1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ads and music play in back ground

Discussion in 'Virus & Other Malware Removal' started by Tzil, Jan 13, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Tzil

    Tzil Thread Starter

    Joined:
    Jan 13, 2013
    Messages:
    2
    I am running windows 7 and I am getting adds and music playing in the background. I am including several logs. assuming I attached them correctly
    View attachment hijackthis.log

    View attachment dds.txt

    View attachment ark.txt


    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/28/2011 10:10:52 PM
    System Uptime: 1/13/2013 9:08:02 AM (1 hours ago)
    .
    Motherboard: FOXCONN | | 2AB7
    Processor: AMD Phenom(tm) II X2 511 Processor | CPU 1 | 3400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 685 GiB total, 611.542 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.629 GiB free.
    E: is CDROM (CDFS)
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP490: 1/7/2013 3:00:11 AM - Windows Update
    RP491: 1/8/2013 3:00:11 AM - Windows Update
    RP492: 1/9/2013 3:00:12 AM - Windows Update
    RP493: 1/10/2013 3:00:15 AM - Windows Update
    RP494: 1/11/2013 3:00:12 AM - Windows Update
    RP495: 1/12/2013 3:00:12 AM - Windows Update
    RP496: 1/13/2013 3:00:13 AM - Windows Update
    RP497: 1/13/2013 9:32:46 AM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.1
    Agatha Christie - Peril at End House
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    avast! Free Antivirus
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blasterball 3
    Blender (remove only)
    Blio
    Bonjour
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Champions Online
    Chuzzle Deluxe
    CyberLink DVD Suite Deluxe
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    Dropbox
    DVD Menu Pack for HP MediaSmart Video
    Escape Rosecliff Island
    Farm Frenzy
    FATE
    FileZilla Client 3.5.1
    Final Drive Nitro
    GIMP 2.6.11
    Google Chrome
    Google Update Helper
    GTK2-Runtime
    Heroes of Hellas 2 - Olympia
    HiJackThis
    HP Auto
    HP Client Services
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart SmartMenu
    HP MediaSmart Video
    HP MediaSmart/TouchSmart Netflix
    HP MovieStore
    HP Odometer
    HP Setup
    HP Setup Manager
    HP Support Information
    HP Update
    HP Vision Hardware Diagnostics
    Hulu Desktop
    iCloud
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 25
    Java(TM) 7 Update 2 (64-bit)
    Java(TM) SE Development Kit 7 Update 2 (64-bit)
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Kobo
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox 18.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - The London Caper
    NBOS Character Sheet Designer 1.01c
    Netflix in Windows Media Center
    Norton Internet Security
    Norton Online Backup
    PDF Complete Special Edition
    Penguins!
    PhotoNow!
    PictureMover
    Plants vs. Zombies
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PressReader
    QuickTime
    Ralink RT2860 Wireless LAN Card
    Realtek High Definition Audio Driver
    Recovery Manager
    RoxioNow Player
    Search-Results Toolbar
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Sharpener Pro 3.0
    Skype Click to Call
    Skype¬ô 5.10
    Spybot - Search & Destroy
    Steam
    System Requirements Lab CYRI
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update Installer for WildTangent Games App
    Virtual Families
    Virtual Villagers 4 - The Tree of Life
    Wheel of Fortune 2
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.01 (32-bit)
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/13/2013 9:12:00 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The system cannot find the file specified.
    1/13/2013 3:01:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).
    1/13/2013 3:01:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).
    .
    ==== End Of File ===========================
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi Tzil,
    You have multiple Antivirus apps. We are removing Norton here.
    Java is presently a danger to your machine. You probably don't need it anyway.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Norton Internet Security
    Java Auto Updater
    Java(TM) 6 Update 25
    Java(TM) 7 Update 2 (64-bit)
    Java(TM) SE Development Kit 7 Update 2 (64-bit)
    HiJackThis
    Adobe Reader 9.1

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    --------------------------------------------------------
    Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
    All versions numbered lower than 11.0.01 are vulnerable.
    Go HERE to download AdbeRdr11001_en_US.exe
    Save the file to your desktop and run it to install the latest version of Adobe Reader.
    After the new Reader is installed, Open Adobe Reader XI, as it is called, and OK the license.
    Click on Edit and select Preferences.
    On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
    Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    Click the OK button
    When it asks if you are sure you want to make changes to Advanced Security Preferences, answer Yes.
    When it finishes, you can remove the Installer from your desktop.
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ---------------------------------------------
    Run a Scan with OTL
    • Right click the OTL icon and choose "Run as administrator" to run it.
    • Check the box at the top, labeled Include 64 bit scans
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

