1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slow running laptop - Malware?

Discussion in 'Virus & Other Malware Removal' started by joob, Feb 9, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. joob

    joob Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    20
    Hi,

    My Compaq laptop is running very slowly and boot up takes forever. I'd be grateful if I could get some advice about what, if anything, I need to remove and change. I suspect there's some malware in there. Many thanks.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:24:01, on 09/02/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.0.1\ScriptHelper.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Jo Bowman\Desktop\Hijack this Prog and Logs\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Jo Bowman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - Startup: Dropbox.lnk = Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 13873 bytes


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_38
    Run by Jo Bowman at 16:24:47 on 2013-02-09
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2812.733 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\14.0.1\ScriptHelper.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
    uRun: [Google Update] "C:\Users\Jo Bowman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\JOBOWM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\JOBOWM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{70D1987D-6908-4004-B0B2-F73269F6ECD8} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}\244584F6D65684572623D28553E493 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}\2445F40756E6A7F6E656D284 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}\2477962756C6563737 : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}\7496E6475627E65647 : DHCPNameServer = 62.244.176.176 62.244.177.177
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
    SSODL: WebCheck - <orphaned>
    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-mSearchAssistant = hxxp://www.google.com/ie
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    x64-Run: [EPSON Stylus DX4800 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_FATIADE.EXE /F "C:\Windows\TEMP\E_SE262.tmp" /EF "HKLM"
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B9543f3d1-3481-4c9b-a857-ba867fe342b6%7D&mid=7c26e8835b61c8b241f4d930617def63-5348167602a57f87a8b0ae6f4e9cf1466d299058&ds=AVG&v=12.2.5.32&lang=en&pr=fr&d=2012-03-10%2000%3A02%3A18&sap=ku&q=
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dll
    FF - component: C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
    FF - plugin: C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Jo Bowman\AppData\Roaming\Mozilla\plugins\npo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-12-11 09:35; [email protected]otcom; C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF - ExtSQL: 2012-12-24 11:14; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 37720]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2010-7-25 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-5 203264]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-1-22 945328]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-12-17 227896]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-25 215040]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-7-25 36408]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-23 517448]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-9-24 30192]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-7 19456]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-7 57856]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-24 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2013-02-08 22:07:29 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{0125AE71-3D0B-43A4-9EA6-35F059140AB9}
    2013-02-08 10:06:53 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{C46C11EA-D973-4CA7-984B-2D8A98477CEB}
    2013-02-07 22:57:31 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2013-02-07 22:57:31 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2013-02-07 22:57:26 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
    2013-02-07 22:57:26 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-02-07 22:57:26 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-02-07 22:57:25 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-02-07 22:57:25 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2013-02-07 22:57:25 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-02-07 22:57:25 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
    2013-02-07 22:06:26 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{04B4E53F-9A79-4DC2-AEC7-E2A9298E94C7}
    2013-02-07 09:17:01 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{B464F0D1-2867-4ED8-9EFC-66E46C4A3DF3}
    2013-02-07 09:16:01 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{8239A43F-9100-4B42-A04C-6E6219FE4DC1}
    2013-02-06 09:01:13 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{F57CF64F-2FA5-4956-B3C3-45BDE2425239}
    2013-02-05 10:55:13 -------- d-----r- C:\Program Files (x86)\Skype
    2013-02-05 09:19:25 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{96DA4015-4297-477D-BF22-51EB154171F7}
    2013-02-04 21:18:49 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{B9D35063-E10C-43D6-8829-9B1ADF8D5EF6}
    2013-02-04 09:18:11 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{2BC91E1A-6D0E-4031-8DC1-E39341E8745F}
    2013-02-03 14:08:50 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{D3450F29-A240-46C3-95EE-84BD06FD8015}
    2013-02-02 10:01:15 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{63B60081-3774-4D18-970E-122B18A579D1}
    2013-02-01 09:11:52 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{16F21B80-8A21-445A-9578-8FB3C2170F49}
    2013-01-31 09:58:50 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{46723F74-7A11-43DE-B43F-ADDF44679A6B}
    2013-01-31 09:56:35 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{76F9B119-7DED-43B7-B6E6-9472CF97F3C5}
    2013-01-31 09:53:57 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{432F1F80-CA65-4525-BD63-156C8B115E22}
    2013-01-30 09:08:33 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{A3E2C8A5-8092-49B1-BC02-7304030B4F5B}
    2013-01-29 20:59:43 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{E5AEF1FC-E97A-4B7F-B656-531580A59A05}
    2013-01-29 08:52:25 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{EB8C347A-1D2C-4051-B5CC-12E8462A5D28}
    2013-01-28 08:39:03 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{31756685-BC7B-49A4-9380-FB7F444798F3}
    2013-01-27 15:30:29 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{60636521-F69E-47E9-82C3-FCEC5AD035B3}
    2013-01-26 14:25:51 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{DC9DB91B-ED43-4AEB-9701-F165F168E7E2}
    2013-01-25 08:58:15 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{F348F5CE-8F1A-4D54-8970-77E77E13B6CD}
    2013-01-24 19:37:20 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{C148AB45-72C5-4866-9E3B-24B8D1C51DED}
    2013-01-24 07:08:57 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{7F4439EC-5762-4189-A273-732F824B76C9}
    2013-01-23 09:42:59 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{16C9BE0B-4CA7-4262-9F75-5FF453B50F2B}
    2013-01-22 21:42:20 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{76D08A1C-A21F-448E-80B4-0807831CAB03}
    2013-01-22 09:16:17 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{0BACC121-9AFE-4F27-A1D9-94A795334DED}
    2013-01-21 10:01:59 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{9609D731-F245-4E04-9330-9CC1C203FB29}
    2013-01-20 21:41:51 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{CB0B5EA6-28B0-4F33-B778-2F6C4C2BEC25}
    2013-01-18 22:10:52 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{898890BE-55F3-4C44-A613-CA9DF5A52171}
    2013-01-18 10:10:08 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{AA11082B-366F-4ABD-8E61-E7F628835EAC}
    2013-01-18 10:08:08 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{D97836E3-B458-4569-A3CC-88FA8814E76D}
    2013-01-17 12:46:29 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{740845D1-5A0A-49E8-89AF-47E20086F2B2}
    2013-01-16 10:28:33 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{3AA9FC0E-A20B-4755-AE56-C8A33773AACF}
    2013-01-16 10:27:22 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{FFD636CE-BA9B-44B5-9EAA-ED50792D2F75}
    2013-01-15 08:58:32 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{B2FC1960-87D7-4164-ABFB-1EF77A461851}
    2013-01-14 06:43:25 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{9DE19235-275C-4263-A7D1-DC6728430288}
    2013-01-11 09:32:33 -------- d-----w- C:\Users\Jo Bowman\AppData\Local\{0D4AA8DE-5811-40C9-8F0D-FDD0F53E5443}
    .
    ==================== Find3M ====================
    .
    2013-02-08 10:35:18 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-08 10:35:18 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-22 09:17:52 37720 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-10 03:28:34 127328 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 04:52:17 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-11-14 04:52:14 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 16:26:58.43 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 23/09/2010 21:23:37
    System Uptime: 09/02/2013 15:51:02 (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 363F
    Processor: AMD Turion(tm) II Dual-Core Mobile M520 | Socket S1G3 | 782/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 284 GiB total, 175.731 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 2.213 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.094 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP212: 04/01/2013 09:04:53 - HPSF Restore Point
    RP213: 04/01/2013 11:19:27 - HPSF Restore Point
    RP214: 10/01/2013 07:17:06 - Windows Update
    RP215: 07/02/2013 22:57:41 - Windows Update
    RP216: 07/02/2013 23:26:44 - Windows Backup
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe Acrobat XI Pro
    Adobe AIR
    Adobe Download Assistant
    Adobe Flash Player 10 ActiveX 64-bit
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player
    AMD USB Filter Driver
    Apple Application Support
    Atheros Driver Installation Program
    ATI Catalyst Install Manager
    AVG 2012
    AVG Security Toolbar
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 8
    CyberLink YouCam
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dropbox
    EPSON Printer Software
    FileZilla Client 3.5.1
    Google Desktop
    Google Earth Plug-in
    Google Update Helper
    GoToMeeting 4.5.0.457
    Hewlett-Packard ACLM.NET v1.1.1.0
    HiJackThis
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP Quick Launch Buttons
    HP Setup
    HP Support Assistant
    HP Update
    HP User Guides 0148
    HP Wireless Assistant
    Hypercosm Player 3.42
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 15 (64-bit)
    Java(TM) 6 Update 38
    Java(TM) SE Development Kit 6 Update 15 (64-bit)
    Junk Mail filter update
    LabelPrint
    LEGO Digital Designer
    LightScribe System Software
    Magic Desktop
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Works
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    muvee Reveal
    NVIDIA PhysX
    O3D Extras
    O3D Plugin
    Power2Go
    PowerDirector
    QLBCASL
    QuickTime
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Sibelius Scorch (Firefox, Opera, Netscape only)
    Skype&#8482; 6.1
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Unity Web Player (All users)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Veetle TV 0.9.17
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    WildTangent Web Driver
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    09/02/2013 08:22:40, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    09/02/2013 08:22:30, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    06/02/2013 13:47:35, Error: atikmdag [52250] - CPLIB :: OPM - Failed the HFS
    06/02/2013 11:43:08, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    .
    ==== End Of File ===========================

    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-02-09 16:30:44
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320423AS rev.0006HPM1 298.09GB
    Running: eemjm5xi.exe; Driver: C:\Users\JOBOWM~1\AppData\Local\Temp\kglcrkog.sys

    ---- Disk sectors - GMER 2.0 ----
    Disk \Device\Harddisk0\DR0 unknown MBR code
    ---- Threads - GMER 2.0 ----
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2212:6124] 000007fefb792a7c
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2212:5124] 000007feea0fd618
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2212:3236] 000007fef9215124
    ---- EOF - GMER 2.0 ----
     
  2. joob

    joob Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    20
    Could anyone help with this problem? Many thanks.
     
  3. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hello joob, and Welcome to the forum!

    My name is wannabeageek and I'll be helping you with any malware problems.
    I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
    Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

    Before we begin, please read and follow these important guidelines, so things will proceed smoothly.

    1. The instructions being given are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    2. You must have Administrator rights, permissions for this computer.
    3. DO NOT run any other fix or removal tools unless instructed to do so!
    4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
    6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
    7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

      Absence of symptoms does not mean that everything is clear.


    I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

    Please take time to read TSG Forum Guidelines and Rules where the conditions for receiving help here are explained.

    Please read all instructions carefully before executing and perform the steps, in the order given.
    lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

    Because of this, I advise you to backup any personal files and folders before you start
     
  4. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hello joob,


    Step 1.
    FRST in Recovery Environment
    Please download FRST64.exe ... by Farbar. Save it to a FLASH drive.


    1. Plug the flashdrive into the infected PC.
    2. Enter System Recovery Options.
      • To enter System Recovery Options from the Boot Menu ....
        • Restart the computer.
        • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
        • Use the arrow keys to select Repair your computer.
        • Select the operating system you want to repair, and then click Next.
        • Select your user account and click Next.
      • To enter System Recovery Options by using Windows installation disk ....
        • Insert the installation disk.
        • Restart your computer.
        • If prompted, press any key to start Windows from the installation disc.
        • If your computer is not configured to start from a CD or DVD, check your BIOS settings.
        • Choose your language settings, and then click Next.
        • Click Repair your computer.
        • Select the operating system you want to repair, and then click Next.
        • Select your user account and click Next.
    3. In the System Recovery Options Menu you will see the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Scan your computer's memory for errors.
        Command Prompt

      • Select Command Prompt
        • In the command window type in notepad and press Enter.
        • Notepad will open.
          Under File menu select Open.
        • Select "Computer" and find your flash drive letter.
        • Close Notepad.
      • In the command window type E:\frst.exe and press Enter. (Note: Replace letter E with the drive letter of your flash drive.)
    4. The tool will start to run.
    5. When the tool opens click Yes to disclaimer.
    6. Press Scan button.
    7. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  5. joob

    joob Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    20
    Hi. Here's the scan as requested. Many thanks.



    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2013
    Ran by SYSTEM at 14-02-2013 14:31:05
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1814312 2010-10-08] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-12-17] (Sun Microsystems, Inc.)
    HKLM\...\Run: [EPSON Stylus DX4800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIADE.EXE /F "C:\Windows\TEMP\E_SE262.tmp" /EF "HKLM" [66 2010-12-13] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
    HKLM-x32\...\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-09-23] (Google)
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1124016 2013-02-10] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
    HKU\HomeGroupUser$\...\Run: [ROC_JAN2013_TB] "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB [1177168 2013-01-22] ()
    HKU\HomeGroupUser$\...\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x]
    HKU\Jo Bowman\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
    HKU\Jo Bowman\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
    HKU\Jo Bowman\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2988784 2011-01-13] (SUPERAntiSpyware.com)
    HKU\Jo Bowman\...\Run: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" [x]
    HKU\Jo Bowman\...\Run: [Google Update] "C:\Users\Jo Bowman\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2011-04-13] (Google Inc.)
    HKU\Jo Bowman\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
    HKU\Jo Bowman\...\Policies\system: [DisableLockWorkstation] 0
    HKU\Jo Bowman\...\Policies\system: [DisableChangePassword] 0
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\Jo Bowman\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\Jo Bowman\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Services (Whitelisted) ===================

    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [128752 2010-06-29] (SUPERAntiSpyware.com)
    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [517448 2010-10-06] ()
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5174392 2012-11-01] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
    3 GoogleDesktopManager-051210-111108; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-09-23] (Google)
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
    2 vToolbarUpdater14.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe [965296 2013-02-10] ()

    ==================== Drivers (Whitelisted) =====================

    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-09] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [307040 2012-11-07] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-10] (AVG Technologies)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    4 eabfiltr; [x]
    3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
    3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
    3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-02-14 14:30 - 2013-02-14 14:30 - 00000000 ____D C:\FRST
    2013-02-14 14:17 - 2013-02-14 14:17 - 00000000 ____D C:\Users\All Users\Recovery
    2013-02-14 02:08 - 2013-02-14 02:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{1BEE075B-83C1-4857-8914-9721406E2AC6}
    2013-02-13 14:07 - 2013-02-13 14:07 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{701538C2-1B2A-4EEC-8EBB-EA7AB99C8269}
    2013-02-13 02:06 - 2013-02-13 02:07 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{94B825D7-BC86-48B5-B376-7E556D9039AB}
    2013-02-12 14:06 - 2013-02-12 14:06 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{95528A34-D483-4DFE-B665-B8EA113B5A02}
    2013-02-12 01:32 - 2013-02-12 01:32 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{1971C400-4A98-47BB-82AC-37642821940D}
    2013-02-11 01:04 - 2013-02-11 01:05 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{2E588501-3AE1-4052-BF70-A8F1CBD3FA67}
    2013-02-10 11:59 - 2013-02-10 11:59 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{3B167F26-C60F-4C78-BD27-2530AD5A3009}
    2013-02-08 14:07 - 2013-02-08 14:07 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{0125AE71-3D0B-43A4-9EA6-35F059140AB9}
    2013-02-08 02:06 - 2013-02-08 02:07 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{C46C11EA-D973-4CA7-984B-2D8A98477CEB}
    2013-02-07 14:58 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
    2013-02-07 14:58 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
    2013-02-07 14:58 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
    2013-02-07 14:58 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2013-02-07 14:58 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2013-02-07 14:58 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
    2013-02-07 14:58 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2013-02-07 14:58 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
    2013-02-07 14:58 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
    2013-02-07 14:58 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2013-02-07 14:58 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
    2013-02-07 14:58 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
    2013-02-07 14:58 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2013-02-07 14:58 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
    2013-02-07 14:58 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2013-02-07 14:58 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
    2013-02-07 14:58 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2013-02-07 14:58 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2013-02-07 14:58 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
    2013-02-07 14:58 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2013-02-07 14:58 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
    2013-02-07 14:58 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2013-02-07 14:58 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2013-02-07 14:58 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2013-02-07 14:57 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2013-02-07 14:57 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2013-02-07 14:57 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2013-02-07 14:57 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2013-02-07 14:57 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2013-02-07 14:57 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2013-02-07 14:57 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2013-02-07 14:57 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2013-02-07 14:57 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2013-02-07 14:06 - 2013-02-07 14:06 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{04B4E53F-9A79-4DC2-AEC7-E2A9298E94C7}
    2013-02-07 01:17 - 2013-02-07 01:17 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{B464F0D1-2867-4ED8-9EFC-66E46C4A3DF3}
    2013-02-07 01:16 - 2013-02-07 01:16 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{8239A43F-9100-4B42-A04C-6E6219FE4DC1}
    2013-02-06 01:42 - 2013-02-06 01:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-02-06 01:01 - 2013-02-06 01:01 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{F57CF64F-2FA5-4956-B3C3-45BDE2425239}
    2013-02-05 02:55 - 2013-02-05 02:55 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-02-05 01:19 - 2013-02-05 01:19 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{96DA4015-4297-477D-BF22-51EB154171F7}
    2013-02-04 13:18 - 2013-02-04 13:19 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{B9D35063-E10C-43D6-8829-9B1ADF8D5EF6}
    2013-02-04 01:18 - 2013-02-04 01:18 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{2BC91E1A-6D0E-4031-8DC1-E39341E8745F}
    2013-02-03 07:16 - 2013-02-05 00:55 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForJo Bowman.job
    2013-02-03 06:08 - 2013-02-03 06:09 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{D3450F29-A240-46C3-95EE-84BD06FD8015}
    2013-02-02 02:01 - 2013-02-02 02:01 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{63B60081-3774-4D18-970E-122B18A579D1}
    2013-02-01 02:04 - 2013-02-01 02:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2013-02-01 02:04 - 2013-02-01 02:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
    2013-02-01 01:11 - 2013-02-01 01:12 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{16F21B80-8A21-445A-9578-8FB3C2170F49}
    2013-01-31 01:58 - 2013-01-31 01:59 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{46723F74-7A11-43DE-B43F-ADDF44679A6B}
    2013-01-31 01:56 - 2013-01-31 01:56 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{76F9B119-7DED-43B7-B6E6-9472CF97F3C5}
    2013-01-31 01:53 - 2013-01-31 01:53 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{432F1F80-CA65-4525-BD63-156C8B115E22}
    2013-01-30 01:08 - 2013-01-30 01:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{A3E2C8A5-8092-49B1-BC02-7304030B4F5B}
    2013-01-29 12:59 - 2013-01-29 13:00 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{E5AEF1FC-E97A-4B7F-B656-531580A59A05}
    2013-01-29 00:52 - 2013-01-29 00:52 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{EB8C347A-1D2C-4051-B5CC-12E8462A5D28}
    2013-01-28 00:39 - 2013-01-28 00:39 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{31756685-BC7B-49A4-9380-FB7F444798F3}
    2013-01-27 07:30 - 2013-01-27 07:30 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{60636521-F69E-47E9-82C3-FCEC5AD035B3}
    2013-01-26 06:25 - 2013-01-26 06:26 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{DC9DB91B-ED43-4AEB-9701-F165F168E7E2}
    2013-01-25 00:58 - 2013-01-25 00:58 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{F348F5CE-8F1A-4D54-8970-77E77E13B6CD}
    2013-01-24 11:37 - 2013-01-24 11:37 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{C148AB45-72C5-4866-9E3B-24B8D1C51DED}
    2013-01-23 23:08 - 2013-01-23 23:09 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{7F4439EC-5762-4189-A273-732F824B76C9}
    2013-01-23 01:42 - 2013-01-23 01:43 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{16C9BE0B-4CA7-4262-9F75-5FF453B50F2B}
    2013-01-22 13:42 - 2013-01-22 13:42 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{76D08A1C-A21F-448E-80B4-0807831CAB03}
    2013-01-22 01:19 - 2013-02-11 01:02 - 00000354 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
    2013-01-22 01:16 - 2013-01-22 01:16 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{0BACC121-9AFE-4F27-A1D9-94A795334DED}
    2013-01-21 02:01 - 2013-01-21 02:02 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{9609D731-F245-4E04-9330-9CC1C203FB29}
    2013-01-20 13:41 - 2013-01-20 13:42 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{CB0B5EA6-28B0-4F33-B778-2F6C4C2BEC25}
    2013-01-18 14:10 - 2013-01-18 14:11 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{898890BE-55F3-4C44-A613-CA9DF5A52171}
    2013-01-18 02:10 - 2013-01-18 02:10 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{AA11082B-366F-4ABD-8E61-E7F628835EAC}
    2013-01-18 02:08 - 2013-01-18 02:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{D97836E3-B458-4569-A3CC-88FA8814E76D}
    2013-01-17 04:46 - 2013-01-17 04:46 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{740845D1-5A0A-49E8-89AF-47E20086F2B2}
    2013-01-16 02:28 - 2013-01-16 02:28 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{3AA9FC0E-A20B-4755-AE56-C8A33773AACF}
    2013-01-16 02:27 - 2013-01-16 02:27 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{FFD636CE-BA9B-44B5-9EAA-ED50792D2F75}
    2013-01-15 00:58 - 2013-01-15 00:58 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{B2FC1960-87D7-4164-ABFB-1EF77A461851}

    ==================== One Month Modified Files and Folders =======

    2013-02-14 14:30 - 2013-02-14 14:30 - 00000000 ____D C:\FRST
    2013-02-14 14:17 - 2013-02-14 14:17 - 00000000 ____D C:\Users\All Users\Recovery
    2013-02-14 06:14 - 2010-07-25 01:34 - 01706457 ____A C:\Windows\WindowsUpdate.log
    2013-02-14 06:12 - 2010-09-23 14:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Roaming\Skype
    2013-02-14 05:33 - 2011-04-13 21:32 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-158352679-13925165-2501972755-1001UA.job
    2013-02-14 05:32 - 2012-04-28 05:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-02-14 05:21 - 2011-12-24 10:33 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-02-14 04:31 - 2009-07-13 20:51 - 00349536 ____A C:\Windows\setupact.log
    2013-02-14 03:42 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-02-14 02:08 - 2013-02-14 02:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{1BEE075B-83C1-4857-8914-9721406E2AC6}
    2013-02-14 01:33 - 2011-04-13 21:32 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-158352679-13925165-2501972755-1001Core.job
    2013-02-14 01:15 - 2010-10-23 14:02 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2013-02-13 14:07 - 2013-02-13 14:07 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{701538C2-1B2A-4EEC-8EBB-EA7AB99C8269}
    2013-02-13 06:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2013-02-13 06:21 - 2011-12-24 10:33 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-02-13 02:07 - 2013-02-13 02:06 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{94B825D7-BC86-48B5-B376-7E556D9039AB}
    2013-02-12 14:06 - 2013-02-12 14:06 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{95528A34-D483-4DFE-B665-B8EA113B5A02}
    2013-02-12 01:32 - 2013-02-12 01:32 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{1971C400-4A98-47BB-82AC-37642821940D}
    2013-02-11 05:54 - 2010-09-23 13:29 - 00115464 ____A C:\Users\Jo Bowman\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-02-11 04:08 - 2009-12-17 03:20 - 00000000 ____D C:\Users\All Users\Adobe
    2013-02-11 04:08 - 2009-12-17 03:20 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-02-11 01:11 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-02-11 01:11 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-02-11 01:05 - 2013-02-11 01:04 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{2E588501-3AE1-4052-BF70-A8F1CBD3FA67}
    2013-02-11 01:03 - 2012-03-29 00:29 - 00000000 ____D C:\Users\Jo Bowman\AppData\Roaming\Dropbox
    2013-02-11 01:02 - 2013-01-22 01:19 - 00000354 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
    2013-02-11 01:02 - 2012-03-29 00:38 - 00000000 ___RD C:\Users\Jo Bowman\Dropbox
    2013-02-11 01:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-02-10 11:59 - 2013-02-10 11:59 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{3B167F26-C60F-4C78-BD27-2530AD5A3009}
    2013-02-10 11:53 - 2012-09-04 05:42 - 00039768 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2013-02-10 11:53 - 2012-03-09 16:02 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2013-02-08 14:07 - 2013-02-08 14:07 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{0125AE71-3D0B-43A4-9EA6-35F059140AB9}
    2013-02-08 12:36 - 2010-09-23 12:26 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\VirtualStore
    2013-02-08 05:27 - 2010-10-11 11:48 - 00000000 ____D C:\Users\Jo Bowman\Documents\Youcam
    2013-02-08 02:35 - 2012-04-28 05:24 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-02-08 02:35 - 2011-07-12 21:25 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-02-08 02:07 - 2013-02-08 02:06 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{C46C11EA-D973-4CA7-984B-2D8A98477CEB}
    2013-02-07 15:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2013-02-07 14:50 - 2012-03-29 00:38 - 00001032 ____A C:\Users\Jo Bowman\Desktop\Dropbox.lnk
    2013-02-07 14:43 - 2012-05-02 21:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-02-07 14:06 - 2013-02-07 14:06 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{04B4E53F-9A79-4DC2-AEC7-E2A9298E94C7}
    2013-02-07 04:45 - 2012-12-11 00:43 - 00000000 ____D C:\Users\Jo Bowman\Desktop\Adobe Acrobat XI Pro
    2013-02-07 01:17 - 2013-02-07 01:17 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{B464F0D1-2867-4ED8-9EFC-66E46C4A3DF3}
    2013-02-07 01:16 - 2013-02-07 01:16 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{8239A43F-9100-4B42-A04C-6E6219FE4DC1}
    2013-02-06 01:43 - 2013-02-06 01:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-02-06 01:01 - 2013-02-06 01:01 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{F57CF64F-2FA5-4956-B3C3-45BDE2425239}
    2013-02-05 02:55 - 2013-02-05 02:55 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-02-05 02:55 - 2010-09-23 14:08 - 00000000 ____D C:\Users\All Users\Skype
    2013-02-05 01:19 - 2013-02-05 01:19 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{96DA4015-4297-477D-BF22-51EB154171F7}
    2013-02-05 00:55 - 2013-02-03 07:16 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForJo Bowman.job
    2013-02-05 00:54 - 2010-07-25 01:36 - 00310114 ____A C:\Windows\PFRO.log
    2013-02-04 13:19 - 2013-02-04 13:18 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{B9D35063-E10C-43D6-8829-9B1ADF8D5EF6}
    2013-02-04 01:18 - 2013-02-04 01:18 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{2BC91E1A-6D0E-4031-8DC1-E39341E8745F}
    2013-02-03 06:09 - 2013-02-03 06:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{D3450F29-A240-46C3-95EE-84BD06FD8015}
    2013-02-02 02:01 - 2013-02-02 02:01 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{63B60081-3774-4D18-970E-122B18A579D1}
    2013-02-01 02:04 - 2013-02-01 02:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2013-02-01 02:04 - 2013-02-01 02:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
    2013-02-01 02:04 - 2010-10-23 13:47 - 00000000 ____D C:\Users\All Users\MFAData
    2013-02-01 01:12 - 2013-02-01 01:11 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{16F21B80-8A21-445A-9578-8FB3C2170F49}
    2013-01-31 01:59 - 2013-01-31 01:58 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{46723F74-7A11-43DE-B43F-ADDF44679A6B}
    2013-01-31 01:56 - 2013-01-31 01:56 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{76F9B119-7DED-43B7-B6E6-9472CF97F3C5}
    2013-01-31 01:53 - 2013-01-31 01:53 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{432F1F80-CA65-4525-BD63-156C8B115E22}
    2013-01-30 01:08 - 2013-01-30 01:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{A3E2C8A5-8092-49B1-BC02-7304030B4F5B}
    2013-01-29 13:00 - 2013-01-29 12:59 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{E5AEF1FC-E97A-4B7F-B656-531580A59A05}
    2013-01-29 00:52 - 2013-01-29 00:52 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{EB8C347A-1D2C-4051-B5CC-12E8462A5D28}
    2013-01-28 00:39 - 2013-01-28 00:39 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{31756685-BC7B-49A4-9380-FB7F444798F3}
    2013-01-27 07:30 - 2013-01-27 07:30 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{60636521-F69E-47E9-82C3-FCEC5AD035B3}
    2013-01-26 06:26 - 2013-01-26 06:25 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{DC9DB91B-ED43-4AEB-9701-F165F168E7E2}
    2013-01-25 00:58 - 2013-01-25 00:58 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{F348F5CE-8F1A-4D54-8970-77E77E13B6CD}
    2013-01-24 11:37 - 2013-01-24 11:37 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{C148AB45-72C5-4866-9E3B-24B8D1C51DED}
    2013-01-23 23:09 - 2013-01-23 23:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{7F4439EC-5762-4189-A273-732F824B76C9}
    2013-01-23 01:43 - 2013-01-23 01:42 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{16C9BE0B-4CA7-4262-9F75-5FF453B50F2B}
    2013-01-22 13:42 - 2013-01-22 13:42 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{76D08A1C-A21F-448E-80B4-0807831CAB03}
    2013-01-22 01:16 - 2013-01-22 01:16 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{0BACC121-9AFE-4F27-A1D9-94A795334DED}
    2013-01-21 02:02 - 2013-01-21 02:01 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{9609D731-F245-4E04-9330-9CC1C203FB29}
    2013-01-20 13:42 - 2013-01-20 13:41 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{CB0B5EA6-28B0-4F33-B778-2F6C4C2BEC25}
    2013-01-18 14:11 - 2013-01-18 14:10 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{898890BE-55F3-4C44-A613-CA9DF5A52171}
    2013-01-18 02:10 - 2013-01-18 02:10 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{AA11082B-366F-4ABD-8E61-E7F628835EAC}
    2013-01-18 02:08 - 2013-01-18 02:08 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{D97836E3-B458-4569-A3CC-88FA8814E76D}
    2013-01-17 04:46 - 2013-01-17 04:46 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{740845D1-5A0A-49E8-89AF-47E20086F2B2}
    2013-01-16 02:28 - 2013-01-16 02:28 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{3AA9FC0E-A20B-4755-AE56-C8A33773AACF}
    2013-01-16 02:27 - 2013-01-16 02:27 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{FFD636CE-BA9B-44B5-9EAA-ED50792D2F75}
    2013-01-15 00:58 - 2013-01-15 00:58 - 00000000 ____D C:\Users\Jo Bowman\AppData\Local\{B2FC1960-87D7-4164-ABFB-1EF77A461851}


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-02-07 14:58:10
    Restore point made on: 2013-02-07 15:26:59
    Restore point made on: 2013-02-11 03:59:47

    ==================== Memory info ===========================

    Percentage of memory in use: 22%
    Total physical RAM: 2812.2 MB
    Available physical RAM: 2170.18 MB
    Total Pagefile: 2810.35 MB
    Available Pagefile: 2166.03 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:284.48 GB) (Free:179.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:13.31 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    5 Drive h: (KINGSTON) (Removable) (Total:3.75 GB) (Free:3.22 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 3852 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 7661831D

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 284 GB 200 MB
    Partition 3 Primary 13 GB 284 GB
    Partition 4 Primary 103 MB 297 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 284 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

    =========================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 04030201

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3851 MB 4096 B

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H KINGSTON FAT32 Removable 3851 MB Healthy

    =========================================================

    Last Boot: 2013-02-13 06:13

    ==================== End Of Log =============================
     
  6. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hello joob,

    Please run the following and post the results. depending upon the length of the logs you may have to make 2 posts.



    Step 1.
    TDSSKiller

    Please download TDSSKiller.exe and save it to your Desktop.

    1. Right click on TDSSKiller.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    2. Click on Start Scan, the scan will run.
    3. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    4. Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    5. To find the log go to Start > Computer > C:
    6. A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
    7. Post the contents of that log in your next reply please.
    8. DO NOT TRY TO FIX ANYTHING AT THIS POINT




    Step 2.
    OTL
    Please download OTL ... by Old Timer . Save it to your Desktop.

    1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    2. Click the Scan All Users checkbox.
    3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
      Leave the remaining selections to the default settings.
    4. Click on Run Scan at the top left hand corner.
    5. When done, two Notepad files will open.
      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.
    6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.




    Please include in your next reply:

    1. Contents of TDSSKiller.2.4.0.0 24.07.2010 log
    2. Contents of OTL.txt
    3. Contents of Extras.txt
    4. Any problem executing the instructions?

    Thanks,
    wbg
     
  7. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi joob.

    It has been three days since my last post.


    • Do you still need help?
    • Do you need more time?
    • Are you having problems following my instructions?
    • These topics will self- close after 45 days without a response.
    • If you do not reply within the next 48 hours, I will remove this topic from my notification list.
    • If you post back after 5 days but before 45 days, PM me and wait for a response.
    • If you still need help after 45 days post a new log on a new thread.
     
  8. joob

    joob Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    20
    18:50:14.0349 2480 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    18:50:14.0910 2480 ============================================================
    18:50:14.0910 2480 Current date / time: 2013/02/23 18:50:14.0910
    18:50:14.0910 2480 SystemInfo:
    18:50:14.0910 2480
    18:50:14.0910 2480 OS Version: 6.1.7601 ServicePack: 1.0
    18:50:14.0910 2480 Product type: Workstation
    18:50:14.0910 2480 ComputerName: JOBOWMAN-PC
    18:50:14.0910 2480 UserName: Jo Bowman
    18:50:14.0910 2480 Windows directory: C:\Windows
    18:50:14.0910 2480 System windows directory: C:\Windows
    18:50:14.0910 2480 Running under WOW64
    18:50:14.0910 2480 Processor architecture: Intel x64
    18:50:14.0910 2480 Number of processors: 2
    18:50:14.0910 2480 Page size: 0x1000
    18:50:14.0910 2480 Boot type: Normal boot
    18:50:14.0910 2480 ============================================================
    18:50:18.0436 2480 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:50:18.0451 2480 ============================================================
    18:50:18.0451 2480 \Device\Harddisk0\DR0:
    18:50:18.0451 2480 MBR partitions:
    18:50:18.0451 2480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    18:50:18.0451 2480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x238F6800
    18:50:18.0451 2480 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2395A800, BlocksNum 0x1AA0000
    18:50:18.0451 2480 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
    18:50:18.0451 2480 ============================================================
    18:50:18.0529 2480 C: <-> \Device\Harddisk0\DR0\Partition2
    18:50:18.0576 2480 D: <-> \Device\Harddisk0\DR0\Partition3
    18:50:18.0592 2480 E: <-> \Device\Harddisk0\DR0\Partition4
    18:50:18.0670 2480 ============================================================
    18:50:18.0670 2480 Initialize success
    18:50:18.0670 2480 ============================================================
    18:50:39.0309 4556 ============================================================
    18:50:39.0309 4556 Scan started
    18:50:39.0309 4556 Mode: Manual;
    18:50:39.0309 4556 ============================================================
    18:50:42.0710 4556 ================ Scan system memory ========================
    18:50:42.0710 4556 System memory - ok
    18:50:42.0710 4556 ================ Scan services =============================
    18:50:42.0834 4556 [ A0709B82FA3B5AFAD1467E565B8B3BA0 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    18:50:42.0897 4556 !SASCORE - ok
    18:50:43.0521 4556 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    18:50:43.0583 4556 1394ohci - ok
    18:50:43.0692 4556 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    18:50:43.0724 4556 ACPI - ok
    18:50:43.0833 4556 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    18:50:43.0911 4556 AcpiPmi - ok
    18:50:44.0160 4556 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    18:50:44.0223 4556 AdobeARMservice - ok
    18:50:44.0628 4556 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    18:50:44.0628 4556 AdobeFlashPlayerUpdateSvc - ok
    18:50:44.0675 4556 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    18:50:44.0722 4556 adp94xx - ok
    18:50:44.0769 4556 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    18:50:44.0784 4556 adpahci - ok
    18:50:44.0816 4556 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    18:50:44.0831 4556 adpu320 - ok
    18:50:44.0878 4556 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    18:50:44.0909 4556 AeLookupSvc - ok
    18:50:45.0268 4556 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    18:50:45.0315 4556 AESTFilters - ok
    18:50:45.0455 4556 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    18:50:45.0518 4556 AFD - ok
    18:50:45.0627 4556 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    18:50:45.0720 4556 AgereSoftModem - ok
    18:50:45.0783 4556 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    18:50:45.0814 4556 agp440 - ok
    18:50:45.0845 4556 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    18:50:45.0861 4556 ALG - ok
    18:50:45.0876 4556 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    18:50:45.0908 4556 aliide - ok
    18:50:45.0954 4556 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    18:50:45.0986 4556 AMD External Events Utility - ok
    18:50:46.0064 4556 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    18:50:46.0079 4556 amdide - ok
    18:50:46.0142 4556 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    18:50:46.0173 4556 AmdK8 - ok
    18:50:46.0204 4556 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    18:50:46.0251 4556 AmdPPM - ok
    18:50:46.0344 4556 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    18:50:46.0376 4556 amdsata - ok
    18:50:46.0422 4556 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    18:50:46.0469 4556 amdsbs - ok
    18:50:46.0625 4556 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    18:50:46.0656 4556 amdxata - ok
    18:50:46.0766 4556 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    18:50:46.0797 4556 AppID - ok
    18:50:46.0844 4556 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    18:50:46.0922 4556 AppIDSvc - ok
    18:50:47.0000 4556 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    18:50:47.0000 4556 Appinfo - ok
    18:50:47.0046 4556 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    18:50:47.0062 4556 arc - ok
    18:50:47.0093 4556 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    18:50:47.0109 4556 arcsas - ok
    18:50:47.0156 4556 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    18:50:47.0187 4556 AsyncMac - ok
    18:50:47.0218 4556 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    18:50:47.0218 4556 atapi - ok
    18:50:47.0343 4556 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
    18:50:47.0468 4556 athr - ok
    18:50:47.0530 4556 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    18:50:47.0577 4556 AtiHdmiService - ok
    18:50:47.0780 4556 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    18:50:47.0998 4556 atikmdag - ok
    18:50:48.0045 4556 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
    18:50:48.0045 4556 AtiPcie - ok
    18:50:48.0107 4556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    18:50:48.0138 4556 AudioEndpointBuilder - ok
    18:50:48.0170 4556 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    18:50:48.0185 4556 AudioSrv - ok
    18:50:48.0279 4556 [ 22C5480B58F4A6322F844F18720ACD6B ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
    18:50:48.0341 4556 AVG Security Toolbar Service - ok
    18:50:48.0778 4556 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    18:50:48.0950 4556 AVGIDSAgent - ok
    18:50:48.0981 4556 [ 633360E94804E7BAFE642017817C9413 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    18:50:48.0996 4556 AVGIDSDriver - ok
    18:50:49.0043 4556 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
    18:50:49.0090 4556 AVGIDSFilter - ok
    18:50:49.0184 4556 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    18:50:49.0246 4556 AVGIDSHA - ok
    18:50:49.0324 4556 [ BE8BC5D10ABA05D7F6E79D8296906C86 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    18:50:49.0371 4556 Avgldx64 - ok
    18:50:49.0386 4556 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    18:50:49.0402 4556 Avgmfx64 - ok
    18:50:49.0464 4556 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    18:50:49.0496 4556 Avgrkx64 - ok
    18:50:49.0620 4556 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    18:50:49.0698 4556 Avgtdia - ok
    18:50:49.0823 4556 [ 4C05242DC361A217223E9B8EC2B3A76B ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    18:50:49.0901 4556 avgtp - ok
    18:50:49.0979 4556 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    18:50:49.0995 4556 avgwd - ok
    18:50:50.0073 4556 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    18:50:50.0135 4556 AxInstSV - ok
    18:50:50.0198 4556 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    18:50:50.0260 4556 b06bdrv - ok
    18:50:50.0369 4556 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:50:50.0416 4556 b57nd60a - ok
    18:50:50.0478 4556 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    18:50:50.0478 4556 BDESVC - ok
    18:50:50.0525 4556 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    18:50:50.0525 4556 Beep - ok
    18:50:50.0697 4556 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    18:50:50.0728 4556 BFE - ok
    18:50:50.0775 4556 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    18:50:50.0822 4556 BITS - ok
    18:50:50.0853 4556 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    18:50:50.0853 4556 blbdrive - ok
    18:50:50.0915 4556 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    18:50:50.0978 4556 bowser - ok
    18:50:51.0056 4556 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:50:51.0134 4556 BrFiltLo - ok
    18:50:51.0165 4556 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:50:51.0227 4556 BrFiltUp - ok
    18:50:51.0290 4556 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    18:50:51.0336 4556 Browser - ok
    18:50:51.0414 4556 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    18:50:51.0508 4556 Brserid - ok
    18:50:51.0555 4556 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    18:50:51.0570 4556 BrSerWdm - ok
    18:50:51.0586 4556 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:50:51.0648 4556 BrUsbMdm - ok
    18:50:51.0695 4556 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    18:50:51.0726 4556 BrUsbSer - ok
    18:50:51.0773 4556 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    18:50:51.0820 4556 BTHMODEM - ok
    18:50:51.0867 4556 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    18:50:51.0867 4556 bthserv - ok
    18:50:51.0898 4556 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    18:50:51.0898 4556 cdfs - ok
    18:50:51.0992 4556 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    18:50:52.0007 4556 cdrom - ok
    18:50:52.0054 4556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    18:50:52.0054 4556 CertPropSvc - ok
    18:50:52.0070 4556 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    18:50:52.0116 4556 circlass - ok
    18:50:52.0148 4556 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    18:50:52.0163 4556 CLFS - ok
    18:50:52.0241 4556 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:50:52.0272 4556 clr_optimization_v2.0.50727_32 - ok
    18:50:52.0335 4556 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:50:52.0350 4556 clr_optimization_v2.0.50727_64 - ok
    18:50:52.0413 4556 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:50:52.0475 4556 clr_optimization_v4.0.30319_32 - ok
    18:50:52.0506 4556 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:50:52.0569 4556 clr_optimization_v4.0.30319_64 - ok
    18:50:52.0600 4556 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    18:50:52.0631 4556 CmBatt - ok
    18:50:52.0678 4556 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    18:50:52.0678 4556 cmdide - ok
    18:50:52.0740 4556 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
    18:50:52.0787 4556 CNG - ok
    18:50:52.0881 4556 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    18:50:52.0943 4556 Com4QLBEx - ok
    18:50:53.0052 4556 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    18:50:53.0052 4556 Compbatt - ok
    18:50:53.0115 4556 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    18:50:53.0115 4556 CompositeBus - ok
    18:50:53.0130 4556 COMSysApp - ok
    18:50:53.0177 4556 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    18:50:53.0177 4556 crcdisk - ok
    18:50:53.0255 4556 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    18:50:53.0333 4556 CryptSvc - ok
    18:50:53.0380 4556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    18:50:53.0411 4556 DcomLaunch - ok
    18:50:53.0442 4556 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    18:50:53.0458 4556 defragsvc - ok
    18:50:53.0520 4556 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    18:50:53.0536 4556 DfsC - ok
    18:50:53.0583 4556 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    18:50:53.0630 4556 Dhcp - ok
    18:50:53.0661 4556 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    18:50:53.0676 4556 discache - ok
    18:50:53.0723 4556 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    18:50:53.0739 4556 Disk - ok
    18:50:53.0786 4556 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    18:50:53.0786 4556 Dnscache - ok
    18:50:53.0848 4556 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    18:50:53.0895 4556 dot3svc - ok
    18:50:53.0942 4556 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    18:50:53.0973 4556 DPS - ok
    18:50:54.0004 4556 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    18:50:54.0020 4556 drmkaud - ok
    18:50:54.0144 4556 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    18:50:54.0207 4556 DXGKrnl - ok
    18:50:54.0254 4556 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    18:50:54.0254 4556 EapHost - ok
    18:50:54.0503 4556 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    18:50:54.0644 4556 ebdrv - ok
    18:50:54.0675 4556 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    18:50:54.0706 4556 EFS - ok
    18:50:54.0831 4556 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    18:50:54.0909 4556 ehRecvr - ok
    18:50:54.0940 4556 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    18:50:54.0971 4556 ehSched - ok
    18:50:55.0034 4556 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    18:50:55.0080 4556 elxstor - ok
    18:50:55.0143 4556 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    18:50:55.0143 4556 ErrDev - ok
    18:50:55.0236 4556 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    18:50:55.0252 4556 EventSystem - ok
    18:50:55.0299 4556 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    18:50:55.0314 4556 exfat - ok
    18:50:55.0346 4556 ezSharedSvc - ok
    18:50:55.0377 4556 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    18:50:55.0392 4556 fastfat - ok
    18:50:55.0455 4556 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    18:50:55.0502 4556 Fax - ok
    18:50:55.0533 4556 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    18:50:55.0533 4556 fdc - ok
    18:50:55.0564 4556 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    18:50:55.0595 4556 fdPHost - ok
    18:50:55.0642 4556 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    18:50:55.0642 4556 FDResPub - ok
    18:50:55.0673 4556 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    18:50:55.0767 4556 FileInfo - ok
    18:50:55.0798 4556 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    18:50:55.0829 4556 Filetrace - ok
    18:50:55.0876 4556 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    18:50:55.0938 4556 flpydisk - ok
    18:50:56.0032 4556 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    18:50:56.0079 4556 FltMgr - ok
    18:50:56.0219 4556 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    18:50:56.0266 4556 FontCache - ok
    18:50:56.0344 4556 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:50:56.0360 4556 FontCache3.0.0.0 - ok
    18:50:56.0406 4556 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    18:50:56.0453 4556 FsDepends - ok
    18:50:56.0578 4556 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    18:50:56.0640 4556 Fs_Rec - ok
    18:50:56.0750 4556 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    18:50:56.0765 4556 fvevol - ok
    18:50:56.0796 4556 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:50:56.0796 4556 gagp30kx - ok
    18:50:56.0906 4556 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    18:50:56.0937 4556 GoogleDesktopManager-051210-111108 - ok
    18:50:56.0999 4556 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    18:50:57.0030 4556 gpsvc - ok
    18:50:57.0202 4556 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:50:57.0218 4556 gupdate - ok
    18:50:57.0233 4556 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:50:57.0249 4556 gupdatem - ok
    18:50:57.0264 4556 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    18:50:57.0327 4556 hcw85cir - ok
    18:50:57.0405 4556 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    18:50:57.0452 4556 HdAudAddService - ok
    18:50:57.0483 4556 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    18:50:57.0514 4556 HDAudBus - ok
    18:50:57.0545 4556 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    18:50:57.0576 4556 HidBatt - ok
    18:50:57.0608 4556 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    18:50:57.0608 4556 HidBth - ok
    18:50:57.0639 4556 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    18:50:57.0639 4556 HidIr - ok
    18:50:57.0670 4556 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    18:50:57.0686 4556 hidserv - ok
    18:50:57.0701 4556 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    18:50:57.0732 4556 HidUsb - ok
    18:50:57.0779 4556 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    18:50:57.0795 4556 hkmsvc - ok
    18:50:57.0842 4556 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    18:50:57.0888 4556 HomeGroupListener - ok
    18:50:57.0935 4556 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    18:50:57.0951 4556 HomeGroupProvider - ok
    18:50:58.0029 4556 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    18:50:58.0044 4556 HP Support Assistant Service - ok
    18:50:58.0122 4556 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    18:50:58.0169 4556 HPDrvMntSvc.exe - ok
    18:50:58.0185 4556 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    18:50:58.0247 4556 HpqKbFiltr - ok
    18:50:58.0388 4556 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    18:50:58.0434 4556 hpqwmiex - ok
    18:50:58.0481 4556 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    18:50:58.0528 4556 HpSAMD - ok
    18:50:58.0606 4556 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    18:50:58.0653 4556 HTTP - ok
    18:50:58.0715 4556 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    18:50:58.0731 4556 hwpolicy - ok
    18:50:58.0793 4556 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    18:50:58.0809 4556 i8042prt - ok
    18:50:58.0887 4556 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    18:50:58.0902 4556 iaStorV - ok
    18:50:58.0965 4556 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:50:59.0012 4556 idsvc - ok
    18:50:59.0230 4556 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    18:50:59.0402 4556 igfx - ok
    18:50:59.0448 4556 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    18:50:59.0480 4556 iirsp - ok
    18:50:59.0542 4556 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    18:50:59.0589 4556 IKEEXT - ok
    18:50:59.0636 4556 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    18:50:59.0651 4556 intelide - ok
    18:50:59.0682 4556 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    18:50:59.0698 4556 intelppm - ok
    18:50:59.0729 4556 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    18:50:59.0745 4556 IPBusEnum - ok
    18:50:59.0823 4556 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:50:59.0854 4556 IpFilterDriver - ok
    18:50:59.0948 4556 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    18:51:00.0166 4556 iphlpsvc - ok
    18:51:00.0228 4556 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    18:51:00.0244 4556 IPMIDRV - ok
    18:51:00.0291 4556 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    18:51:00.0353 4556 IPNAT - ok
    18:51:00.0400 4556 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    18:51:00.0462 4556 IRENUM - ok
    18:51:00.0494 4556 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    18:51:00.0525 4556 isapnp - ok
    18:51:00.0618 4556 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    18:51:00.0650 4556 iScsiPrt - ok
    18:51:00.0681 4556 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    18:51:00.0696 4556 kbdclass - ok
    18:51:00.0759 4556 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    18:51:00.0774 4556 kbdhid - ok
    18:51:00.0821 4556 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    18:51:00.0821 4556 KeyIso - ok
    18:51:00.0884 4556 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    18:51:00.0884 4556 KSecDD - ok
    18:51:00.0962 4556 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    18:51:01.0118 4556 KSecPkg - ok
    18:51:01.0149 4556 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    18:51:01.0180 4556 ksthunk - ok
    18:51:01.0227 4556 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    18:51:01.0242 4556 KtmRm - ok
    18:51:01.0352 4556 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    18:51:01.0367 4556 LanmanServer - ok
    18:51:01.0445 4556 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    18:51:01.0461 4556 LanmanWorkstation - ok
    18:51:01.0648 4556 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    18:51:01.0726 4556 LightScribeService - ok
    18:51:01.0898 4556 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    18:51:01.0944 4556 lltdio - ok
    18:51:02.0007 4556 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    18:51:02.0007 4556 lltdsvc - ok
    18:51:02.0038 4556 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    18:51:02.0054 4556 lmhosts - ok
    18:51:02.0100 4556 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:51:02.0132 4556 LSI_FC - ok
    18:51:02.0163 4556 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:51:02.0178 4556 LSI_SAS - ok
    18:51:02.0194 4556 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:51:02.0194 4556 LSI_SAS2 - ok
    18:51:02.0225 4556 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:51:02.0241 4556 LSI_SCSI - ok
    18:51:02.0288 4556 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    18:51:02.0303 4556 luafv - ok
    18:51:02.0350 4556 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    18:51:02.0366 4556 Mcx2Svc - ok
    18:51:02.0381 4556 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    18:51:02.0397 4556 megasas - ok
    18:51:02.0412 4556 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    18:51:02.0412 4556 MegaSR - ok
    18:51:02.0444 4556 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    18:51:02.0475 4556 MMCSS - ok
    18:51:02.0506 4556 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    18:51:02.0522 4556 Modem - ok
    18:51:02.0553 4556 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    18:51:02.0568 4556 monitor - ok
    18:51:02.0631 4556 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    18:51:02.0646 4556 mouclass - ok
    18:51:02.0662 4556 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    18:51:02.0678 4556 mouhid - ok
    18:51:02.0724 4556 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    18:51:02.0740 4556 mountmgr - ok
    18:51:02.0849 4556 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    18:51:02.0865 4556 MozillaMaintenance - ok
    18:51:02.0912 4556 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    18:51:02.0943 4556 mpio - ok
    18:51:02.0990 4556 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    18:51:03.0005 4556 mpsdrv - ok
    18:51:03.0068 4556 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    18:51:03.0099 4556 MpsSvc - ok
    18:51:03.0161 4556 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    18:51:03.0161 4556 MRxDAV - ok
    18:51:03.0224 4556 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:51:03.0286 4556 mrxsmb - ok
    18:51:03.0348 4556 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:51:03.0395 4556 mrxsmb10 - ok
    18:51:03.0426 4556 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:51:03.0473 4556 mrxsmb20 - ok
    18:51:03.0536 4556 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    18:51:03.0536 4556 msahci - ok
    18:51:03.0598 4556 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    18:51:03.0629 4556 msdsm - ok
    18:51:03.0660 4556 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    18:51:03.0660 4556 MSDTC - ok
    18:51:03.0707 4556 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    18:51:03.0707 4556 Msfs - ok
    18:51:03.0723 4556 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    18:51:03.0738 4556 mshidkmdf - ok
    18:51:03.0770 4556 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    18:51:03.0785 4556 msisadrv - ok
    18:51:03.0832 4556 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    18:51:03.0848 4556 MSiSCSI - ok
    18:51:03.0848 4556 msiserver - ok
    18:51:03.0879 4556 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    18:51:03.0910 4556 MSKSSRV - ok
    18:51:03.0941 4556 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    18:51:03.0941 4556 MSPCLOCK - ok
    18:51:03.0957 4556 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    18:51:03.0957 4556 MSPQM - ok
    18:51:04.0019 4556 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    18:51:04.0050 4556 MsRPC - ok
    18:51:04.0066 4556 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    18:51:04.0082 4556 mssmbios - ok
    18:51:04.0097 4556 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    18:51:04.0097 4556 MSTEE - ok
    18:51:04.0113 4556 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    18:51:04.0128 4556 MTConfig - ok
    18:51:04.0160 4556 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    18:51:04.0175 4556 Mup - ok
    18:51:04.0222 4556 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    18:51:04.0238 4556 napagent - ok
    18:51:04.0284 4556 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    18:51:04.0300 4556 NativeWifiP - ok
    18:51:04.0362 4556 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    18:51:04.0425 4556 NDIS - ok
    18:51:04.0456 4556 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    18:51:04.0472 4556 NdisCap - ok
    18:51:04.0487 4556 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    18:51:04.0487 4556 NdisTapi - ok
    18:51:04.0550 4556 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    18:51:04.0565 4556 Ndisuio - ok
    18:51:04.0612 4556 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    18:51:04.0612 4556 NdisWan - ok
    18:51:04.0659 4556 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    18:51:04.0659 4556 NDProxy - ok
    18:51:04.0721 4556 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    18:51:04.0752 4556 NetBIOS - ok
    18:51:04.0799 4556 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    18:51:04.0846 4556 NetBT - ok
    18:51:04.0862 4556 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    18:51:04.0877 4556 Netlogon - ok
    18:51:04.0940 4556 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    18:51:04.0955 4556 Netman - ok
    18:51:05.0002 4556 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    18:51:05.0018 4556 netprofm - ok
    18:51:05.0064 4556 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:51:05.0096 4556 NetTcpPortSharing - ok
    18:51:05.0548 4556 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    18:51:05.0704 4556 netw5v64 - ok
    18:51:05.0735 4556 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    18:51:05.0751 4556 nfrd960 - ok
    18:51:05.0938 4556 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    18:51:06.0188 4556 NlaSvc - ok
    18:51:06.0250 4556 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    18:51:06.0266 4556 Npfs - ok
    18:51:06.0344 4556 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    18:51:06.0453 4556 nsi - ok
    18:51:06.0484 4556 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    18:51:06.0718 4556 nsiproxy - ok
    18:51:07.0186 4556 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    18:51:07.0295 4556 Ntfs - ok
    18:51:07.0389 4556 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    18:51:07.0467 4556 Null - ok
    18:51:07.0638 4556 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    18:51:07.0654 4556 nvraid - ok
    18:51:07.0748 4556 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    18:51:07.0748 4556 nvstor - ok
    18:51:07.0794 4556 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    18:51:07.0810 4556 nv_agp - ok
    18:51:07.0857 4556 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    18:51:07.0857 4556 ohci1394 - ok
    18:51:07.0950 4556 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:51:07.0982 4556 ose - ok
    18:51:08.0606 4556 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    18:51:08.0762 4556 osppsvc - ok
    18:51:08.0824 4556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    18:51:08.0871 4556 p2pimsvc - ok
    18:51:08.0902 4556 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    18:51:08.0918 4556 p2psvc - ok
    18:51:08.0964 4556 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    18:51:08.0964 4556 Parport - ok
    18:51:09.0011 4556 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    18:51:09.0027 4556 partmgr - ok
    18:51:09.0058 4556 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    18:51:09.0074 4556 PcaSvc - ok
    18:51:09.0120 4556 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    18:51:09.0120 4556 pci - ok
    18:51:09.0136 4556 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    18:51:09.0152 4556 pciide - ok
    18:51:09.0183 4556 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    18:51:09.0198 4556 pcmcia - ok
    18:51:09.0245 4556 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    18:51:09.0261 4556 pcw - ok
    18:51:09.0308 4556 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    18:51:09.0323 4556 PEAUTH - ok
    18:51:09.0417 4556 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    18:51:09.0417 4556 PerfHost - ok
    18:51:09.0526 4556 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    18:51:09.0557 4556 pla - ok
    18:51:09.0620 4556 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    18:51:09.0666 4556 PlugPlay - ok
    18:51:09.0698 4556 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    18:51:09.0698 4556 PNRPAutoReg - ok
    18:51:09.0729 4556 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    18:51:09.0744 4556 PNRPsvc - ok
    18:51:09.0776 4556 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    18:51:09.0807 4556 PolicyAgent - ok
    18:51:09.0854 4556 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    18:51:09.0869 4556 Power - ok
    18:51:09.0900 4556 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    18:51:09.0900 4556 PptpMiniport - ok
    18:51:09.0978 4556 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    18:51:09.0994 4556 Processor - ok
    18:51:10.0103 4556 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    18:51:10.0181 4556 ProfSvc - ok
    18:51:10.0197 4556 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    18:51:10.0212 4556 ProtectedStorage - ok
    18:51:10.0337 4556 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    18:51:10.0384 4556 Psched - ok
    18:51:10.0540 4556 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    18:51:10.0649 4556 ql2300 - ok
    18:51:10.0696 4556 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    18:51:10.0743 4556 ql40xx - ok
    18:51:10.0790 4556 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    18:51:10.0821 4556 QWAVE - ok
    18:51:10.0852 4556 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    18:51:10.0868 4556 QWAVEdrv - ok
    18:51:10.0899 4556 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    18:51:10.0914 4556 RasAcd - ok
    18:51:10.0946 4556 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:51:10.0946 4556 RasAgileVpn - ok
    18:51:10.0961 4556 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    18:51:11.0008 4556 RasAuto - ok
    18:51:11.0055 4556 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:51:11.0070 4556 Rasl2tp - ok
    18:51:11.0164 4556 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    18:51:11.0180 4556 RasMan - ok
    18:51:11.0211 4556 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    18:51:11.0226 4556 RasPppoe - ok
    18:51:11.0273 4556 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    18:51:11.0289 4556 RasSstp - ok
    18:51:11.0351 4556 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    18:51:11.0382 4556 rdbss - ok
    18:51:11.0414 4556 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    18:51:11.0523 4556 rdpbus - ok
    18:51:11.0554 4556 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:51:11.0570 4556 RDPCDD - ok
    18:51:11.0648 4556 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    18:51:11.0648 4556 RDPENCDD - ok
    18:51:11.0679 4556 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    18:51:11.0710 4556 RDPREFMP - ok
    18:51:11.0819 4556 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    18:51:11.0897 4556 RdpVideoMiniport - ok
    18:51:11.0991 4556 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    18:51:12.0084 4556 RDPWD - ok
    18:51:12.0147 4556 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    18:51:12.0147 4556 rdyboost - ok
    18:51:12.0178 4556 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    18:51:12.0178 4556 RemoteAccess - ok
    18:51:12.0240 4556 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    18:51:12.0240 4556 RemoteRegistry - ok
    18:51:12.0287 4556 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    18:51:12.0287 4556 RichVideo - ok
    18:51:12.0318 4556 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    18:51:12.0318 4556 RpcEptMapper - ok
    18:51:12.0350 4556 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    18:51:12.0365 4556 RpcLocator - ok
    18:51:12.0412 4556 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    18:51:12.0428 4556 RpcSs - ok
    18:51:12.0474 4556 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    18:51:12.0474 4556 rspndr - ok
    18:51:12.0490 4556 RSUSBSTOR - ok
    18:51:12.0521 4556 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    18:51:12.0599 4556 RTL8167 - ok
    18:51:12.0646 4556 RtsUIR - ok
    18:51:12.0662 4556 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    18:51:12.0662 4556 SamSs - ok
    18:51:12.0708 4556 [ 99DF79C258B3342B6C8A5F802998DE56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    18:51:12.0724 4556 SASDIFSV - ok
    18:51:12.0802 4556 [ 2859C35C0651E8EB0D86D48E740388F2 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    18:51:12.0833 4556 SASKUTIL - ok
    18:51:12.0880 4556 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    18:51:12.0896 4556 sbp2port - ok
    18:51:12.0958 4556 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    18:51:12.0958 4556 SCardSvr - ok
    18:51:13.0005 4556 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    18:51:13.0005 4556 scfilter - ok
    18:51:13.0098 4556 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    18:51:13.0161 4556 Schedule - ok
    18:51:13.0223 4556 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    18:51:13.0223 4556 SCPolicySvc - ok
    18:51:13.0270 4556 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    18:51:13.0286 4556 sdbus - ok
    18:51:13.0348 4556 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    18:51:13.0364 4556 SDRSVC - ok
    18:51:13.0410 4556 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    18:51:13.0410 4556 SeaPort - ok
    18:51:13.0457 4556 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    18:51:13.0457 4556 secdrv - ok
    18:51:13.0504 4556 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    18:51:13.0520 4556 seclogon - ok
    18:51:13.0566 4556 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    18:51:13.0566 4556 SENS - ok
    18:51:13.0582 4556 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    18:51:13.0629 4556 SensrSvc - ok
    18:51:13.0660 4556 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    18:51:13.0660 4556 Serenum - ok
    18:51:13.0691 4556 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    18:51:13.0722 4556 Serial - ok
    18:51:13.0894 4556 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    18:51:13.0910 4556 sermouse - ok
    18:51:13.0972 4556 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    18:51:13.0988 4556 SessionEnv - ok
    18:51:14.0019 4556 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    18:51:14.0019 4556 sffdisk - ok
    18:51:14.0112 4556 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    18:51:14.0112 4556 sffp_mmc - ok
    18:51:14.0268 4556 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    18:51:14.0284 4556 sffp_sd - ok
    18:51:14.0315 4556 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    18:51:14.0331 4556 sfloppy - ok
    18:51:14.0378 4556 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    18:51:14.0424 4556 SharedAccess - ok
    18:51:14.0471 4556 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    18:51:14.0502 4556 ShellHWDetection - ok
    18:51:14.0518 4556 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:51:14.0534 4556 SiSRaid2 - ok
    18:51:14.0580 4556 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    18:51:14.0580 4556 SiSRaid4 - ok
    18:51:14.0830 4556 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    18:51:14.0877 4556 SkypeUpdate - ok
    18:51:14.0908 4556 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    18:51:14.0924 4556 Smb - ok
    18:51:15.0002 4556 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    18:51:15.0017 4556 SNMPTRAP - ok
    18:51:15.0064 4556 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    18:51:15.0064 4556 spldr - ok
    18:51:15.0158 4556 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    18:51:15.0282 4556 Spooler - ok
    18:51:15.0454 4556 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    18:51:15.0579 4556 sppsvc - ok
    18:51:15.0626 4556 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    18:51:15.0641 4556 sppuinotify - ok
    18:51:15.0704 4556 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    18:51:15.0782 4556 srv - ok
    18:51:15.0844 4556 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    18:51:15.0860 4556 srv2 - ok
    18:51:16.0016 4556 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    18:51:16.0109 4556 SrvHsfHDA - ok
    18:51:16.0328 4556 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    18:51:16.0390 4556 SrvHsfV92 - ok
    18:51:16.0546 4556 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    18:51:16.0702 4556 SrvHsfWinac - ok
    18:51:16.0811 4556 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    18:51:16.0920 4556 srvnet - ok
    18:51:16.0983 4556 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    18:51:17.0014 4556 SSDPSRV - ok
    18:51:17.0045 4556 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    18:51:17.0061 4556 SstpSvc - ok
    18:51:17.0295 4556 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    18:51:17.0295 4556 STacSV - ok
    18:51:17.0326 4556 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    18:51:17.0326 4556 stexstor - ok
    18:51:17.0388 4556 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    18:51:17.0435 4556 STHDA - ok
    18:51:17.0513 4556 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    18:51:17.0544 4556 stisvc - ok
    18:51:17.0591 4556 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    18:51:17.0591 4556 swenum - ok
    18:51:17.0622 4556 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    18:51:17.0654 4556 swprv - ok
    18:51:17.0685 4556 [ 924D711941956F7420A4925592BE8253 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    18:51:17.0685 4556 SynTP - ok
    18:51:17.0778 4556 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    18:51:17.0841 4556 SysMain - ok
    18:51:17.0872 4556 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    18:51:17.0872 4556 TabletInputService - ok
    18:51:17.0903 4556 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    18:51:17.0950 4556 TapiSrv - ok
    18:51:17.0966 4556 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    18:51:17.0981 4556 TBS - ok
    18:51:18.0075 4556 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    18:51:18.0168 4556 Tcpip - ok
    18:51:18.0278 4556 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    18:51:18.0309 4556 TCPIP6 - ok
    18:51:18.0356 4556 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    18:51:18.0434 4556 tcpipreg - ok
    18:51:18.0465 4556 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    18:51:18.0480 4556 TDPIPE - ok
    18:51:18.0512 4556 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    18:51:18.0558 4556 TDTCP - ok
    18:51:18.0605 4556 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    18:51:18.0621 4556 tdx - ok
    18:51:18.0668 4556 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    18:51:18.0668 4556 TermDD - ok
    18:51:18.0714 4556 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    18:51:18.0746 4556 TermService - ok
    18:51:18.0777 4556 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    18:51:18.0777 4556 Themes - ok
    18:51:18.0808 4556 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    18:51:18.0808 4556 THREADORDER - ok
    18:51:18.0824 4556 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    18:51:18.0870 4556 TrkWks - ok
    18:51:18.0933 4556 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    18:51:18.0948 4556 TrustedInstaller - ok
    18:51:19.0011 4556 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:51:19.0026 4556 tssecsrv - ok
    18:51:19.0073 4556 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    18:51:19.0104 4556 TsUsbFlt - ok
    18:51:19.0120 4556 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    18:51:19.0136 4556 tunnel - ok
    18:51:19.0167 4556 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    18:51:19.0182 4556 uagp35 - ok
    18:51:19.0229 4556 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    18:51:19.0260 4556 udfs - ok
    18:51:19.0292 4556 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    18:51:19.0307 4556 UI0Detect - ok
    18:51:19.0338 4556 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    18:51:19.0354 4556 uliagpkx - ok
    18:51:19.0416 4556 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    18:51:19.0432 4556 umbus - ok
    18:51:19.0479 4556 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    18:51:19.0494 4556 UmPass - ok
    18:51:19.0604 4556 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    18:51:19.0619 4556 upnphost - ok
    18:51:19.0682 4556 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    18:51:19.0682 4556 usbaudio - ok
    18:51:19.0728 4556 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    18:51:19.0760 4556 usbccgp - ok
    18:51:19.0775 4556 USBCCID - ok
    18:51:19.0838 4556 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    18:51:20.0025 4556 usbcir - ok
    18:51:20.0056 4556 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    18:51:20.0087 4556 usbehci - ok
    18:51:20.0134 4556 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    18:51:20.0150 4556 usbfilter - ok
    18:51:20.0228 4556 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    18:51:20.0306 4556 usbhub - ok
    18:51:20.0321 4556 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    18:51:20.0337 4556 usbohci - ok
    18:51:20.0368 4556 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    18:51:20.0384 4556 usbprint - ok
    18:51:20.0446 4556 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    18:51:20.0446 4556 usbscan - ok
    18:51:20.0477 4556 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:51:20.0555 4556 USBSTOR - ok
    18:51:20.0602 4556 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    18:51:20.0618 4556 usbuhci - ok
    18:51:20.0758 4556 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    18:51:20.0758 4556 usbvideo - ok
    18:51:20.0805 4556 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    18:51:20.0820 4556 UxSms - ok
    18:51:20.0836 4556 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    18:51:20.0852 4556 VaultSvc - ok
    18:51:20.0883 4556 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    18:51:20.0883 4556 vdrvroot - ok
    18:51:21.0148 4556 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    18:51:21.0179 4556 vds - ok
    18:51:21.0226 4556 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    18:51:21.0242 4556 vga - ok
    18:51:21.0273 4556 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    18:51:21.0273 4556 VgaSave - ok
    18:51:21.0398 4556 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    18:51:21.0444 4556 vhdmp - ok
    18:51:21.0476 4556 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    18:51:21.0491 4556 viaide - ok
    18:51:21.0522 4556 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    18:51:21.0538 4556 volmgr - ok
    18:51:21.0616 4556 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    18:51:21.0632 4556 volmgrx - ok
    18:51:21.0678 4556 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    18:51:21.0756 4556 volsnap - ok
    18:51:21.0803 4556 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    18:51:21.0881 4556 vsmraid - ok
    18:51:22.0068 4556 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    18:51:22.0131 4556 VSS - ok
    18:51:22.0256 4556 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    18:51:22.0287 4556 vToolbarUpdater14.2.0 - ok
    18:51:22.0318 4556 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    18:51:22.0334 4556 vwifibus - ok
    18:51:22.0349 4556 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    18:51:22.0349 4556 vwififlt - ok
    18:51:22.0396 4556 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    18:51:22.0427 4556 W32Time - ok
    18:51:22.0443 4556 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    18:51:22.0505 4556 WacomPen - ok
    18:51:22.0568 4556 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    18:51:22.0583 4556 WANARP - ok
    18:51:22.0583 4556 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    18:51:22.0599 4556 Wanarpv6 - ok
    18:51:22.0677 4556 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    18:51:22.0755 4556 WatAdminSvc - ok
    18:51:22.0848 4556 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    18:51:22.0958 4556 wbengine - ok
    18:51:22.0973 4556 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    18:51:22.0989 4556 WbioSrvc - ok
    18:51:23.0051 4556 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    18:51:23.0082 4556 wcncsvc - ok
    18:51:23.0098 4556 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    18:51:23.0114 4556 WcsPlugInService - ok
    18:51:23.0145 4556 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    18:51:23.0160 4556 Wd - ok
    18:51:23.0207 4556 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    18:51:23.0270 4556 Wdf01000 - ok
    18:51:23.0285 4556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    18:51:23.0301 4556 WdiServiceHost - ok
    18:51:23.0301 4556 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    18:51:23.0316 4556 WdiSystemHost - ok
    18:51:23.0379 4556 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    18:51:23.0394 4556 WebClient - ok
    18:51:23.0426 4556 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    18:51:23.0441 4556 Wecsvc - ok
    18:51:23.0457 4556 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    18:51:23.0472 4556 wercplsupport - ok
    18:51:23.0488 4556 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    18:51:23.0504 4556 WerSvc - ok
    18:51:23.0535 4556 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    18:51:23.0535 4556 WfpLwf - ok
    18:51:23.0582 4556 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    18:51:23.0582 4556 WIMMount - ok
    18:51:23.0613 4556 WinDefend - ok
    18:51:23.0628 4556 WinHttpAutoProxySvc - ok
    18:51:23.0722 4556 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    18:51:23.0722 4556 Winmgmt - ok
    18:51:23.0831 4556 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    18:51:23.0894 4556 WinRM - ok
    18:51:23.0972 4556 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    18:51:23.0972 4556 WinUsb - ok
    18:51:24.0050 4556 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    18:51:24.0081 4556 Wlansvc - ok
    18:51:24.0237 4556 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:51:24.0346 4556 wlidsvc - ok
    18:51:24.0393 4556 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    18:51:24.0408 4556 WmiAcpi - ok
    18:51:24.0471 4556 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    18:51:24.0471 4556 wmiApSrv - ok
    18:51:24.0486 4556 WMPNetworkSvc - ok
    18:51:24.0502 4556 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    18:51:24.0549 4556 WPCSvc - ok
    18:51:24.0611 4556 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    18:51:24.0627 4556 WPDBusEnum - ok
    18:51:24.0658 4556 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    18:51:24.0658 4556 ws2ifsl - ok
    18:51:24.0689 4556 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    18:51:24.0705 4556 wscsvc - ok
    18:51:24.0705 4556 WSearch - ok
    18:51:24.0845 4556 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    18:51:24.0954 4556 wuauserv - ok
    18:51:25.0095 4556 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    18:51:25.0235 4556 WudfPf - ok
    18:51:25.0313 4556 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:51:25.0438 4556 WUDFRd - ok
    18:51:25.0454 4556 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    18:51:25.0516 4556 wudfsvc - ok
    18:51:25.0547 4556 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    18:51:25.0578 4556 WwanSvc - ok
    18:51:25.0641 4556 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    18:51:25.0672 4556 yukonw7 - ok
    18:51:25.0703 4556 ================ Scan global ===============================
    18:51:25.0734 4556 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    18:51:25.0766 4556 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    18:51:25.0797 4556 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    18:51:25.0859 4556 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    18:51:25.0875 4556 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    18:51:25.0906 4556 [Global] - ok
    18:51:25.0906 4556 ================ Scan MBR ==================================
    18:51:25.0922 4556 [ 7D9AB4D37BD50F4B8E37EAB264EDADD4 ] \Device\Harddisk0\DR0
    18:51:26.0967 4556 \Device\Harddisk0\DR0 - ok
    18:51:26.0967 4556 ================ Scan VBR ==================================
    18:51:26.0982 4556 [ 5DC5A89642E4275DC6B52EDB9604762B ] \Device\Harddisk0\DR0\Partition1
    18:51:26.0982 4556 \Device\Harddisk0\DR0\Partition1 - ok
    18:51:27.0014 4556 [ 3E1D402C0BFDBCC1F30FF4F6A5AA5BC5 ] \Device\Harddisk0\DR0\Partition2
    18:51:27.0014 4556 \Device\Harddisk0\DR0\Partition2 - ok
    18:51:27.0060 4556 [ 952925045C1C6BA01C6B008C863EF2A0 ] \Device\Harddisk0\DR0\Partition3
    18:51:27.0060 4556 \Device\Harddisk0\DR0\Partition3 - ok
    18:51:27.0123 4556 [ 2889500F44B86447CE37B928F79CB8A1 ] \Device\Harddisk0\DR0\Partition4
    18:51:27.0138 4556 \Device\Harddisk0\DR0\Partition4 - ok
    18:51:27.0138 4556 ============================================================
    18:51:27.0138 4556 Scan finished
    18:51:27.0138 4556 ============================================================
    18:51:27.0170 4328 Detected object count: 0
    18:51:27.0170 4328 Actual detected object count: 0

    OTL logfile created on: 23/02/2013 18:57:20 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jo Bowman\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.75 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 31.69% Memory free
    5.49 Gb Paging File | 2.47 Gb Available in Paging File | 44.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.48 Gb Total Space | 176.68 Gb Free Space | 62.11% Space Free | Partition Type: NTFS
    Drive D: | 13.31 Gb Total Space | 2.21 Gb Free Space | 16.62% Space Free | Partition Type: NTFS
    Drive E: | 99.34 Mb Total Space | 95.87 Mb Free Space | 96.51% Space Free | Partition Type: FAT32

    Computer Name: JOBOWMAN-PC | User Name: Jo Bowman | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/23 18:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jo Bowman\Desktop\OTL.exe
    PRC - [2013/02/23 08:27:52 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2013/02/23 08:27:52 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    PRC - [2013/02/15 22:31:18 | 001,430,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    PRC - [2013/02/12 09:27:44 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    PRC - [2013/02/06 09:43:05 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2013/01/20 19:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/11/02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/02/18 05:39:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\prevhost.exe
    PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/02/23 08:46:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
    MOD - [2013/02/23 08:27:53 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
    MOD - [2013/02/23 08:27:52 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2013/02/06 09:43:03 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2013/01/15 10:32:45 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
    MOD - [2013/01/11 10:27:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
    MOD - [2013/01/11 10:26:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/11 10:26:14 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
    MOD - [2013/01/11 10:25:34 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
    MOD - [2013/01/11 10:24:30 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/11 10:24:22 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll
    MOD - [2013/01/11 10:24:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
    MOD - [2013/01/11 10:24:19 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
    MOD - [2013/01/11 10:23:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
    MOD - [2013/01/11 10:23:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013/01/11 10:23:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
    MOD - [2013/01/11 10:23:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/11 10:22:57 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2012/12/18 14:28:12 | 000,305,880 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
    MOD - [2012/12/12 05:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2011/12/20 16:35:50 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
    MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2011/02/18 09:04:04 | 000,196,448 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL
    MOD - [2010/11/05 01:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/09/24 00:50:42 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
    MOD - [2009/09/29 23:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    MOD - [2009/09/29 23:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    MOD - [2009/09/29 23:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
    MOD - [2009/09/29 23:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
    MOD - [2009/09/29 23:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
    MOD - [2009/09/29 23:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    MOD - [2009/09/29 23:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    MOD - [2009/09/29 23:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    MOD - [2009/08/20 19:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2009/08/20 19:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2009/08/20 19:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2010/06/29 17:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2009/08/05 04:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/22 01:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/02 21:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
    SRV - [2013/02/23 08:27:52 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
    SRV - [2013/02/08 10:35:20 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/06 09:43:04 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/11/02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/22 01:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/02 21:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
    SRV - [2009/02/22 20:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/02/23 08:27:53 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/12/10 03:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/11/08 03:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/08/24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/10/08 12:15:59 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/03/02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/02/17 18:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 18:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2009/08/05 05:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/24 07:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/07/22 01:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 21:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/23 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/05/05 05:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/03/09 13:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/...s/*http://uk.docs.yahoo.com/info/bt_side.html
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE:64bit: - HKLM\..\SearchScopes\{3B6E301C-C889-4A2C-89C5-D3C55B956210}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
    IE - HKLM\..\SearchScopes,DefaultScope = {3B6E301C-C889-4A2C-89C5-D3C55B956210}
    IE - HKLM\..\SearchScopes\{3B6E301C-C889-4A2C-89C5-D3C55B956210}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{3B6E301C-C889-4A2C-89C5-D3C55B956210}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=T1ifHWt-20Vz3K58mf4U4m7WwGc?q={searchTerms}
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={594214DD-D9B6-4B60-957B-5BFCD993CF28}&mid=7c26e8835b61c8b241f4d930617def63-5348167602a57f87a8b0ae6f4e9cf1466d299058&lang=en&ds=AVG&pr=fr&d=2012-03-10 00:02:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{B1C5C8A9-7DB3-4B39-9E4E-069EA900D100}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1002\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/CQNOT/2
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig"
    FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.2.0.1
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
    FF - prefs.js..extensions.enabledItems: [email protected]:2
    FF - prefs.js..extensions.enabledItems: 4
    FF - prefs.js..extensions.enabledItems: 9
    FF - prefs.js..extensions.enabledItems: 1
    FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
    FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B9543f3d1-3481-4c9b-a857-ba867fe342b6%7D&mid=7c26e8835b61c8b241f4d930617def63-5348167602a57f87a8b0ae6f4e9cf1466d299058&ds=AVG&v=12.2.5.32&lang=en&pr=fr&d=2012-03-10%2000%3A02%3A18&sap=ku&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@hypercosm.com/HypercosmPlayer: C:\Program Files (x86)\Hypercosm\Hypercosm Player\components\nphypercosm.dll (Hypercosm, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/02/01 10:04:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/23 08:30:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 09:43:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/23 08:36:00 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 09:43:06 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/23 08:36:00 | 000,000,000 | ---D | M]

    [2010/09/24 01:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Extensions
    [2010/09/23 23:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2012/10/23 08:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions
    [2011/06/17 08:13:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2012/10/17 19:26:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/10/10 19:37:58 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\[email protected]
    [2013/02/06 09:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/02/06 09:42:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/02/06 09:42:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
    [2013/02/23 08:30:54 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
    [2013/02/06 09:43:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2008/06/25 12:17:00 | 000,609,328 | ---- | M] (Hypercosm, LLC.) -- C:\Program Files (x86)\mozilla firefox\plugins\nphypercosm.dll
    [2013/02/23 08:31:01 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/09/14 07:54:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/12 13:28:49 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [EPSON Stylus DX4800 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIADE.EXE (SEIKO EPSON CORPORATION)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1001..\Run: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" File not found
    O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1002..\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" File not found
    O4 - Startup: C:\Users\Jo Bowman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O7 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O7 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..Trusted Ranges: GD ([http] in Local intranet)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
    O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70D1987D-6908-4004-B0B2-F73269F6ECD8}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
    O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/09/13 17:06:10 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\Shell\AutoRun\command - "" = G:\winopen.exe \start.htm
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/23 18:54:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jo Bowman\Desktop\OTL.exe
    [2013/02/23 08:37:31 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{B411FF63-CD07-428D-90CD-397CA575D391}
    [2013/02/14 22:30:48 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/02/14 22:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
    [2013/02/14 19:12:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/02/14 19:12:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/02/14 19:12:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/02/14 19:12:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/02/14 19:12:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/02/14 19:12:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/02/14 19:12:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/02/14 19:12:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/02/14 19:12:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/02/14 19:12:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/02/14 19:12:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/02/14 19:12:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/02/14 19:12:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/02/14 19:12:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/02/14 19:12:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/02/14 10:08:06 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{1BEE075B-83C1-4857-8914-9721406E2AC6}
    [2013/02/13 22:07:31 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{701538C2-1B2A-4EEC-8EBB-EA7AB99C8269}
    [2013/02/13 10:06:54 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{94B825D7-BC86-48B5-B376-7E556D9039AB}
    [2013/02/13 09:22:24 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/02/13 09:22:19 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/02/13 09:22:18 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/02/13 09:22:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013/02/13 09:22:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/02/13 09:22:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/02/13 09:22:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/02/13 09:22:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/02/13 09:22:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/02/13 09:21:58 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
    [2013/02/12 22:06:17 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{95528A34-D483-4DFE-B665-B8EA113B5A02}
    [2013/02/12 09:32:08 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{1971C400-4A98-47BB-82AC-37642821940D}
    [2013/02/11 09:04:59 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{2E588501-3AE1-4052-BF70-A8F1CBD3FA67}
    [2013/02/10 19:59:04 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{3B167F26-C60F-4C78-BD27-2530AD5A3009}
    [2013/02/08 22:07:29 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{0125AE71-3D0B-43A4-9EA6-35F059140AB9}
    [2013/02/08 10:06:53 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{C46C11EA-D973-4CA7-984B-2D8A98477CEB}
    [2013/02/07 22:58:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2013/02/07 22:58:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2013/02/07 22:58:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2013/02/07 22:58:52 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2013/02/07 22:58:52 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2013/02/07 22:58:50 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2013/02/07 22:58:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2013/02/07 22:58:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2013/02/07 22:58:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2013/02/07 22:58:50 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2013/02/07 22:58:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2013/02/07 22:58:49 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2013/02/07 22:58:49 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2013/02/07 22:58:49 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
    [2013/02/07 22:58:49 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2013/02/07 22:58:49 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2013/02/07 22:58:49 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2013/02/07 22:58:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2013/02/07 22:58:49 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2013/02/07 22:58:49 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2013/02/07 22:58:48 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2013/02/07 22:58:48 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2013/02/07 22:58:47 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2013/02/07 22:58:46 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2013/02/07 22:57:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
    [2013/02/07 22:57:31 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
    [2013/02/07 22:57:25 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2013/02/07 22:06:26 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{04B4E53F-9A79-4DC2-AEC7-E2A9298E94C7}
    [2013/02/07 09:17:01 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{B464F0D1-2867-4ED8-9EFC-66E46C4A3DF3}
    [2013/02/07 09:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{8239A43F-9100-4B42-A04C-6E6219FE4DC1}
    [2013/02/06 09:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/02/06 09:01:13 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{F57CF64F-2FA5-4956-B3C3-45BDE2425239}
    [2013/02/05 10:55:13 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2013/02/05 10:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/02/05 10:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013/02/05 09:19:25 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{96DA4015-4297-477D-BF22-51EB154171F7}
    [2013/02/04 21:18:49 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{B9D35063-E10C-43D6-8829-9B1ADF8D5EF6}
    [2013/02/04 09:18:11 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{2BC91E1A-6D0E-4031-8DC1-E39341E8745F}
    [2013/02/03 14:08:50 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{D3450F29-A240-46C3-95EE-84BD06FD8015}
    [2013/02/02 10:01:15 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{63B60081-3774-4D18-970E-122B18A579D1}
    [2013/02/01 10:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/02/01 09:11:52 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{16F21B80-8A21-445A-9578-8FB3C2170F49}
    [2013/01/31 09:58:50 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{46723F74-7A11-43DE-B43F-ADDF44679A6B}
    [2013/01/31 09:56:35 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{76F9B119-7DED-43B7-B6E6-9472CF97F3C5}
    [2013/01/31 09:53:57 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{432F1F80-CA65-4525-BD63-156C8B115E22}
    [2013/01/30 09:08:33 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{A3E2C8A5-8092-49B1-BC02-7304030B4F5B}
    [2013/01/29 20:59:43 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{E5AEF1FC-E97A-4B7F-B656-531580A59A05}
    [2013/01/29 08:52:25 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{EB8C347A-1D2C-4051-B5CC-12E8462A5D28}
    [2013/01/28 08:39:03 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{31756685-BC7B-49A4-9380-FB7F444798F3}
    [2013/01/27 15:30:29 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{60636521-F69E-47E9-82C3-FCEC5AD035B3}
    [2013/01/26 14:25:51 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{DC9DB91B-ED43-4AEB-9701-F165F168E7E2}
    [2013/01/25 08:58:15 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{F348F5CE-8F1A-4D54-8970-77E77E13B6CD}
    [2013/01/24 19:37:20 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{C148AB45-72C5-4866-9E3B-24B8D1C51DED}
    [4 C:\Users\Jo Bowman\Desktop\*.tmp files -> C:\Users\Jo Bowman\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/23 18:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jo Bowman\Desktop\OTL.exe
    [2013/02/23 18:43:14 | 111,023,119 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2013/02/23 18:40:39 | 000,587,883 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2013/02/23 18:38:16 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/23 18:38:15 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-158352679-13925165-2501972755-1001UA.job
    [2013/02/23 18:37:57 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/23 18:37:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/23 18:37:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/23 17:09:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-158352679-13925165-2501972755-1001Core.job
    [2013/02/23 08:55:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/23 08:55:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/23 08:27:53 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/02/23 08:26:54 | 000,416,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/23 08:25:20 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/14 19:18:54 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/14 19:18:54 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/14 19:18:54 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/11 10:43:04 | 000,313,137 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\BoardingPass.pdf
    [2013/02/08 10:35:18 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/02/08 10:35:18 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/02/07 22:51:06 | 000,001,056 | ---- | M] () -- C:\Users\Jo Bowman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/02/07 22:50:33 | 000,001,032 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\Dropbox.lnk
    [2013/02/07 22:07:23 | 000,002,040 | ---- | M] () -- C:\Users\Jo Bowman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/02/05 13:32:42 | 000,178,723 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\writingItalian.pdf
    [2013/02/03 14:10:21 | 000,866,251 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\25k-raster-legend.pdf
    [4 C:\Users\Jo Bowman\Desktop\*.tmp files -> C:\Users\Jo Bowman\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/11 10:43:02 | 000,313,137 | ---- | C] () -- C:\Users\Jo Bowman\Desktop\BoardingPass.pdf
    [2013/02/05 13:32:40 | 000,178,723 | ---- | C] () -- C:\Users\Jo Bowman\Desktop\writingItalian.pdf
    [2013/02/03 14:10:16 | 000,866,251 | ---- | C] () -- C:\Users\Jo Bowman\Desktop\25k-raster-legend.pdf
    [2011/01/22 17:36:42 | 000,001,854 | ---- | C] () -- C:\Users\Jo Bowman\AppData\Roaming\GhostObjGAFix.xml
    [2011/01/06 18:01:36 | 000,072,080 | ---- | C] () -- C:\Users\Jo Bowman\g2mdlhlpx.exe
    [2010/11/27 08:43:17 | 000,002,370 | ---- | C] () -- C:\Users\Jo Bowman\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 62 bytes -> C:\Users\Jo Bowman\Desktop\DSCF0822.JPG:com.dropbox.attributes
    @Alternate Data Stream - 196 bytes -> C:\Users\Jo Bowman\Desktop\Hnerfletter.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 196 bytes -> C:\Users\Jo Bowman\Desktop\Hnerfdesign.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 196 bytes -> C:\Users\Jo Bowman\Desktop\H report.jpeg:3or4kl4x13tuuug3Byamue2s4b

    < End of report >

    OTL Extras logfile created on: 23/02/2013 18:57:20 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jo Bowman\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.75 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 31.69% Memory free
    5.49 Gb Paging File | 2.47 Gb Available in Paging File | 44.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.48 Gb Total Space | 176.68 Gb Free Space | 62.11% Space Free | Partition Type: NTFS
    Drive D: | 13.31 Gb Total Space | 2.21 Gb Free Space | 16.62% Space Free | Partition Type: NTFS
    Drive E: | 99.34 Mb Total Space | 95.87 Mb Free Space | 96.51% Space Free | Partition Type: FAT32

    Computer Name: JOBOWMAN-PC | User Name: Jo Bowman | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03F06894-877B-4462-8C15-B273DEEFC520}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{086E8AD9-FCB9-445A-8341-FF250D6CD112}" = rport=138 | protocol=17 | dir=out | app=system |
    "{33E8C9B6-A119-41A4-A8CB-BA1D374F60DB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{46991153-ACAE-4967-890F-8FF56776ABA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{488DEF2F-88CD-4E6A-9402-BAF8251B2E24}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{4A340E6F-AD72-4539-88C8-8AAD524DE396}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{5C630436-6C16-40BD-945A-5610043F4486}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6204CA4D-5013-4529-896F-1C63D7DA98BF}" = rport=137 | protocol=17 | dir=out | app=system |
    "{6A13997A-B9FE-4B52-A7F8-844206D0D049}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{7F7B5B38-0BA4-4C26-886D-270D40CC530A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7FD38448-7448-4DB7-AAD0-01C46C54296C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{87B71137-37A7-4F87-A4C3-869F30D8460F}" = lport=137 | protocol=17 | dir=in | app=system |
    "{8B731B1F-1369-4269-B37A-0EDE0A247DA0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{99D91145-2534-45D5-AA8C-390A12D4CB07}" = rport=445 | protocol=6 | dir=out | app=system |
    "{AC766175-61F2-4945-A26C-32E57B2D8D0D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AE65802E-FFE7-42DB-A634-016CDE9779A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B79E6967-4955-443F-BF00-314C44233AAB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BBC350CD-DAE0-4B27-A01B-E1A7BC224CCF}" = rport=139 | protocol=6 | dir=out | app=system |
    "{C57A3A73-64B1-47E6-8E60-091A8CB31C01}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{CCDED883-9060-4BE1-A7F9-3ED55199630E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E0791FF6-B500-4E40-8E81-39ACAC81F59B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E455F4EB-A9E5-474F-9F61-75C4D137366E}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F0BDC35C-05B2-4F66-9E42-7B5B175C81AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F75EF522-427C-4CB4-9CBA-917F3BDE7E68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected]ewallapi.dll,-28539 |
    "{FF5A3842-3B7A-40AF-B343-66308D912510}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{083B59A4-DA70-4319-B906-6C86232946CF}" = protocol=6 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |
    "{10F10DB3-51F6-4D23-BAD8-BB180C1B3238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{12551D06-E2D6-4235-A7D5-DC450E9E2018}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{1418575D-F3D4-458F-AE09-7DC8D6B2045E}" = protocol=1 | dir=out | [email protected],-28544 |
    "{165546DB-BDB1-4364-AB50-70CABA22A822}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{1FB81182-62E3-4CBE-9129-B2F4F6359EC4}" = protocol=58 | dir=out | [email protected],-28546 |
    "{1FC5B328-0000-4AC4-B486-DD2C8859461F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{273C1677-B85B-4D5B-B79B-ABB1B51A8B42}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{2A2ED212-4056-4683-BDAD-FA34F777B7CB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{37A916D3-334F-4127-A92E-7836EE62351B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{44611FDB-BBE2-4B31-B511-32EBD198A291}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{46EABC21-9904-4F99-A92C-E228080D63C1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{478102E6-08F3-462C-A205-F70FF7E3236C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{47E0B5C9-154E-4DC4-8D5B-9C6248159F6F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{49F6B60A-1B73-446E-A085-DDB996D09E2D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{5EE8FEAB-AAFB-4EEA-BC41-90A7E65AF0A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{605F08B5-3E6D-4372-A897-D88AC54D6498}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{636CC741-2B64-4B48-92C5-7F0436DA49D1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{68C9DA72-BF0D-4AEA-87A5-D387C390FA8C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{6C6A7E36-91E0-4A5B-8C13-ACF276FA504C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{6F91CD18-B61B-4ED5-9317-F6AE8343A802}" = protocol=58 | dir=in | [email protected],-28545 |
    "{7423406F-2CEA-43C7-AEFC-1A4D0B6073DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{748405CF-7CDB-4D1B-A14B-B91522297C16}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{74BF339F-0DCD-4F5F-B8A0-46C1B42A8451}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{8334D303-D609-40EA-9842-DCFC80B4CAF5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{85B54D38-BA01-454B-B5C3-F891987CC4C8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{98830A54-98E2-4384-B097-15AD7E0E8C76}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{9CAF1862-CE9D-4946-A4F9-E8B73C1B970F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9F78426A-93CF-4323-AB54-BE96CEC0C9C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A6A77267-313C-4ED6-A9DA-1253B574E53B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A7D11A65-DF24-4095-BCAE-336A4B5FE070}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A81FE208-1E76-47AF-A5C7-6EAB894CD21A}" = protocol=6 | dir=out | app=system |
    "{B1B1CA28-7005-4895-B8B5-BFB1B3C46DA2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{B3E6D358-7F98-4778-B3D8-7F0B735A3D31}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{BEEAC975-0817-484C-AF46-D7D612A54C6A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
    "{BF6289A7-B331-474F-A370-3787D1FDE6CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{C5511FE0-35FC-4391-A406-76BB4E60E1F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C83A7D1B-043B-48D8-97D5-06F01B6EDEC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CF377927-43CD-4E66-90FF-1665825B8DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla thunderbird\thunderbird.exe |
    "{D6580117-5A34-4436-A9D1-8A5200605CA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D8C20F36-3CD4-454B-8CA3-5CA080B456B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{DFEC8CE1-0645-4BF6-8F18-06E9F867B790}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{E6794D92-796D-4E2D-A992-7BA6E4F63A8A}" = protocol=17 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |
    "{EBE27D55-A6F6-4551-A1A0-4EEE9A90A446}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{F4B17C81-98DF-41B8-8352-F27CAA8C1ACF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{F5A13A26-5CCA-4373-9668-DE9CABC6FCF9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F781D1F4-753F-4817-B317-653CF077A325}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{FB4F562F-5F78-4181-BA91-D281DA9651F6}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla thunderbird\thunderbird.exe |
    "{FF463651-5654-4515-BD39-062220619B88}" = protocol=1 | dir=in | [email protected],-28543 |
    "TCP Query User{7902F131-4134-44FD-BA63-8416EFA894D5}C:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{79767DD8-D8CC-42E5-AEF8-27E7D05AB71B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{68F2D9F0-9693-4100-A9C8-BEAA5BF13A0A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{C2CBA964-C861-4EFC-B3DC-EBBA2D78A16C}C:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8EBE1375-11F7-482D-936C-4C575F3D9BCB}" = AVG 2012
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64
    "{F2A13695-0BD3-47E2-91E0-2F5DB86FA439}" = AVG 2012
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
    "AVG" = AVG 2012
    "EPSON Printer and Utilities" = EPSON Printer Software
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
    "{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 38
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
    "{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
    "{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype&#8482; 6.1
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
    "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
    "{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
    "{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
    "{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
    "{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
    "{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
    "{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
    "{B9F9C536-ECF3-399F-A57B-84378144B91E}" = O3D Plugin
    "{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
    "{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
    "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
    "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D2AFD577-8CF5-37F4-A4CF-32BEE91CB9C8}" = O3D Extras
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
    "{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
    "{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVG Secure Search" = AVG Security Toolbar
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "EasyBits Magic Desktop" = Magic Desktop
    "FileZilla Client" = FileZilla Client 3.5.1
    "Google Desktop" = Google Desktop
    "Hypercosm Player 5_is1" = Hypercosm Player 3.42
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "New LEGO Digital Designer" = LEGO Digital Designer
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "UnityWebPlayer" = Unity Web Player (All users)
    "Veetle TV" = Veetle TV 0.9.17
    "WildTangent CDA" = WildTangent Web Driver
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "YTdetect" = Yahoo! Detect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "GoToMeeting" = GoToMeeting 4.5.0.457

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 31/03/2012 10:59:23 | Computer Name = JoBowman-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 11.0.0.4454 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 188c Start
    Time: 01cd08f7dd5a7ff0 Termination Time: 2669 Application Path: C:\Program Files
    (x86)\Mozilla Firefox\firefox.exe Report Id: 0b399a1c-7b42-11e1-a6af-60eb6900c9d5


    Error - 31/03/2012 10:59:24 | Computer Name = JoBowman-PC | Source = Application Hang | ID = 1002
    Description = The program DllHost.exe version 6.1.7600.16385 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: cb8 Start
    Time: 01cd0bfb4704fc4a Termination Time: 3783 Application Path: C:\Windows\SysWOW64\DllHost.exe

    Report
    Id:

    Error - 01/04/2012 15:12:23 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 08/04/2012 14:22:13 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 10/04/2012 09:28:53 | Computer Name = JoBowman-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
    enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
    "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
    on line 2. Invalid Xml syntax.

    Error - 12/04/2012 07:49:41 | Computer Name = JoBowman-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
    enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
    "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
    on line 2. Invalid Xml syntax.

    Error - 15/04/2012 14:02:34 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 15/04/2012 14:12:17 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 22/04/2012 14:01:17 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 24/04/2012 05:01:30 | Computer Name = JoBowman-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: firefox.exe, version: 11.0.0.4454, time
    stamp: 0x4f5ecc44 Faulting module name: mozalloc.dll, version: 11.0.0.4454, time
    stamp: 0x4f5eb7fd Exception code: 0x80000003 Fault offset: 0x0000195d Faulting process
    id: 0x15cc Faulting application start time: 0x01cd188c09c62e89 Faulting application
    path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
    Files (x86)\Mozilla Firefox\mozalloc.dll Report Id: 1475d7c7-8dec-11e1-acda-60eb6900c9d5

    [ Hewlett-Packard Events ]
    Error - 02/07/2012 01:17:37 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 02/07/2012 01:18:09 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 2812 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

    Error - 02/07/2012 01:19:19 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 02/07/2012 01:19:50 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 04/07/2012 01:22:41 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 08/07/2012 14:38:45 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 2812 Ram Utilization: TargetSite: Void UpdateAndDetect()

    Error - 14/07/2012 06:40:06 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 14/07/2012 06:40:56 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 2812 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

    Error - 21/07/2012 06:04:06 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 2812 Ram Utilization: TargetSite: Void UpdateAndDetect()

    Error - 28/07/2012 06:51:09 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
    Description =

    [ System Events ]
    Error - 09/02/2013 04:22:40 | Computer Name = JoBowman-PC | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 09/02/2013 20:55:54 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 10/02/2013 15:52:32 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 10/02/2013 15:52:39 | Computer Name = JoBowman-PC | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 11/02/2013 05:01:37 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 11/02/2013 05:01:46 | Computer Name = JoBowman-PC | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 14/02/2013 10:34:45 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 23/02/2013 04:26:11 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 23/02/2013 04:29:23 | Computer Name = JoBowman-PC | Source = DCOM | ID = 10010
    Description =

    Error - 23/02/2013 04:31:47 | Computer Name = JoBowman-PC | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.


    < End of report >
     
  9. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hello Joob,

    Thanks for coming back. Please complete the following:

    Step 1.
    Uninstall Programs
    I need you to uninstall some program(s).

    1. Click on Start...then... Click the Start Search box on the Start Menu.
    2. Copy and paste the value below, into the open text entry box:
      appwiz.cpl
    3. then press enter.
      • Locate the following program(s):
        Adobe Reader X (10.1.4)
        Java(TM) 6 Update 15 (64-bit)
        Java(TM) SE Development Kit 6 Update 15 (64-bit)
        Java(TM) 6 Update 38
      • Select the program and click on Uninstall to uninstall it.
        Carefully read any prompts...
        Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
      • Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.




    Step 2.
    Run OTL Script

    We need to run an OTL Fix

    • Right-click OTL.exe and select " Run as administrator " to run it.
    • Copy and Paste the following code into the [​IMG] textbox. Do not include the word Code
      Code:
      :commands
      [createrestorepoint]
      
      :OTL
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q= {searchTerms}&src={referrer:source?}
      IE - HKLM\..\SearchScopes,DefaultScope = {3B6E301C-C889-4A2C-89C5-D3C55B956210}
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
      O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
      O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_38)
      O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_38)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_38)
      O33 - MountPoints2\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\Shell - "" = AutoRun
      O33 - MountPoints2\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\Shell\AutoRun\command - "" = G:\winopen.exe \start.htm
      [2013/02/23 08:37:31 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{B411FF63-CD07-428D-90CD-397CA575D391}
      [2013/02/14 10:08:06 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{1BEE075B-83C1-4857-8914-9721406E2AC6}
      [2013/02/13 22:07:31 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{701538C2-1B2A-4EEC-8EBB-EA7AB99C8269}
      [2013/02/13 10:06:54 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{94B825D7-BC86-48B5-B376-7E556D9039AB}
      [2013/02/12 22:06:17 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{95528A34-D483-4DFE-B665-B8EA113B5A02}
      [2013/02/12 09:32:08 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{1971C400-4A98-47BB-82AC-37642821940D}
      [2013/02/11 09:04:59 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{2E588501-3AE1-4052-BF70-A8F1CBD3FA67}
      [2013/02/10 19:59:04 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{3B167F26-C60F-4C78-BD27-2530AD5A3009}
      [2013/02/08 22:07:29 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{0125AE71-3D0B-43A4-9EA6-35F059140AB9}
      [2013/02/08 10:06:53 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{C46C11EA-D973-4CA7-984B-2D8A98477CEB}
      [2013/02/07 22:06:26 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{04B4E53F-9A79-4DC2-AEC7-E2A9298E94C7}
      [2013/02/07 09:17:01 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{B464F0D1-2867-4ED8-9EFC-66E46C4A3DF3}
      [2013/02/07 09:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{8239A43F-9100-4B42-A04C-6E6219FE4DC1}
      [2013/02/06 09:01:13 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{F57CF64F-2FA5-4956-B3C3-45BDE2425239}
      [2013/02/05 09:19:25 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{96DA4015-4297-477D-BF22-51EB154171F7}
      [2013/02/04 21:18:49 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{B9D35063-E10C-43D6-8829-9B1ADF8D5EF6}
      [2013/02/04 09:18:11 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{2BC91E1A-6D0E-4031-8DC1-E39341E8745F}
      [2013/02/03 14:08:50 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{D3450F29-A240-46C3-95EE-84BD06FD8015}
      [2013/02/02 10:01:15 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{63B60081-3774-4D18-970E-122B18A579D1}
      [2013/02/01 09:11:52 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{16F21B80-8A21-445A-9578-8FB3C2170F49}
      [2013/01/31 09:58:50 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{46723F74-7A11-43DE-B43F-ADDF44679A6B}
      [2013/01/31 09:56:35 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{76F9B119-7DED-43B7-B6E6-9472CF97F3C5}
      [2013/01/31 09:53:57 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{432F1F80-CA65-4525-BD63-156C8B115E22}
      [2013/01/30 09:08:33 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{A3E2C8A5-8092-49B1-BC02-7304030B4F5B}
      [2013/01/29 20:59:43 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{E5AEF1FC-E97A-4B7F-B656-531580A59A05}
      [2013/01/29 08:52:25 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{EB8C347A-1D2C-4051-B5CC-12E8462A5D28}
      [2013/01/28 08:39:03 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{31756685-BC7B-49A4-9380-FB7F444798F3}
      [2013/01/27 15:30:29 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{60636521-F69E-47E9-82C3-FCEC5AD035B3}
      [2013/01/26 14:25:51 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{DC9DB91B-ED43-4AEB-9701-F165F168E7E2}
      [2013/01/25 08:58:15 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{F348F5CE-8F1A-4D54-8970-77E77E13B6CD}
      [2013/01/24 19:37:20 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{C148AB45-72C5-4866-9E3B-24B8D1C51DED}
      @Alternate Data Stream - 62 bytes -> C:\Users\Jo Bowman\Desktop\DSCF0822.JPG:com.dropbox.attributes
      @Alternate Data Stream - 196 bytes -> C:\Users\Jo Bowman\Desktop\Hnerfletter.jpeg:3or4kl4x13tuuug3Byamue2s4b
      @Alternate Data Stream - 196 bytes -> C:\Users\Jo Bowman\Desktop\Hnerfdesign.jpeg:3or4kl4x13tuuug3Byamue2s4b
      @Alternate Data Stream - 196 bytes -> C:\Users\Jo Bowman\Desktop\H report.jpeg:3or4kl4x13tuuug3Byamue2s4b
      
      :Commands
      [EMPTYTEMP]
    • Click under the Custom Scan/Fixes box and paste the copied text.
    • Click the Run Fix button. If prompted... click OK.
    • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
    • Please post the contents of report in your next reply.
    C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


    Step 3.
    ESET online scannner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

    Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    • First please Disable any Antivirus you have active, as shown in This topic.
    • Note: Don't forget to re-enable it after the scan.
    • Next hold down Control then click on the following link to open a new window to ESET online scannner
    • Press the Blue Run ESET Online Scanner button on the left side of the page.
    • A popup box will open.
    • Select the option YES, I accept the Terms of Use then click on Start.
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on Start.
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
    • Now click on Finish.
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.


    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Please include in your next reply:

    1. Contents of OTL.txt log
    2. Contents of ESET log.txt
    3. Any problem executing the instructions?
    4. How is the computer behaving?

    Thanks,
    wbg
     
  10. joob

    joob Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    20
    Thanks for the instructions. No problems carrying them out.

    I think the PC does seem to be running better after removing the progs you said to uninstall.

    Here are the two logs:

    OTL log

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2e27fe-e857-11df-bedb-60eb6900c9d5}\ not found.
    File G:\winopen.exe \start.htm not found.
    C:\Users\Jo Bowman\AppData\Local\{B411FF63-CD07-428D-90CD-397CA575D391} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{1BEE075B-83C1-4857-8914-9721406E2AC6} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{701538C2-1B2A-4EEC-8EBB-EA7AB99C8269} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{94B825D7-BC86-48B5-B376-7E556D9039AB} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{95528A34-D483-4DFE-B665-B8EA113B5A02} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{1971C400-4A98-47BB-82AC-37642821940D} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{2E588501-3AE1-4052-BF70-A8F1CBD3FA67} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{3B167F26-C60F-4C78-BD27-2530AD5A3009} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{0125AE71-3D0B-43A4-9EA6-35F059140AB9} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{C46C11EA-D973-4CA7-984B-2D8A98477CEB} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{04B4E53F-9A79-4DC2-AEC7-E2A9298E94C7} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{B464F0D1-2867-4ED8-9EFC-66E46C4A3DF3} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{8239A43F-9100-4B42-A04C-6E6219FE4DC1} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{F57CF64F-2FA5-4956-B3C3-45BDE2425239} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{96DA4015-4297-477D-BF22-51EB154171F7} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{B9D35063-E10C-43D6-8829-9B1ADF8D5EF6} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{2BC91E1A-6D0E-4031-8DC1-E39341E8745F} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{D3450F29-A240-46C3-95EE-84BD06FD8015} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{63B60081-3774-4D18-970E-122B18A579D1} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{16F21B80-8A21-445A-9578-8FB3C2170F49} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{46723F74-7A11-43DE-B43F-ADDF44679A6B} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{76F9B119-7DED-43B7-B6E6-9472CF97F3C5} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{432F1F80-CA65-4525-BD63-156C8B115E22} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{A3E2C8A5-8092-49B1-BC02-7304030B4F5B} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{E5AEF1FC-E97A-4B7F-B656-531580A59A05} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{EB8C347A-1D2C-4051-B5CC-12E8462A5D28} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{31756685-BC7B-49A4-9380-FB7F444798F3} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{60636521-F69E-47E9-82C3-FCEC5AD035B3} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{DC9DB91B-ED43-4AEB-9701-F165F168E7E2} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{F348F5CE-8F1A-4D54-8970-77E77E13B6CD} folder moved successfully.
    C:\Users\Jo Bowman\AppData\Local\{C148AB45-72C5-4866-9E3B-24B8D1C51DED} folder moved successfully.
    ADS C:\Users\Jo Bowman\Desktop\DSCF0822.JPG:com.dropbox.attributes deleted successfully.
    ADS C:\Users\Jo Bowman\Desktop\Hnerfletter.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
    ADS C:\Users\Jo Bowman\Desktop\Hnerfdesign.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
    ADS C:\Users\Jo Bowman\Desktop\H report.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: HomeGroupUser$
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jo Bowman
    ->Temp folder emptied: 1444949600 bytes
    ->Temporary Internet Files folder emptied: 757501378 bytes
    ->Java cache emptied: 3379922 bytes
    ->FireFox cache emptied: 78488178 bytes
    ->Opera cache emptied: 623013 bytes
    ->Flash cache emptied: 255037 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 591041490 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67572 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 19658468 bytes

    Total Files Cleaned = 2,762.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02272013_095542

    Files\Folders moved on Reboot...
    C:\Users\Jo Bowman\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Jo Bowman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{31DE0B88-73AB-479A-873C-C136DA79C4F7}.tmp not found!
    File\Folder C:\Users\Jo Bowman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{419A536F-813B-49C9-AC9D-C57B19D32D23}.tmp not found!
    File\Folder C:\Users\Jo Bowman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8B6F602C-D2B7-45B5-BC5B-69921D54896E}.tmp not found!
    C:\Users\Jo Bowman\AppData\Local\Mozilla\Firefox\Profiles\zafgcdd4.default\startupCache\startupCache.4.little moved successfully.
    C:\Users\Jo Bowman\AppData\Local\Mozilla\Firefox\Profiles\zafgcdd4.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\Jo Bowman\AppData\Local\Mozilla\Firefox\Profiles\zafgcdd4.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\Jo Bowman\AppData\Local\Mozilla\Firefox\Profiles\zafgcdd4.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\Jo Bowman\AppData\Local\Mozilla\Firefox\Profiles\zafgcdd4.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\Jo Bowman\AppData\Local\Mozilla\Firefox\Profiles\zafgcdd4.default\_CACHE_CLEAN_ moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    ESET Log
    [email protected] as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=dafb2e243cbf74478a23d0d483eef086
    # engine=13251
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2013-02-27 03:18:18
    # local_time=2013-02-27 03:18:18 (+0000, GMT Standard Time)
    # country="United Kingdom"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1035 16777213 100 98 24232 50799908 0 0
    # compatibility_mode=5893 16776574 100 94 15757876 114443348 0 0
    # scanned=262697
    # found=0
    # cleaned=0
    # scan_time=15796
     
  11. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Greetings Joob,

    So far its looking good. Please run OTL again, then Malwarebytes and post the results.

    Step 1.
    OTL
    You should still have this on your Desktop.

    1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    2. Click the Scan All Users checkbox.
    3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
      Leave the remaining selections to the default settings.
    4. Click on Run Scan at the top left hand corner.
    5. When done, two Notepad files will open.
      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.
    6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.




    Step 2.
    As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do the following:

    • Launch the application.
    • One of 2 things will happen:
      • The program will be so outdated that it will automatically invoke a complete re-install; or
      • The program will check, update the database and then run.
      If it does a complete re-install, be sure to follow the prompts.
    • Perform Quick Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
      Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt




    Please include in your next reply:

    1. Contents of OTL.txt
    2. Contents of Extras.txt
    3. Contents of mbam-log-date (time).txt
    4. Any problem executing the instructions?
    5. How is the computer behaving?

    Thanks,
    wbg
     
  12. joob

    joob Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    20
    Hi wbg

    Many thanks. Here are the logs you asked for.
    The PC does indeed seem to be booting more quickly and running a little faster.
    No problems executing your instructions.
    Thanks.


    OTL logfile created on: 02/03/2013 19:08:38 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jo Bowman\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.75 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 44.04% Memory free
    5.49 Gb Paging File | 3.11 Gb Available in Paging File | 56.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.48 Gb Total Space | 182.49 Gb Free Space | 64.15% Space Free | Partition Type: NTFS
    Drive D: | 13.31 Gb Total Space | 2.21 Gb Free Space | 16.62% Space Free | Partition Type: NTFS
    Drive E: | 99.34 Mb Total Space | 95.87 Mb Free Space | 96.51% Space Free | Partition Type: FAT32

    Computer Name: JOBOWMAN-PC | User Name: Jo Bowman | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/27 10:11:50 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2013/02/23 18:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jo Bowman\Desktop\OTL.exe
    PRC - [2013/02/23 08:27:52 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2013/02/23 08:27:52 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    PRC - [2013/02/12 09:27:44 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    PRC - [2013/01/20 19:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/11/02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/02/27 10:11:48 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2013/02/23 08:48:22 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
    MOD - [2013/02/23 08:46:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
    MOD - [2013/02/23 08:27:53 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
    MOD - [2013/02/23 08:27:52 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2013/01/14 07:24:40 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
    MOD - [2013/01/11 10:24:30 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/11 10:24:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
    MOD - [2013/01/11 10:23:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013/01/11 10:23:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
    MOD - [2013/01/11 10:23:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/11 10:22:57 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/11/05 01:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    MOD - [2010/09/24 00:50:42 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
    MOD - [2010/09/23 22:50:13 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    MOD - [2009/08/20 19:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2009/08/20 19:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2009/08/20 19:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2009/08/05 04:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/22 01:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/02 21:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
    SRV - [2013/02/27 12:32:39 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/27 10:11:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/02/23 08:27:52 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/11/02 03:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/22 01:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/02 21:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
    SRV - [2009/02/22 20:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/02/23 08:27:53 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/12/10 03:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/11/08 03:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/08/24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/10/08 12:15:59 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/03/02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/08/05 05:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/24 07:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/07/22 01:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 21:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/23 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/05/05 05:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/03/09 13:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{3B6E301C-C889-4A2C-89C5-D3C55B956210}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{3B6E301C-C889-4A2C-89C5-D3C55B956210}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{3B6E301C-C889-4A2C-89C5-D3C55B956210}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=T1ifHWt-20Vz3K58mf4U4m7WwGc?q={searchTerms}
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={594214DD-D9B6-4B60-957B-5BFCD993CF28}&mid=7c26e8835b61c8b241f4d930617def63-5348167602a57f87a8b0ae6f4e9cf1466d299058&lang=en&ds=AVG&pr=fr&d=2012-03-10 00:02:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{B1C5C8A9-7DB3-4B39-9E4E-069EA900D100}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-158352679-13925165-2501972755-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig"
    FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.2.0.1
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
    FF - prefs.js..extensions.enabledItems: [email protected]:2
    FF - prefs.js..extensions.enabledItems: 4
    FF - prefs.js..extensions.enabledItems: 9
    FF - prefs.js..extensions.enabledItems: 1
    FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@hypercosm.com/HypercosmPlayer: C:\Program Files (x86)\Hypercosm\Hypercosm Player\components\nphypercosm.dll (Hypercosm, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jo Bowman\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/02/01 10:04:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/23 08:30:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/27 10:11:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/27 10:11:30 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/27 10:11:50 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/27 10:11:30 | 000,000,000 | ---D | M]

    [2010/09/24 01:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Extensions
    [2010/09/23 23:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2013/03/01 10:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions
    [2011/06/17 08:13:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2013/03/01 10:05:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/10/10 19:37:58 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Jo Bowman\AppData\Roaming\Mozilla\Firefox\Profiles\zafgcdd4.default\extensions\[email protected]
    [2013/02/27 10:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/02/27 10:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/02/23 08:30:54 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
    [2013/02/27 10:11:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2008/06/25 12:17:00 | 000,609,328 | ---- | M] (Hypercosm, LLC.) -- C:\Program Files (x86)\mozilla firefox\plugins\nphypercosm.dll
    [2013/02/23 08:31:01 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/09/14 07:54:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/02/27 10:11:47 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-158352679-13925165-2501972755-1001..\Run: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Jo Bowman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jo Bowman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O7 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O7 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-158352679-13925165-2501972755-1001\..Trusted Ranges: GD ([http] in Local intranet)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70D1987D-6908-4004-B0B2-F73269F6ECD8}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A694F8AE-6277-4740-B6C3-8AE5E5123E0B}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
    O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/09/13 17:06:10 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/02 16:25:18 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{AF2CAD28-F30D-46B0-A2D3-7F2820E151E0}
    [2013/03/01 09:03:25 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{EA1B6D53-4CF0-4C12-B289-1ECB59B787B4}
    [2013/02/28 08:52:48 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
    [2013/02/28 08:52:47 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
    [2013/02/28 08:52:47 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
    [2013/02/28 08:52:46 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
    [2013/02/28 08:52:29 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
    [2013/02/28 08:52:29 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
    [2013/02/28 08:52:19 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2013/02/28 08:52:19 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/02/28 08:52:19 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/02/28 08:52:19 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/02/28 08:52:19 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/02/28 08:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/02/28 08:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/02/28 08:52:19 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/02/28 08:52:19 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/02/28 08:52:17 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2013/02/28 08:52:17 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2013/02/28 08:52:16 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2013/02/28 08:52:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/02/28 08:52:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/02/28 08:52:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/02/28 08:52:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/02/28 08:52:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/02/28 08:52:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/02/28 08:52:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/02/28 08:52:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/02/28 08:52:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/02/28 08:52:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/02/28 08:52:12 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2013/02/28 08:52:12 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2013/02/28 08:52:12 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2013/02/28 08:52:12 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
    [2013/02/28 08:52:12 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2013/02/28 08:52:12 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2013/02/28 08:52:11 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2013/02/28 08:52:11 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2013/02/28 08:52:11 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2013/02/28 08:52:10 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2013/02/28 08:52:10 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
    [2013/02/28 08:52:09 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2013/02/28 08:52:09 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2013/02/28 08:50:37 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{70D923E1-7E84-4F6C-8936-D25F9BC5A9B0}
    [2013/02/27 11:32:18 | 016,473,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2013/02/27 10:51:33 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Jo Bowman\Desktop\esetsmartinstaller_enu.exe
    [2013/02/27 10:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/02/27 09:55:42 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/02/27 08:31:18 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{CAB67E3E-CFB7-48E5-90E5-0172F303BFBF}
    [2013/02/26 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{3E4DF413-EF6C-4A5B-8CE7-3FFF84057562}
    [2013/02/25 21:22:16 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{EEB38AAB-60F5-4069-84AD-21E203784756}
    [2013/02/25 09:14:27 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{5CC80E4A-AB16-41AA-9C13-2966E9AB3EB7}
    [2013/02/24 11:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2013/02/24 11:11:41 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{AEE5AC91-EA1F-4E59-89ED-C453F081BA94}
    [2013/02/23 20:58:10 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\{E4F46742-728A-4782-ADDF-251844FE517B}
    [2013/02/23 20:06:07 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2013/02/23 20:00:14 | 000,000,000 | ---D | C] -- C:\Users\Jo Bowman\AppData\Local\Programs
    [2013/02/23 18:54:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jo Bowman\Desktop\OTL.exe
    [2013/02/14 22:30:48 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/02/14 22:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
    [2013/02/14 19:12:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/02/14 19:12:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/02/14 19:12:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/02/14 19:12:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/02/14 19:12:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/02/14 19:12:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/02/14 19:12:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/02/14 19:12:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/02/14 19:12:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/02/14 19:12:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/02/14 19:12:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/02/14 19:12:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/02/14 19:12:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/02/14 19:12:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/02/14 19:12:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/02/13 09:22:24 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/02/13 09:22:19 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/02/13 09:22:18 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/02/13 09:22:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013/02/13 09:22:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/02/13 09:22:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/02/13 09:22:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/02/13 09:22:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/02/13 09:22:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/02/13 09:21:58 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
    [2013/02/07 22:58:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2013/02/07 22:58:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2013/02/07 22:58:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2013/02/07 22:58:52 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2013/02/07 22:58:52 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2013/02/07 22:58:50 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2013/02/07 22:58:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2013/02/07 22:58:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2013/02/07 22:58:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2013/02/07 22:58:50 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2013/02/07 22:58:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2013/02/07 22:58:49 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2013/02/07 22:58:49 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2013/02/07 22:58:49 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
    [2013/02/07 22:58:49 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2013/02/07 22:58:49 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2013/02/07 22:58:49 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2013/02/07 22:58:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2013/02/07 22:58:49 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2013/02/07 22:58:49 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2013/02/07 22:58:48 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2013/02/07 22:58:48 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2013/02/07 22:58:47 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2013/02/07 22:58:46 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2013/02/07 22:57:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
    [2013/02/07 22:57:31 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
    [2013/02/07 22:57:25 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2013/02/05 10:55:13 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2013/02/05 10:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/02/05 10:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013/02/01 10:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [4 C:\Users\Jo Bowman\Desktop\*.tmp files -> C:\Users\Jo Bowman\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/03/02 19:06:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/03/02 19:06:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/03/02 19:04:59 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-158352679-13925165-2501972755-1001Core.job
    [2013/03/02 19:04:53 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/03/02 19:04:30 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-158352679-13925165-2501972755-1001UA.job
    [2013/03/02 19:04:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/03/02 19:04:15 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/03/02 19:03:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/03/02 16:28:53 | 111,726,909 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2013/02/28 09:23:48 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/27 12:32:38 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/02/27 12:32:38 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/02/27 12:32:24 | 016,473,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2013/02/27 10:51:34 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Jo Bowman\Desktop\esetsmartinstaller_enu.exe
    [2013/02/27 10:32:57 | 000,002,040 | ---- | M] () -- C:\Users\Jo Bowman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/02/23 20:01:03 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/23 18:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jo Bowman\Desktop\OTL.exe
    [2013/02/23 18:40:39 | 000,587,883 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2013/02/23 08:27:53 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/02/23 08:26:54 | 000,416,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/14 19:18:54 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/14 19:18:54 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/14 19:18:54 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/07 22:51:06 | 000,001,056 | ---- | M] () -- C:\Users\Jo Bowman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/02/07 22:50:33 | 000,001,032 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\Dropbox.lnk
    [2013/02/05 13:32:42 | 000,178,723 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\writingItalian.pdf
    [2013/02/03 14:10:21 | 000,866,251 | ---- | M] () -- C:\Users\Jo Bowman\Desktop\25k-raster-legend.pdf
    [4 C:\Users\Jo Bowman\Desktop\*.tmp files -> C:\Users\Jo Bowman\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/05 13:32:40 | 000,178,723 | ---- | C] () -- C:\Users\Jo Bowman\Desktop\writingItalian.pdf
    [2013/02/03 14:10:16 | 000,866,251 | ---- | C] () -- C:\Users\Jo Bowman\Desktop\25k-raster-legend.pdf
    [2011/01/22 17:36:42 | 000,001,854 | ---- | C] () -- C:\Users\Jo Bowman\AppData\Roaming\GhostObjGAFix.xml
    [2011/01/06 18:01:36 | 000,072,080 | ---- | C] () -- C:\Users\Jo Bowman\g2mdlhlpx.exe
    [2010/11/27 08:43:17 | 000,002,370 | ---- | C] () -- C:\Users\Jo Bowman\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >


    OTL Extras logfile created on: 02/03/2013 19:08:38 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jo Bowman\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.75 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 44.04% Memory free
    5.49 Gb Paging File | 3.11 Gb Available in Paging File | 56.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.48 Gb Total Space | 182.49 Gb Free Space | 64.15% Space Free | Partition Type: NTFS
    Drive D: | 13.31 Gb Total Space | 2.21 Gb Free Space | 16.62% Space Free | Partition Type: NTFS
    Drive E: | 99.34 Mb Total Space | 95.87 Mb Free Space | 96.51% Space Free | Partition Type: FAT32

    Computer Name: JOBOWMAN-PC | User Name: Jo Bowman | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03F06894-877B-4462-8C15-B273DEEFC520}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{086E8AD9-FCB9-445A-8341-FF250D6CD112}" = rport=138 | protocol=17 | dir=out | app=system |
    "{33E8C9B6-A119-41A4-A8CB-BA1D374F60DB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{46991153-ACAE-4967-890F-8FF56776ABA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{488DEF2F-88CD-4E6A-9402-BAF8251B2E24}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{4A340E6F-AD72-4539-88C8-8AAD524DE396}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{5C630436-6C16-40BD-945A-5610043F4486}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6204CA4D-5013-4529-896F-1C63D7DA98BF}" = rport=137 | protocol=17 | dir=out | app=system |
    "{6A13997A-B9FE-4B52-A7F8-844206D0D049}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{7F7B5B38-0BA4-4C26-886D-270D40CC530A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7FD38448-7448-4DB7-AAD0-01C46C54296C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{87B71137-37A7-4F87-A4C3-869F30D8460F}" = lport=137 | protocol=17 | dir=in | app=system |
    "{8B731B1F-1369-4269-B37A-0EDE0A247DA0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{99D91145-2534-45D5-AA8C-390A12D4CB07}" = rport=445 | protocol=6 | dir=out | app=system |
    "{AC766175-61F2-4945-A26C-32E57B2D8D0D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AE65802E-FFE7-42DB-A634-016CDE9779A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B79E6967-4955-443F-BF00-314C44233AAB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BBC350CD-DAE0-4B27-A01B-E1A7BC224CCF}" = rport=139 | protocol=6 | dir=out | app=system |
    "{C57A3A73-64B1-47E6-8E60-091A8CB31C01}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{CCDED883-9060-4BE1-A7F9-3ED55199630E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E0791FF6-B500-4E40-8E81-39ACAC81F59B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E455F4EB-A9E5-474F-9F61-75C4D137366E}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F0BDC35C-05B2-4F66-9E42-7B5B175C81AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F75EF522-427C-4CB4-9CBA-917F3BDE7E68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{FF5A3842-3B7A-40AF-B343-66308D912510}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{083B59A4-DA70-4319-B906-6C86232946CF}" = protocol=6 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |
    "{10F10DB3-51F6-4D23-BAD8-BB180C1B3238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{12551D06-E2D6-4235-A7D5-DC450E9E2018}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{1418575D-F3D4-458F-AE09-7DC8D6B2045E}" = protocol=1 | dir=out | [email protected],-28544 |
    "{165546DB-BDB1-4364-AB50-70CABA22A822}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{1FB81182-62E3-4CBE-9129-B2F4F6359EC4}" = protocol=58 | dir=out | [email protected],-28546 |
    "{1FC5B328-0000-4AC4-B486-DD2C8859461F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{273C1677-B85B-4D5B-B79B-ABB1B51A8B42}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{2A2ED212-4056-4683-BDAD-FA34F777B7CB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{37A916D3-334F-4127-A92E-7836EE62351B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{44611FDB-BBE2-4B31-B511-32EBD198A291}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{46EABC21-9904-4F99-A92C-E228080D63C1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{478102E6-08F3-462C-A205-F70FF7E3236C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{47E0B5C9-154E-4DC4-8D5B-9C6248159F6F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{49F6B60A-1B73-446E-A085-DDB996D09E2D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{5EE8FEAB-AAFB-4EEA-BC41-90A7E65AF0A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{605F08B5-3E6D-4372-A897-D88AC54D6498}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{636CC741-2B64-4B48-92C5-7F0436DA49D1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{68C9DA72-BF0D-4AEA-87A5-D387C390FA8C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{6C6A7E36-91E0-4A5B-8C13-ACF276FA504C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{6F91CD18-B61B-4ED5-9317-F6AE8343A802}" = protocol=58 | dir=in | [email protected],-28545 |
    "{7423406F-2CEA-43C7-AEFC-1A4D0B6073DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{748405CF-7CDB-4D1B-A14B-B91522297C16}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{74BF339F-0DCD-4F5F-B8A0-46C1B42A8451}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{8334D303-D609-40EA-9842-DCFC80B4CAF5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{85B54D38-BA01-454B-B5C3-F891987CC4C8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{98830A54-98E2-4384-B097-15AD7E0E8C76}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{9CAF1862-CE9D-4946-A4F9-E8B73C1B970F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9F78426A-93CF-4323-AB54-BE96CEC0C9C7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A6A77267-313C-4ED6-A9DA-1253B574E53B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A7D11A65-DF24-4095-BCAE-336A4B5FE070}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A81FE208-1E76-47AF-A5C7-6EAB894CD21A}" = protocol=6 | dir=out | app=system |
    "{B1B1CA28-7005-4895-B8B5-BFB1B3C46DA2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{B3E6D358-7F98-4778-B3D8-7F0B735A3D31}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{BEEAC975-0817-484C-AF46-D7D612A54C6A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
    "{BF6289A7-B331-474F-A370-3787D1FDE6CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{C5511FE0-35FC-4391-A406-76BB4E60E1F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C83A7D1B-043B-48D8-97D5-06F01B6EDEC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CF377927-43CD-4E66-90FF-1665825B8DA6}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla thunderbird\thunderbird.exe |
    "{D6580117-5A34-4436-A9D1-8A5200605CA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D8C20F36-3CD4-454B-8CA3-5CA080B456B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{DFEC8CE1-0645-4BF6-8F18-06E9F867B790}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{E6794D92-796D-4E2D-A992-7BA6E4F63A8A}" = protocol=17 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |
    "{EBE27D55-A6F6-4551-A1A0-4EEE9A90A446}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{F4B17C81-98DF-41B8-8352-F27CAA8C1ACF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{F5A13A26-5CCA-4373-9668-DE9CABC6FCF9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F781D1F4-753F-4817-B317-653CF077A325}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{FB4F562F-5F78-4181-BA91-D281DA9651F6}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla thunderbird\thunderbird.exe |
    "{FF463651-5654-4515-BD39-062220619B88}" = protocol=1 | dir=in | [email protected],-28543 |
    "TCP Query User{7902F131-4134-44FD-BA63-8416EFA894D5}C:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{79767DD8-D8CC-42E5-AEF8-27E7D05AB71B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{68F2D9F0-9693-4100-A9C8-BEAA5BF13A0A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{C2CBA964-C861-4EFC-B3DC-EBBA2D78A16C}C:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jo bowman\appdata\roaming\dropbox\bin\dropbox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8EBE1375-11F7-482D-936C-4C575F3D9BCB}" = AVG 2012
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64
    "{F2A13695-0BD3-47E2-91E0-2F5DB86FA439}" = AVG 2012
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
    "AVG" = AVG 2012
    "EPSON Printer and Utilities" = EPSON Printer Software
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista
    "{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch
    "{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common
    "{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian
    "{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype&#8482; 6.1
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
    "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
    "{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian
    "{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static
    "{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English
    "{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish
    "{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech
    "{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek
    "{B9F9C536-ECF3-399F-A57B-84378144B91E}" = O3D Plugin
    "{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian
    "{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
    "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing
    "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D2AFD577-8CF5-37F4-A4CF-32BEE91CB9C8}" = O3D Extras
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
    "{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard
    "{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVG Secure Search" = AVG Security Toolbar
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "EasyBits Magic Desktop" = Magic Desktop
    "FileZilla Client" = FileZilla Client 3.5.1
    "Google Desktop" = Google Desktop
    "Hypercosm Player 5_is1" = Hypercosm Player 3.42
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "New LEGO Digital Designer" = LEGO Digital Designer
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "UnityWebPlayer" = Unity Web Player (All users)
    "Veetle TV" = Veetle TV 0.9.17
    "WildTangent CDA" = WildTangent Web Driver
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "YTdetect" = Yahoo! Detect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-158352679-13925165-2501972755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "GoToMeeting" = GoToMeeting 4.5.0.457

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 25/03/2012 16:04:16 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 28/03/2012 11:11:24 | Computer Name = JoBowman-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
    enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
    "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
    on line 2. Invalid Xml syntax.

    Error - 31/03/2012 10:59:23 | Computer Name = JoBowman-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 11.0.0.4454 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 188c Start
    Time: 01cd08f7dd5a7ff0 Termination Time: 2669 Application Path: C:\Program Files
    (x86)\Mozilla Firefox\firefox.exe Report Id: 0b399a1c-7b42-11e1-a6af-60eb6900c9d5


    Error - 31/03/2012 10:59:24 | Computer Name = JoBowman-PC | Source = Application Hang | ID = 1002
    Description = The program DllHost.exe version 6.1.7600.16385 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: cb8 Start
    Time: 01cd0bfb4704fc4a Termination Time: 3783 Application Path: C:\Windows\SysWOW64\DllHost.exe

    Report
    Id:

    Error - 01/04/2012 15:12:23 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 08/04/2012 14:22:13 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 10/04/2012 09:28:53 | Computer Name = JoBowman-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
    enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
    "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
    on line 2. Invalid Xml syntax.

    Error - 12/04/2012 07:49:41 | Computer Name = JoBowman-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
    enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
    "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
    on line 2. Invalid Xml syntax.

    Error - 15/04/2012 14:02:34 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 15/04/2012 14:12:17 | Computer Name = JoBowman-PC | Source = Windows Backup | ID = 4103
    Description =

    [ Hewlett-Packard Events ]
    Error - 16/06/2012 06:51:51 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 2812 Ram Utilization: TargetSite: Void UpdateAndDetect()

    Error - 23/06/2012 08:14:15 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 23/06/2012 08:15:18 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 2812 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

    Error - 30/06/2012 05:56:38 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 30/06/2012 05:57:06 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 2812 Ram Utilization: 70 TargetSite: Void UpdateAndDetect()

    Error - 02/07/2012 01:17:37 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 02/07/2012 01:18:09 | Computer Name = JoBowman-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 2812 Ram Utilization: 80 TargetSite: Void UpdateAndDetect()

    Error - 02/07/2012 01:19:19 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 02/07/2012 01:19:50 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 04/07/2012 01:22:41 | Computer Name = JoBowman-PC | Source = HPSF.exe | ID = 4000
    Description =

    [ System Events ]
    Error - 24/02/2013 02:44:12 | Computer Name = JoBowman-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Wlansvc service.

    Error - 24/02/2013 07:36:38 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 24/02/2013 09:03:26 | Computer Name = JoBowman-PC | Source = DCOM | ID = 10010
    Description =

    Error - 24/02/2013 09:05:15 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 26/02/2013 05:12:29 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 27/02/2013 05:55:42 | Computer Name = JoBowman-PC | Source = Service Control Manager | ID = 7034
    Description = The Adobe Acrobat Update Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 27/02/2013 06:27:37 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 27/02/2013 08:58:01 | Computer Name = JoBowman-PC | Source = DCOM | ID = 10010
    Description =

    Error - 27/02/2013 11:44:38 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 28/02/2013 05:23:52 | Computer Name = JoBowman-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter


    < End of report >

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.24.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jo Bowman :: JOBOWMAN-PC [administrator]

    02/03/2013 19:43:00
    mbam-log-2013-03-02 (19-43-00).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 229776
    Time elapsed: 6 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  13. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hello joob,

    My pleasure. :)


    Your latest set of logs appear to be clean! :D

    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


    Clean up with OTL

    • Double-click OTL.exe to start the program, This tool will remove all the tools we used to clean your pc.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CleanUp! button
    • Say Yes to the prompt and then allow the program to reboot your computer.


    You can now delete any tools we used if they remain on your Desktop.


    Create a new, clean System Restore point

    • Create a new, clean System Restore point which you can use in case of future system problems:
    • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
    • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
    • Now remove old, infected System Restore points:
    • Next click Start >> Run and type cleanmgr in the box and press OK
    • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
    • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
    • Press OK and Yes to confirm



    Protection Programs
    Don't forget to re-enable any protection programs we disabled during your fix.

    Now we needed to deal with security vulnerabilities
    Here are some optional free programs I recommend that could help you improve your computer's security.

    Install WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
    For more information, please visit HERE


    MVPS Hosts

    Install MVPS Hosts File From Here
    The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    You can Find the Tutorial HERE


    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

    Visit Microsoft often to get the latest updates for your computer
    You can do that HERE

    Read some information HERE On how to prevent Malware

    I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

    Safe surfing!
     
  14. joob

    joob Thread Starter

    Joined:
    Feb 9, 2013
    Messages:
    20
    Hi wannabeageek

    I've done all that and will follow the advice for keeping on top of malware in the future.
    Thanks so much for your help and the best of luck to you.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088825

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice