TYPE, System.Object)


    Error - 1/26/2013 6:40:28 PM | Computer Name = cathy-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2147024784hpsa_service.exe at interop.Scheduler.ITaskFolder.RegisterTaskDefinition(String
    Path, ITaskDefinition pDefinition, Int32 flags, Object UserId, Object password,
    _TASK_LOGON_TYPE LogonType, Object sddl) at HP.SupportFramework.Service.Scheduler.TaskScheduler.createTask(Boolean
    isAdmin, String strName, String strDescription, String strStartTime, Int16 shrDOW,
    _TASK_TRIGGER_TYPE2 trigType, String strExePath, String strExeArgs) Message: There
    is not enough space on the disk. (Exception from HRESULT: 0x80070070) StackTrace:
    at interop.Scheduler.ITaskFolder.RegisterTaskDefinition(String Path, ITaskDefinition
    pDefinition, Int32 flags, Object UserId, Object password, _TASK_LOGON_TYPE LogonType,
    Object sddl) at HP.SupportFramework.Service.Scheduler.TaskScheduler.createTask(Boolean
    isAdmin, String strName, String strDescription, String strStartTime, Int16 shrDOW,
    _TASK_TRIGGER_TYPE2 trigType, String strExePath, String strExeArgs) Source: interop.Scheduler

    Name:
    hpsa_service.exe Version: 07.00.00.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\hpsa_service.exe Format: en-US RAM: 2662 Ram Utilization: 80 TargetSite:
    interop.Scheduler.IRegisteredTask RegisterTaskDefinition(System.String, interop.Scheduler.ITaskDefinition,
    Int32, System.Object, System.Object, interop.Scheduler._TASK_LOGON_TYPE, System.Object)


    [ Media Center Events ]
    Error - 12/9/2012 5:18:48 AM | Computer Name = cathy-HP | Source = MCUpdate | ID = 0
    Description = 3:18:43 AM - Error connecting to the internet. 3:18:43 AM - Unable
    to contact server..

    Error - 12/9/2012 6:19:00 AM | Computer Name = cathy-HP | Source = MCUpdate | ID = 0
    Description = 4:18:58 AM - Error connecting to the internet. 4:18:58 AM - Unable
    to contact server..

    Error - 12/9/2012 7:19:11 AM | Computer Name = cathy-HP | Source = MCUpdate | ID = 0
    Description = 5:19:08 AM - Error connecting to the internet. 5:19:08 AM - Unable
    to contact server..

    Error - 12/9/2012 8:19:26 AM | Computer Name = cathy-HP | Source = MCUpdate | ID = 0
    Description = 6:19:22 AM - Error connecting to the internet. 6:19:22 AM - Unable
    to contact server..

    [ System Events ]
    Error - 1/29/2013 4:24:03 AM | Computer Name = cathy-HP | Source = DCOM | ID = 10016
    Description =

    Error - 1/29/2013 1:22:36 PM | Computer Name = cathy-HP | Source = DCOM | ID = 10010
    Description =

    Error - 1/29/2013 1:22:49 PM | Computer Name = cathy-HP | Source = Service Control Manager | ID = 7034
    Description = The Fix-It Utilities Process Monitor service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 1/29/2013 5:54:39 PM | Computer Name = cathy-HP | Source = DCOM | ID = 10010
    Description =

    Error - 1/29/2013 5:54:51 PM | Computer Name = cathy-HP | Source = Service Control Manager | ID = 7034
    Description = The Fix-It Utilities Process Monitor service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 1/29/2013 6:58:31 PM | Computer Name = cathy-HP | Source = DCOM | ID = 10010
    Description =

    Error - 1/29/2013 6:58:40 PM | Computer Name = cathy-HP | Source = Service Control Manager | ID = 7034
    Description = The Fix-It Utilities Process Monitor service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 1/29/2013 7:07:46 PM | Computer Name = cathy-HP | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.

    Error - 1/29/2013 7:49:19 PM | Computer Name = cathy-HP | Source = DCOM | ID = 10010
    Description =

    Error - 1/29/2013 7:49:23 PM | Computer Name = cathy-HP | Source = Service Control Manager | ID = 7034
    Description = The Fix-It Utilities Process Monitor service terminated unexpectedly.
    It has done this 1 time(s).


    < End of report >

  4. #14
    Member
    Join Date
    Jan 2013
    Posts
    7
    Points
    0

    Default

    hope i did that right

  5. #15
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,524
    Points
    563

    Default

    Hi cath555,

    Yes! You did that very well!

    We need to delete the Google Earth folder. Google Earth may have been uninstalled but there is a folder left over we need to find and get rid of. Please follow the file path below to remove the Google Earth folder:

    Click on Start > Computer > Program Files (x86) > Google > Google Earth and right click on the Google Earth folder to delete it, if found.

    Next:
    • Click on Start > Control Panel > Folder Options.
    • Under Folder Options click on the View tab.
    • Under the View tab > Advanced Settings look for Hidden files and folders and under that click on the little dial button to the left of Show hidden files, folders and drives. Next click on Apply > OK.


    Below is an image that might help:



    Next:

    Once you have completed the above task, please follow the file path below to find the Google Earth folder in the AppData folder:

    Click on Start > Computer > Local Disk C: > Users > cathy > AppData > LocalLow > Google > Google Earth

    Right click and delete only the Google Earth folder.

    That should free up tons of space. Let me know if you are still receiving the harddrive is full message.


    If I may add, you have many undesirable programs on your computer. Some are registry cleaners, many are toolbars and browser helper objects that can slow your computer down. Some are even considered spyware!

    I also see that you have indications of Norton Internet Security and AVG 2013 on your computer though I do not see either of them running in realtime protecting you. They both look like they might have been uninstalled.

    I'd be more than happy to help you further if you would allow me to. In this day and age, having no active AnitVirus running in realtime is not good at all!

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  6. #16
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,524
    Points
    563

    Default

    Hi cath555,

    Is everything ok? Do you still need help?

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

Page 2 of 2 FirstFirst 12