    Please post the contents of the logs on the forum. (Don't attach)
    askey127
     
  3. Tzil

    Tzil Thread Starter

    Joined:
    Jan 13, 2013
    Messages:
    2
    OTL Extras logfile created on: 1/14/2013 4:58:40 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simon\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 58.69% Memory free
    7.50 Gb Paging File | 5.86 Gb Available in Paging File | 78.15% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 685.29 Gb Total Space | 613.55 Gb Free Space | 89.53% Space Free | Partition Type: NTFS
    Drive D: | 13.24 Gb Total Space | 1.63 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive G: | 7.52 Gb Total Space | 0.05 Gb Free Space | 0.70% Space Free | Partition Type: FAT32

    Computer Name: SIMONBOT | User Name: Simon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-2418360727-2180084498-202980910-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0535B4F3-5AE0-4418-A215-90C6E1DFFC10}" = lport=139 | protocol=6 | dir=in | app=system |
    "{0E60A0D6-C7AC-4A45-9912-44BE34869A8D}" = rport=138 | protocol=17 | dir=out | app=system |
    "{101112FA-6473-428F-BF75-C54030F986DA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{1BD611E0-2333-4586-B883-306B32F9F12A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2629A4D7-32A3-47C2-BE2F-7524A913633F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2B99E8EC-4DC0-4FC2-B7F2-6A34773F9D9D}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{2F5FA359-B38B-4CD1-86E3-FDD3B0B6F8A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{34D8F5D8-9C70-445F-9541-864D61E37CD6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{399A1F3A-9861-418C-A261-82ED039E53DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{39FA5548-D77E-450F-B433-2FB01FB989C2}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{3B1A4366-B3B5-4B7D-ABF4-02279CACC2DB}" = rport=445 | protocol=6 | dir=out | app=system |
    "{3B55DCE6-07B1-4165-9126-24CF63D05853}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3E14E702-D1AF-4256-AE95-9DF6BF6CF530}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3F688022-DBB3-43B8-8E84-EDFA97F7FB69}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{4295D490-318E-4B60-9D2E-1431359A332D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{485A38AE-DB67-49D5-B78B-9AC274258814}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5486D6AC-FC0E-474E-A11A-0E6E532D564D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{5916BFC6-A900-4E66-B136-618378C10143}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{5D944D9E-1920-41BA-976C-D8992A090BA5}" = rport=137 | protocol=17 | dir=out | app=system |
    "{68CF678B-E3C4-4F03-B5DE-8FBD2F48B243}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{71D75A63-B008-4314-AA6D-E3A364D9F6AE}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{72C307FB-6286-44EB-BA45-C8250633D5D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{77881C5E-F4A7-44E9-87D3-92E1976FA44C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8490D227-E2C3-421C-B721-C6717BB5AEC0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{85E54BFD-5697-43F3-A3EB-A1875B64A64E}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8C7D0969-3872-47DD-88E3-8E5B64B2DE56}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{8CCF9B4E-A6D8-4DFE-818F-AD72B2CB2D4D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8E158C63-9741-4204-B810-2989992E0485}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{9349C15D-85CA-4FDD-B6FC-77F60ADC42BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9FF36A21-09C3-4964-9885-05D172BA417A}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{A468009F-A131-4305-A711-22AF2F9388DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{A4D73523-A21A-4783-96F4-796A56B0EE95}" = rport=139 | protocol=6 | dir=out | app=system |
    "{ACAE3160-EBA8-49C8-8605-007666167E09}" = lport=445 | protocol=6 | dir=in | app=system |
    "{B2E9A0AA-5044-4213-96BE-53EF86CC180A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{B434D833-4562-452E-BC36-F04B8F4BD3AF}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B6AE4509-2784-4B34-AAB5-8770C410CB9D}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{C186EABC-5BF1-4D65-91D1-EC634A071FBE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{C76589AA-3DAD-46AF-9621-C5C947571AF4}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{C885B90E-3C0B-49C6-8BEB-A7443E0CDF50}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CE235BFD-2013-4ED8-9B2E-69FC796E16E4}" = lport=137 | protocol=17 | dir=in | app=system |
    "{D300D021-6FA0-4116-BB94-88A337B62B0D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D33FE461-3C19-4C89-A935-1265ECAA63AF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{D6F512CD-740C-4368-AB95-2958CABCE54F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D9F2570B-D2EA-463C-BED3-D11F3EE189E2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DDCAF8EA-2EC2-410F-9A59-81917FAAB63F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E6B813A5-87BD-416E-A2E0-79A18C7964A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E76AFBD2-7512-43DB-9441-53DEC4F62FE7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{EE0BF3FF-6044-4726-ADB6-0F740FC350A5}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{FFEC957E-1866-4D4E-97B5-8F2F1B3176BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0482ABFF-2998-4DCE-BDCD-F80053DFE7D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0E936DAB-3167-415D-A2B9-B33BEBCB61EA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{139CA8E4-7705-4967-A11D-D23469746ECF}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{1B1E8D1F-3D16-4F9F-BF7D-87189B82ED15}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    "{1EC8FB7D-5F47-4BB2-A195-A598636B2891}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{205E947B-6335-4EA9-AB40-B647FF295BE6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{20C397B7-DD50-42C0-8DE4-D9DDB76F2541}" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
    "{281E5309-7472-440B-ADF2-BA589E2DB647}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{39085521-A115-4EF4-9ECD-D79D257318B7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{3B200CF7-B8BC-49EC-B756-A46CD42BCA1A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{3EB40AF7-E4B8-4A9A-A087-69A0B4C0F06D}" = protocol=1 | dir=in | [email protected],-28543 |
    "{47014F46-F424-45C5-AA3F-83B75F431C58}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{4CC74FD5-F1D6-4A60-8E5A-6C74C2B714E9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{50651914-D7F0-4B86-A794-944486A2C52A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
    "{5B50F7DA-4F46-47BC-99AF-EE11C6778E13}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    "{606BFBF7-2142-4CAD-A93A-97904CBE4CFF}" = protocol=6 | dir=out | app=system |
    "{6344B549-57A8-4011-9826-91AEABECD8B6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
    "{645730AA-8D76-49DB-9C57-D99F19EE4A13}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{687D6FF6-578E-4E35-A66D-0AF74FC89C14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{71B1F395-4E7D-457B-AE0A-33FCBDC02296}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{79466588-90B4-4619-A559-3764B9451567}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7A5D85E3-43D3-406D-B11F-5A4BE8116E92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7CAC4E33-B7BF-4B0F-B860-5DE0CA79A9E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{7CDA4135-BB80-4096-A55E-BECDA80AAB60}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7F8085B6-97B9-4989-80EA-572304E6BBA7}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{82F4829A-AC74-43F8-B16C-98FCDE67B008}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    "{8480199B-DD4B-4552-9C4D-0D691CF0F010}" = protocol=58 | dir=out | [email protected],-28546 |
    "{87915FF9-29AC-46C9-B1E6-249E1EB20818}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    "{8971F02D-1D1D-40EB-94FA-6FE9E55A0984}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{8D7BF498-F6EA-4E85-A8ED-223264DBAA24}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
    "{8F4902F8-B3D5-4495-9A1A-E4A67B7E0BEE}" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
    "{8FB30FE7-155A-40FA-B7C6-8B40255A617F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{92C00613-29C1-4465-8A99-8624BD1ED29F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{9F594215-BEC2-46F9-867E-D561E6106BF8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{A08EE009-207E-4445-86EC-9570FA081E59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A86485C2-555E-41A5-81A1-FDFBD5073969}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{B1C73EBF-1B89-44A5-BDB7-53DEB3587877}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B8200682-7C2B-4358-8439-68A946908F8A}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{BA0FA99D-7FB6-4278-90F1-FA22057255B5}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
    "{BA5E7DE3-8CAF-434E-83DA-225974B0FDA7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{BE4394C4-32A3-42C5-8652-87C1DBE129AB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C1AB6C14-D871-4DCA-9F17-87ED475C673B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{C37ED4C2-55DC-460F-BA4A-06DF328B70AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{C472C500-38B6-48F5-A1EF-243EDF5DB3ED}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{C4F4A762-015A-4293-B05F-7CC61494D359}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{C5777E6C-BB35-4E4D-9946-8CD77EA567FE}" = protocol=58 | dir=in | [email protected],-28545 |
    "{CB5982E5-5E08-4CD5-A1E1-60FE98FC0DAF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{CB5CE4C7-C4CB-4E99-8D4F-1E6C39253545}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D275C418-E1AA-45E7-84FC-027A46488448}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D275E2C0-D2B2-44AC-A6A5-91716F704B0D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{D513AFC5-A3EF-4F28-B8C5-2363D10F11AF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D566A35F-B751-4EF5-846F-F37C664CA1CD}" = protocol=1 | dir=out | [email protected],-28544 |
    "{DBAFA4E9-D826-40C9-A891-804AF85D19B6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    "{E1963246-7021-418A-8BF1-631458CFB50C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E1D8C3FA-9900-4CB5-8B85-17C81248265B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
    "{E27D0FF2-4C6B-482D-97CE-186BABC5FFD5}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{E7C9016B-1EC8-4A32-9141-3F057CBC873B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F617BB22-3BD7-461E-B17E-2388C6A3BCBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F804A136-B7D9-401B-95C5-A5FDE61F2A28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FAD6ED73-3C63-4335-B81B-57B0A5723280}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "TCP Query User{07E3D478-2666-4D5D-8DB6-8A94B530CE73}C:\program files (x86)\cheat engine 6.2\cheatengine-x86_64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cheat engine 6.2\cheatengine-x86_64.exe |
    "TCP Query User{21EF964B-155C-4A98-8C91-AE90313890AA}C:\users\public\games\cryptic studios\champions online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\champions online\live\gameclient.exe |
    "TCP Query User{4A99FFDC-21B5-446C-82EC-6CDC4B250630}C:\program files (x86)\ekiga\ekiga.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe |
    "TCP Query User{561C7D08-6F01-4FBA-8986-AD888B576851}C:\program files (x86)\ekiga\ekiga.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe |
    "TCP Query User{C286E972-7689-4187-BB28-0D8B0694F1C0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "TCP Query User{D07BF3DC-8CA5-45DC-A8D6-B644B1E608D5}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
    "TCP Query User{DC11267B-E3D1-4995-BCB4-3065CCE3A5BD}C:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{DD564A8A-51CA-40EF-B329-9B92F6886D67}C:\users\simon\downloads\championsonlinef2p.exe" = protocol=6 | dir=in | app=c:\users\simon\downloads\championsonlinef2p.exe |
    "UDP Query User{050A440A-4770-45C0-B827-80C40C330803}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "UDP Query User{094A8ED1-FE74-430F-A4CA-9C642B05C649}C:\program files (x86)\ekiga\ekiga.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe |
    "UDP Query User{36F76CDC-3D32-4D65-BCE9-74B8025339D8}C:\users\simon\downloads\championsonlinef2p.exe" = protocol=17 | dir=in | app=c:\users\simon\downloads\championsonlinef2p.exe |
    "UDP Query User{3F8ADCFD-526C-4B03-9CCC-9D0CCD1988DA}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
    "UDP Query User{6D3D7347-C7E7-4001-BF1B-C9F493D836AE}C:\program files (x86)\ekiga\ekiga.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe |
    "UDP Query User{96C24D33-42CC-475C-A246-55871D7D8CB9}C:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{ABE49E8C-AF2C-4B82-86E3-B1C01E265AE9}C:\program files (x86)\cheat engine 6.2\cheatengine-x86_64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cheat engine 6.2\cheatengine-x86_64.exe |
    "UDP Query User{D5D6D839-4DF5-4007-8456-CC3C93D81FEF}C:\users\public\games\cryptic studios\champions online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\champions online\live\gameclient.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
    "{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
    "{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
    "{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
    "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
    "{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
    "{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
    "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
    "{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
    "{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
    "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
    "{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
    "{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
    "{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
    "{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
    "{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
    "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
    "{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
    "{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype&#8482; 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
    "{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
    "{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "avast" = avast! Free Antivirus
    "Blender" = Blender (remove only)
    "Champions Online" = Champions Online
    "FileZilla Client" = FileZilla Client 3.5.1
    "Google Chrome" = Google Chrome
    "GTK2-Runtime" = GTK2-Runtime
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Kobo" = Kobo
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NBOS Character Sheet Designer_is1" = NBOS Character Sheet Designer 1.01c
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PDF Complete" = PDF Complete Special Edition
    "Sharpener Pro 3.0" = Sharpener Pro 3.0
    "WildTangent hp Master Uninstall" = HP Games
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.01 (32-bit)
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087335" = Build-a-lot 2
    "WT087343" = Dora's World Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WT089299" = Mystery P.I. - The London Caper
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2418360727-2180084498-202980910-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "HuluDesktop" = Hulu Desktop

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/13/2012 8:06:23 AM | Computer Name = Simonbot | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/13/2012 8:07:59 AM | Computer Name = Simonbot | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 12/15/2012 4:55:58 AM | Computer Name = Simonbot | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/15/2012 4:57:29 AM | Computer Name = Simonbot | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 12/16/2012 11:30:10 PM | Computer Name = Simonbot | Source = Microsoft Office 14 | ID = 2001
    Description =

    Error - 12/18/2012 2:30:19 AM | Computer Name = Simonbot | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/18/2012 2:31:24 AM | Computer Name = Simonbot | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 12/19/2012 2:30:19 AM | Computer Name = Simonbot | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/19/2012 2:31:24 AM | Computer Name = Simonbot | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 12/20/2012 2:30:16 AM | Computer Name = Simonbot | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 12/20/2012 2:31:24 AM | Computer Name = Simonbot | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    [ Hewlett-Packard Events ]
    Error - 5/12/2012 5:27:23 PM | Computer Name = Simonbot | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 5/12/2012 5:27:24 PM | Computer Name = Simonbot | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 5/19/2012 5:08:55 PM | Computer Name = Simonbot | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 80 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 5/19/2012 5:08:59 PM | Computer Name = Simonbot | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 80 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 6/2/2012 5:47:03 PM | Computer Name = Simonbot | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 70 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 6/2/2012 5:47:04 PM | Computer Name = Simonbot | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 70 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 10/13/2012 5:16:36 PM | Computer Name = Simonbot | Source = HPSF.exe | ID = 4000
    Description =

    Error - 10/20/2012 5:59:32 PM | Computer Name = Simonbot | Source = HPSF.exe | ID = 4000
    Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0] Message: The server did not provide a meaningful
    reply; this might be caused by a contract mismatch, a premature session shutdown
    or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

    at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 60 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
    System.Runtime.Remoting.Messaging.IMessage)

    Error - 10/27/2012 5:12:12 PM | Computer Name = Simonbot | Source = hpsa_service.exe | ID = 2000
    Description =

    Error - 10/27/2012 5:13:09 PM | Computer Name = Simonbot | Source = HPSF.exe | ID = 4000
    Description =

    [ Spybot - Search and Destroy Events ]
    Error - 1/13/2013 12:21:09 PM | Computer Name = Simonbot | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    [ System Events ]
    Error - 3/24/2012 4:00:35 AM | Computer Name = Simonbot | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

    Error - 3/25/2012 4:00:37 AM | Computer Name = Simonbot | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

    Error - 3/26/2012 4:00:39 AM | Computer Name = Simonbot | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

    Error - 3/27/2012 4:00:28 AM | Computer Name = Simonbot | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

    Error - 3/28/2012 4:00:58 AM | Computer Name = Simonbot | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

    Error - 3/29/2012 4:00:31 AM | Computer Name = Simonbot | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

    Error - 3/30/2012 4:00:29 AM | Computer Name = Simonbot | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

    Error - 3/31/2012 4:00:36 AM | Computer Name = Simonbot | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

    Error - 4/1/2012 4:00:40 AM | Computer Name = Simonbot | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).

    Error - 4/2/2012 4:00:38 AM | Computer Name = Simonbot | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).


    < End of report >


    OTL logfile created on: 1/14/2013 4:58:40 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simon\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 58.69% Memory free
    7.50 Gb Paging File | 5.86 Gb Available in Paging File | 78.15% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 685.29 Gb Total Space | 613.55 Gb Free Space | 89.53% Space Free | Partition Type: NTFS
    Drive D: | 13.24 Gb Total Space | 1.63 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive G: | 7.52 Gb Total Space | 0.05 Gb Free Space | 0.70% Space Free | Partition Type: FAT32

    Computer Name: SIMONBOT | User Name: Simon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/14 16:53:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
    PRC - [2013/01/04 16:29:06 | 028,539,232 | ---- | M] (Dropbox, Inc.) -- C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/09/06 14:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/09/06 14:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    PRC - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2006/11/03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
    MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
    MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/09/06 14:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/05/11 09:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/01/09 10:04:16 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/21 03:20:58 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/05 00:59:05 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/06 14:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2011/09/06 14:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2011/09/06 14:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2011/09/06 14:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2011/09/06 14:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/09/06 14:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/09/03 00:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/08/13 07:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2010/08/13 07:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2010/07/21 21:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2010/06/06 21:12:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
    DRV:64bit: - [2010/05/11 09:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/05/11 08:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/03/10 09:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
    DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2006/12/05 10:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab.com/?s=0&chnl=...ByB0D0EtN0D0TzutBtDtCtCtDzztDzy&cr=1467069445
    IE - HKLM\..\SearchScopes,DefaultScope = {36668FFD-7809-43FB-A609-999C5A7AB5FE}
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab.com/?q={searchTerms}&s=1&chnl=dcom&cd=2XzutBtN2Y1L1QzuyCyEtAtCyDtDtAyDyDyE0A0E0AtByB0D0EtN0D0TzutBtDtCtCtDzztDzy&cr=1467069445
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\..\SearchScopes,DefaultScope = {C7576B9D-B442-46bc-AF74-080A9E723E01}
    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab.com/?q={searchTerms}&s=1&chnl=dcom&cd=2XzutBtN2Y1L1QzuyCyEtAtCyDtDtAyDyDyE0A0E0AtByB0D0EtN0D0TzutBtDtCtCtDzztDzy&cr=1467069445
    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjacs&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110708&user_guid=B454019F4E2840CEB9D86B3774C9D121&machine_id=5f759e7667266bb10735b3866d6757bf&browser=IE&os=win&os_version=6.1-x64-SP0
    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\..\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}: "URL" = http://websearch.search-results.com/redirect?client=ie&tb=GET-SRS&o=16705&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=2R&apn_dtid=get001YYUS&apn_uid=6F71B3A0-3A19-40DB-9F9F-48BCBA2E8670&apn_sauid=B637230D-2CC8-446E-BC3B-3DA7B8328D6D
    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Search-Results"
    FF - prefs.js..browser.search.defaultenginename: "Foxtab Web Search"
    FF - prefs.js..browser.search.order.1: "Search-Results"
    FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke US New Customized Web Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3244149&SearchSource=13"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
    FF - prefs.js..keyword.URL: "http://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjacs&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110708&user_guid=B454019F4E2840CEB9D86B3774C9D121&machine_id=5f759e7667266bb10735b3866d6757bf&browser=FF&os=win&os_version=6.1-x64-SP0&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFunWeb.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/28 20:16:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/10 17:25:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/10 17:25:48 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/04/28 21:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Extensions
    [2012/11/20 19:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\extensions
    [2012/11/20 19:20:00 | 000,000,000 | ---D | M] (ShopToWin16) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\extensions\{f1e6d946-6b44-4f3a-8c4b-e497675c8e17}
    [2012/04/09 16:23:34 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\extensions\[email protected]
    [2011/10/19 15:48:50 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\extensions\[email protected]
    [2011/07/07 22:36:57 | 000,000,000 | ---D | M] ("Search-Results Toolbar") -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\extensions\[email protected]
    [2012/03/14 02:38:24 | 000,004,728 | ---- | M] () (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\extensions\[email protected]
    [2012/03/27 18:57:41 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
    [2011/07/07 22:33:57 | 000,002,264 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\searchplugins\bing-zugo.xml
    [2012/10/23 15:54:26 | 000,000,927 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\searchplugins\conduit.xml
    [2011/08/09 17:12:16 | 000,005,425 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\searchplugins\Foxtab Web Search.xml
    [2011/07/07 10:25:24 | 000,003,361 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\searchplugins\search-results.xml
    [2013/01/10 17:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/01/10 17:25:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/01/10 17:25:47 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/07/19 20:24:59 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/10/03 15:37:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
    [2012/10/13 11:14:15 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://search.babylon.com/?affID=10...HP_ss&mntrId=327a27de0000000000001c659daa574b
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Fun Web Products Plugin Stub (Enabled) = C:\Program Files (x86)\FunWebProducts\Installr\2.bin\NPFunWeb.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
    CHR - Extension: Google Search = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: avast! WebRep = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
    CHR - Extension: Skype Click to Call = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
    CHR - Extension: Gmail = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

    O1 HOSTS File: ([2012/03/01 20:55:11 | 000,000,855 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 94.63.147.17 www.bing.com
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
    O3 - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
    O4 - HKU\.DEFAULT..\Run: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Apple Computer\Apple Computer\yvfpemrj.dll",DllRegisterServer File not found
    O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
    O4 - HKU\S-1-5-18..\Run: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Apple Computer\Apple Computer\yvfpemrj.dll",DllRegisterServer File not found
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Apple Computer\Apple Computer\yvfpemrj.dll",DllRegisterServer File not found
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Apple Computer\Apple Computer\yvfpemrj.dll",DllRegisterServer File not found
    O4 - HKU\S-1-5-21-2418360727-2180084498-202980910-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
    O4 - HKU\S-1-5-21-2418360727-2180084498-202980910-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-2418360727-2180084498-202980910-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ekiga.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14DBC089-B22D-4323-B303-5084F3A4077E}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/14 16:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2013/01/14 16:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2013/01/14 16:52:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
    [2013/01/13 10:00:38 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Simon\Desktop\dds.scr
    [2013/01/13 09:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/01/13 09:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/01/13 09:41:29 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
    [2013/01/13 09:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013/01/13 09:09:39 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
    [2013/01/11 19:27:41 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\Caitrin costume!
    [2013/01/10 17:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/01/09 12:08:21 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2013/01/09 12:08:21 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2013/01/09 12:08:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2013/01/09 12:07:58 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
    [2013/01/09 12:07:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
    [2013/01/09 12:07:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
    [2013/01/09 12:07:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
    [2013/01/09 12:07:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
    [2013/01/09 12:07:46 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
    [2013/01/09 12:07:46 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
    [2013/01/09 12:07:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
    [2013/01/09 12:07:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
    [2013/01/09 12:07:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
    [2013/01/09 12:07:46 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
    [2013/01/09 12:07:46 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
    [2013/01/09 12:07:46 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
    [2013/01/09 12:07:46 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
    [2013/01/09 12:07:46 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
    [2013/01/09 12:07:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
    [2013/01/09 12:07:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
    [2013/01/09 12:07:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
    [2013/01/09 12:07:46 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
    [2013/01/09 12:07:46 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
    [2013/01/09 12:07:46 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
    [2013/01/09 12:07:45 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
    [2013/01/09 12:07:45 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
    [2013/01/09 12:07:45 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
    [2013/01/09 12:07:45 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
    [2013/01/09 12:07:44 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
    [2013/01/09 12:07:44 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
    [2013/01/09 12:07:44 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
    [2013/01/09 12:07:44 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
    [2013/01/09 12:07:44 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
    [2013/01/09 12:07:44 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
    [2013/01/09 12:07:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
    [2013/01/09 12:07:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
    [2013/01/09 12:07:09 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2013/01/09 12:07:07 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2013/01/09 12:07:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2013/01/09 12:07:06 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2013/01/09 12:07:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013/01/09 12:07:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013/01/09 12:07:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2013/01/09 12:07:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/01/09 12:07:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2013/01/09 12:07:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/01/09 12:07:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2013/01/09 12:07:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2013/01/09 12:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/01/09 12:07:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/01/09 12:07:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2013/01/09 12:07:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2013/01/09 12:07:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/01/09 12:06:53 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
    [2013/01/01 14:15:28 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\.minecraft
    [2012/12/31 17:41:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\Documents\My Cheat Tables
    [2012/12/28 18:00:11 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Programs
    [2012/12/25 21:29:02 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\Album Covers
    [2012/12/25 20:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    [2012/12/25 20:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/12/25 20:06:36 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
    [2012/12/25 20:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/12/25 20:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2012/12/25 20:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/12/21 03:00:41 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012/12/21 03:00:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012/12/21 03:00:36 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012/12/21 03:00:35 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012/12/16 21:35:25 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\NBOS
    [2012/12/16 15:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBOS RPG Software
    [2012/12/16 15:29:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\nbos
    [2012/12/16 15:29:28 | 001,659,045 | ---- | C] (NBOS Software ) -- C:\Users\Simon\Desktop\CSDesigner101cInstall.exe
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Users\Simon\Desktop\*.tmp files -> C:\Users\Simon\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/14 16:53:43 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2013/01/14 16:53:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
    [2013/01/14 16:52:09 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/14 16:52:09 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/14 16:44:31 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/14 16:42:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/14 16:42:46 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/14 16:34:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/14 16:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/13 10:00:41 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Simon\Desktop\dds.scr
    [2013/01/13 09:41:35 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/01/13 09:40:33 | 000,002,411 | ---- | M] () -- C:\Users\Simon\Documents\mcedit.ini
    [2013/01/12 21:07:32 | 000,001,060 | ---- | M] () -- C:\Users\Simon\Desktop\.minecraft - Shortcut.lnk
    [2013/01/12 20:45:08 | 000,001,053 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/01/12 20:44:45 | 000,001,021 | ---- | M] () -- C:\Users\Simon\Desktop\Dropbox.lnk
    [2013/01/12 20:41:05 | 000,002,241 | ---- | M] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/12 09:58:58 | 000,002,086 | ---- | M] () -- C:\Users\Simon\.recently-used.xbel
    [2013/01/10 03:28:05 | 000,278,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/10 03:07:34 | 000,741,188 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/10 03:07:34 | 000,624,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/10 03:07:34 | 000,106,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/10 03:05:20 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2013/01/09 10:04:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/01/09 10:04:16 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/01/01 14:17:08 | 000,263,186 | ---- | M] () -- C:\Users\Simon\Desktop\Minecraft.exe
    [2012/12/31 17:54:27 | 000,983,143 | ---- | M] () -- C:\Users\Simon\Desktop\SinglePlayerCommands-MC1.4.6_V4.4(1).jar
    [2012/12/28 18:00:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/27 17:45:13 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSIMONBOT$.job
    [2012/12/25 20:06:54 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/12/25 20:03:18 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/12/20 20:20:55 | 000,172,360 | ---- | M] () -- C:\Users\Simon\Desktop\ancient-greece-map.jpg
    [2012/12/19 22:46:43 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSimon.job
    [2012/12/16 21:37:13 | 000,001,285 | ---- | M] () -- C:\Users\Simon\Desktop\CharacterSheet - Shortcut.lnk
    [2012/12/16 15:30:04 | 000,001,034 | ---- | M] () -- C:\Users\Simon\Desktop\NBOS Character Sheet Designer.lnk
    [2012/12/16 15:30:04 | 000,001,024 | ---- | M] () -- C:\Users\Simon\Desktop\NBOS Character Sheet Viewer.lnk
    [2012/12/16 15:29:32 | 001,659,045 | ---- | M] (NBOS Software ) -- C:\Users\Simon\Desktop\CSDesigner101cInstall.exe
    [2012/12/16 11:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012/12/16 08:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Users\Simon\Desktop\*.tmp files -> C:\Users\Simon\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/14 16:53:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    [2013/01/14 16:53:43 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2013/01/13 09:41:35 | 000,002,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/01/13 09:41:35 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/01/12 21:07:32 | 000,001,060 | ---- | C] () -- C:\Users\Simon\Desktop\.minecraft - Shortcut.lnk
    [2013/01/12 09:58:58 | 000,002,086 | ---- | C] () -- C:\Users\Simon\.recently-used.xbel
    [2013/01/01 14:17:08 | 000,263,186 | ---- | C] () -- C:\Users\Simon\Desktop\Minecraft.exe
    [2012/12/31 17:54:20 | 000,983,143 | ---- | C] () -- C:\Users\Simon\Desktop\SinglePlayerCommands-MC1.4.6_V4.4(1).jar
    [2012/12/25 20:06:53 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/12/25 20:03:17 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/12/20 20:20:51 | 000,172,360 | ---- | C] () -- C:\Users\Simon\Desktop\ancient-greece-map.jpg
    [2012/12/16 21:37:13 | 000,001,285 | ---- | C] () -- C:\Users\Simon\Desktop\CharacterSheet - Shortcut.lnk
    [2012/12/16 21:28:56 | 000,093,485 | ---- | C] () -- C:\Users\Simon\Desktop\PHB v35 charsheet.pdf
    [2012/12/16 15:30:04 | 000,001,024 | ---- | C] () -- C:\Users\Simon\Desktop\NBOS Character Sheet Viewer.lnk
    [2012/12/16 15:30:03 | 000,001,034 | ---- | C] () -- C:\Users\Simon\Desktop\NBOS Character Sheet Designer.lnk
    [2012/10/26 15:49:53 | 000,097,652 | ---- | C] () -- C:\ProgramData\fhkdwgcypxlorlp
    [2011/07/17 21:13:16 | 000,000,000 | ---- | C] () -- C:\Users\Simon\.gtk-bookmarks
    [2011/07/17 20:58:18 | 000,573,922 | ---- | C] () -- C:\Users\Simon\.fonts.cache-1
    [2011/06/25 07:49:44 | 000,001,854 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\GhostObjGAFix.xml
    [2011/06/22 20:18:36 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/05/11 17:58:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/05/06 07:39:00 | 000,018,726 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\ekiga.conf

    ========== ZeroAccess Check ==========

    [2011/11/17 00:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Simon\AppData\Local\{b0f5c81e-6634-2d76-9e8d-0407b3419dcd}\@
    [2011/11/17 00:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Simon\AppData\Local\{b0f5c81e-6634-2d76-9e8d-0407b3419dcd}\L
    [2012/07/28 21:54:47 | 000,000,000 | -HSD | M] -- C:\Users\Simon\AppData\Local\{b0f5c81e-6634-2d76-9e8d-0407b3419dcd}\U
    [2012/07/17 18:34:21 | 000,016,896 | ---- | M] () -- C:\Users\Simon\AppData\Local\{b0f5c81e-6634-2d76-9e8d-0407b3419dcd}\U\[email protected]
    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    "ThreadingModel" = Both
    "" = C:\$Recycle.Bin\S-1-5-21-2418360727-2180084498-202980910-1000\$b0f5c81e66342d769e8d0407b3419dcd\n.

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/01 15:45:34 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\.minecraft
    [2012/05/03 15:54:46 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Blender Foundation
    [2011/10/13 15:02:21 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Blio
    [2013/01/14 16:43:55 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Dropbox
    [2011/10/24 16:18:50 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\FileZilla
    [2011/10/16 15:23:55 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\GetRightToGo
    [2011/06/05 17:20:42 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\go
    [2013/01/12 09:03:15 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\gtk-2.0
    [2012/12/16 21:35:25 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\NBOS
    [2011/04/28 21:19:26 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\PictureMover
    [2011/10/25 18:09:16 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\pymclevel
    [2011/07/07 22:41:57 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Sammsoft
    [2012/12/28 21:48:50 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\SoftGrid Client
    [2011/10/15 15:40:00 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\SystemRequirementsLab
    [2011/06/22 20:19:26 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\TP
    [2011/09/17 06:48:16 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    < End of report >
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Tzil,
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
      IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
      IE - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
      FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke US New Customized Web Search"
      FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3244149&SearchSource=13"
      [2011/10/19 15:48:50 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\ex tensions\[email protected]
      [2011/07/07 22:36:57 | 000,000,000 | ---D | M] ("Search-Results Toolbar") -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\ex tensions\[email protected]
      [2011/07/07 22:33:57 | 000,002,264 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\se archplugins\bing-zugo.xml
      [2012/10/23 15:54:26 | 000,000,927 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\8evzm3xe.default\se archplugins\conduit.xml
      [2012/07/19 20:24:59 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
      O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
      O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
      O3 - HKU\S-1-5-21-2418360727-2180084498-202980910-1000\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results)
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      The file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

    ----------------------------------------------
    After posting the Resulting log, Please Rescan as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.

    askey127
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085008

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice