Initially I found that every time I started Firefox I was getting a Claro search page. When I looked in about:config I found that there were many new lines that this program had put in. I therefore uninstalled Firefox and reinstalled it but it does not seem to have made a difference as my home page keeps reverting to http://www.claro-sea...0006894234cfe3b Additionally Firefox will not function properly and freezes after almost every action for a minute or two. Internet Explorer has the same problem but additionally I have seen that when I am typing in the address bar there is a note that keystrokes are being sent to Funmoods.
I have run OTL and it has produced 2 logs, OTL.txt and Extras.txt and I have pasted them both below. Thanks for looking
OTL logfile created on: 15/11/2012 14:16:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bob\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16420)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
5.89 Gb Total Physical Memory | 3.57 Gb Available Physical Memory | 60.63% Memory free
6.83 Gb Paging File | 4.19 Gb Available in Paging File | 61.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.46 Gb Total Space | 771.82 Gb Free Space | 84.68% Space Free | Partition Type: NTFS
Drive D: | 19.29 Gb Total Space | 2.41 Gb Free Space | 12.52% Space Free | Partition Type: NTFS
Computer Name: BOBSLAPTOP | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/15 14:15:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Downloads\OTL.exe
PRC - [2012/11/13 15:02:45 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/06 23:36:17 | 000,381,952 | ---- | M] (Richard Walters) -- C:\Program Files\WindowsApps\61908RichardWalters.Calculator_1.2.0.0_neutral__486nvj664v5b0\Calculator.exe
PRC - [2012/11/06 23:34:49 | 000,328,704 | ---- | M] () -- C:\Program Files\WindowsApps\BritishSkyBroadcasting.SkyNews_2.0.0.0_neutral__0b9xnhb6xcwd0\SkyNewsMetroAppV2.exe
PRC - [2012/11/06 11:05:25 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/10/11 11:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012/10/11 02:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccsvchst.exe
PRC - [2012/08/02 17:12:50 | 000,363,520 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
PRC - [2012/08/02 10:56:46 | 001,544,192 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
PRC - [2012/07/27 17:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/07/18 01:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 01:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 01:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/07/18 01:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/09 12:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/07/09 12:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/06/08 03:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/03/28 17:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/08/26 13:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
========== Modules (No Company Name) ==========
MOD - [2012/11/15 03:00:37 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\26631dce93820b4014ba67465efac61b\System.ServiceModel.Internals.ni.dll
MOD - [2012/11/15 03:00:35 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\e605b0a9c51eba20698abe1e9454f4ad\SMDiagnostics.ni.dll
MOD - [2012/11/10 09:05:50 | 000,778,752 | ---- | M] () -- C:\Users\Bob\AppData\Local\Packages\britishskybroadcasting.skynews_0b9xnhb6xcwd0\AC\Microsoft\CLR_v4.0_32\NativeImages\SkyNewsMetroAppV2\b393553d79a7f7a578795a3eba7168a8\SkyNewsMetroAppV2.ni.exe
MOD - [2012/11/10 09:05:37 | 000,228,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\42801090e9e55f6d54873e3e78ac5dec\Windows.Data.ni.dll
MOD - [2012/11/10 09:05:36 | 000,369,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Media\a83cfe81241698ebece6e96a85092ae7\Windows.Media.ni.dll
MOD - [2012/11/08 11:14:21 | 000,254,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Security\1d556f6b67d7c7123ab5e6cd7d8806ea\Windows.Security.ni.dll
MOD - [2012/11/06 23:34:49 | 000,328,704 | ---- | M] () -- C:\Program Files\WindowsApps\BritishSkyBroadcasting.SkyNews_2.0.0.0_neutral__0b9xnhb6xcwd0\SkyNewsMetroAppV2.exe
MOD - [2012/11/06 18:25:23 | 000,491,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\03a51168ac38f02837119a0d17d089a1\Windows.Networking.ni.dll
MOD - [2012/11/06 18:25:20 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.429e8964#\cdd306cf62450d70b26c9e7450bff7cb\System.Xml.XmlSerializer.ni.dll
MOD - [2012/11/06 18:25:20 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt1e58aa76#\d88aca120da1d63b8c347522892e9c07\System.Runtime.Extensions.ni.dll
MOD - [2012/11/06 18:25:20 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Resoc6338000#\4f88d44d61a2cdc1780ed2158b582164\System.Resources.ResourceManager.ni.dll
MOD - [2012/11/06 18:25:20 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Globalization\72651ffd4c66014be969f8a656f8e83f\System.Globalization.ni.dll
MOD - [2012/11/06 18:25:19 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.System\54c69c977ff9a658e8a08c778acf8d87\Windows.System.ni.dll
MOD - [2012/11/06 18:25:19 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Linq\e70098e0c1b6d0e94560528760906d50\System.Linq.ni.dll
MOD - [2012/11/06 18:25:19 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IO\46679839334570d7cc384907601e2a02\System.IO.ni.dll
MOD - [2012/11/06 18:25:17 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Threading\f31f3c925641b0d24c33b605eaa9c49f\System.Threading.ni.dll
MOD - [2012/11/06 18:25:15 | 000,693,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\edfcb7e3566636e5b217b27ee46eeb48\Windows.Storage.ni.dll
MOD - [2012/11/06 18:25:15 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Thre7bb2aad0#\1f75b3bc8b600cfd0795648deded93d9\System.Threading.Tasks.ni.dll
MOD - [2012/11/06 18:25:14 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\46d2e71101161dd6adb9a99ebeae74d6\Windows.UI.ni.dll
MOD - [2012/11/06 18:25:14 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\b337f4341111cd7a350504ce4b311cf3\Windows.Foundation.ni.dll
MOD - [2012/11/06 18:25:14 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ObjectModel\58bc08ad1dabed6a81e20f29fc6eb3a5\System.ObjectModel.ni.dll
MOD - [2012/11/06 18:25:12 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\c79d18b16dbb00ba4ef12532d77203a0\Windows.ApplicationModel.ni.dll
MOD - [2012/11/06 18:25:12 | 000,152,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\e1ef225f558b609cb9a42f6abf128e07\Windows.Globalization.ni.dll
MOD - [2012/11/06 18:25:12 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Collections\dce00d20c8120e4ff649f68485584754\System.Collections.ni.dll
MOD - [2012/11/06 18:25:11 | 002,861,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\03ddb80a4598082f9216c75509b20746\Windows.UI.Xaml.ni.dll
MOD - [2012/11/06 18:25:11 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtbff93e24#\6421c9e67e19d33cb3c73622ed14559f\System.Runtime.InteropServices.WindowsRuntime.ni.dll
MOD - [2012/11/06 18:25:05 | 000,021,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime\ed2713f880338ecfdfe3d592fd6eb974\System.Runtime.ni.dll
MOD - [2012/11/06 18:22:08 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\706fd0ae4e6906a398010738d98ae675\System.Xml.ni.dll
MOD - [2012/11/06 18:21:46 | 000,558,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt0d283adf#\c402deb90dbd9f38c70ba75a4baae738\System.Runtime.WindowsRuntime.ni.dll
MOD - [2012/11/06 18:21:46 | 000,099,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtc259d85b#\15bdf99674c73c1169086ae7af7c8933\System.Runtime.WindowsRuntime.UI.Xaml.ni.dll
MOD - [2012/11/06 18:21:45 | 002,785,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\7a9337d3cb714dec10962b4d63372e27\System.Runtime.Serialization.ni.dll
MOD - [2012/11/06 18:21:43 | 000,523,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\3038abde22eda435cbd20b33d0d49cc4\System.Net.Http.ni.dll
MOD - [2012/11/06 18:21:37 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d5aff4168e8ba07f0f39dbabff3bbf6b\System.Configuration.ni.dll
MOD - [2012/11/06 18:21:18 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9587421a7c7653b171bc5a2e5a1fffab\System.Core.ni.dll
MOD - [2012/11/06 18:21:14 | 009,926,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c0a96107dfc55d74bbc2f775d1a0f1c2\System.ni.dll
MOD - [2012/11/06 18:21:08 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\939f2968bc3436f588bb23c6c7cee671\mscorlib.ni.dll
MOD - [2012/11/06 11:05:24 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/10/24 17:50:39 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/11 11:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012/10/11 11:17:06 | 002,069,528 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/07/27 13:50:34 | 000,333,312 | ---- | M] () -- C:\Windows\SysWOW64\BsExtendFunc.dll
MOD - [2012/07/10 17:04:10 | 000,062,976 | ---- | M] () -- C:\Windows\SysWOW64\BsProfileFunc.dll
MOD - [2012/07/10 16:59:40 | 000,019,456 | ---- | M] () -- C:\Windows\SysWOW64\BsTrace.dll
MOD - [2012/07/10 16:26:44 | 000,011,264 | ---- | M] () -- C:\Windows\SysWOW64\SCChangeMonitor.dll
MOD - [2012/06/08 10:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/08 03:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/05/30 06:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\wincfi39.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/09/20 09:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 08:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 06:32:59 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/09/20 06:32:58 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/09/20 06:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 06:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/09/20 06:30:38 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/08/10 14:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/07/26 03:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/26 03:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/26 03:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 03:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 03:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 03:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 03:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/26 03:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 03:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 03:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 03:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/26 03:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 03:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 03:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/26 03:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 03:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/22 07:30:36 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/04/20 13:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2012/11/06 17:04:12 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/06 11:05:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/24 17:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/11 11:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012/10/11 02:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe -- (NIS)
SRV - [2012/09/20 08:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/10 16:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/08 11:09:02 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/02 10:56:46 | 001,544,192 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2012/07/26 03:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/26 03:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/26 03:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/18 01:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 01:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 01:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/07/18 01:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/14 16:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/07/10 17:11:20 | 000,138,752 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe -- (BsHelpCS)
SRV - [2012/07/09 12:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/11/21 20:32:02 | 000,032,768 | ---- | M] (Acesoft) [On_Demand | Stopped] -- C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\tepsrv.exe -- (tepsrv)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/11/06 17:01:07 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/10/09 01:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/04 01:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/04 01:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symds64.sys -- (SymDS)
DRV:64bit: - [2012/10/04 01:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/09/20 08:31:29 | 000,068,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/09/20 07:55:33 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/09/20 07:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/20 07:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 07:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 07:55:30 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 07:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/09/20 07:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 07:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 07:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/09/20 07:03:06 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/09/20 07:03:03 | 000,055,528 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 06:09:11 | 000,031,104 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/09/20 06:08:40 | 000,117,632 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2012/09/20 06:08:27 | 000,029,952 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/09/18 17:51:20 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/09/07 02:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/07 01:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/08/24 09:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/24 09:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/24 09:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/10 14:24:28 | 000,042,400 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/08/10 14:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/09 13:48:18 | 000,695,392 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2012/08/08 21:28:38 | 001,958,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/08 20:46:34 | 000,048,736 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IvtUrbBtFlt.sys -- (btUrbFilterDrv)
DRV:64bit: - [2012/08/08 05:17:54 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/03 13:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/07/31 19:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/31 08:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/26 05:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 05:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 05:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 05:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 05:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 05:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 05:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 05:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 05:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 05:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 05:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 05:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 05:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 05:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 05:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 05:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 05:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 05:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 05:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 04:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 04:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 04:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 04:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/26 04:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/26 03:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 03:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/26 02:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/26 02:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 02:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 02:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 02:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 02:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/26 02:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 02:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 02:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 02:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 02:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 02:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 02:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 02:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 02:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 02:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 02:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Unknown] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 02:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 02:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 02:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/26 02:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 02:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/26 02:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 02:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 02:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 22:53:22 | 011,926,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/22 07:30:36 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/07/19 16:47:40 | 000,056,904 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtL2caScoIf.sys -- (BthL2caScoIfSrv)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/04 13:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/07/02 23:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/29 02:00:48 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/25 09:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/20 21:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\symelam.sys -- (SymELAM)
DRV:64bit: - [2012/06/19 15:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/15 10:22:02 | 000,023,136 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtAudioBus.sys -- (BtAudioBusSrv)
DRV:64bit: - [2012/01/11 18:11:54 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1402000.013\srtspx64.sys -- (SRTSPX)
DRV - [2012/11/05 15:26:18 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20121114.008\ex64.sys -- (NAVEX15)
DRV - [2012/11/05 15:26:18 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/11/05 15:26:18 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/11/05 15:26:18 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20121114.008\eng64.sys -- (NAVENG)
DRV - [2012/11/03 06:37:24 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20121114.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/10/23 23:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20121106.001\BHDrvx64.sys -- (BHDrvx64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=894205108
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=894205108
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{78F939B8-B5C2-4BD4-AEC0-6360FB28260E}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=894205108
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{00070B1A-A569-B82E-3F6E-55413938BB1E}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=894205108
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{78F939B8-B5C2-4BD4-AEC0-6360FB28260E}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-sea...0006894234cfe3b
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{00070B1A-A569-B82E-3F6E-55413938BB1E}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...yE&cr=894205108
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{78F939B8-B5C2-4BD4-AEC0-6360FB28260E}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2012/11/14 15:10:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2012/11/05 15:03:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/13 15:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/14 15:11:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/11/13 15:17:51 | 000,000,000 | ---D | M]
[2012/11/14 15:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Extensions
[2012/11/14 15:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\oisbga57.default\extensions
[2012/11/14 15:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/24 17:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 17:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 17:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/07/26 05:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08D31D2A-9A94-4576-B40B-38146B93F409}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38FE2CC8-EB4F-4E70-A369-E1DD12386933}: DhcpNameServer = 40.24.1.201 40.24.1.202
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cf6fcdfa-2a61-11e2-be75-6894234cfe3a}\Shell - "" = AutoRun
O33 - MountPoints2\{cf6fcdfa-2a61-11e2-be75-6894234cfe3a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/14 15:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/14 14:55:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012/11/14 14:55:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012/11/13 15:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
[2012/11/13 15:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Shredder
[2012/11/13 15:17:52 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/11/13 15:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/11/13 15:17:25 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Babylon
[2012/11/13 15:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/11/13 15:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/11/13 15:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/11/13 15:02:46 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/11/13 15:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/11/13 15:02:36 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Real
[2012/11/13 15:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/11/13 14:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/11/13 14:53:00 | 000,000,000 | ---D | C] -- C:\Restoration
[2012/11/13 14:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods
[2012/11/12 22:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracks Eraser Pro
[2012/11/12 22:34:52 | 000,277,504 | ---- | C] (Nektra S.A.) -- C:\Windows\SysWow64\oestore.dll
[2012/11/12 22:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acesoft
[2012/11/11 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Adobe
[2012/11/11 15:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/11/11 15:12:48 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\New folder
[2012/11/09 12:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/11/09 12:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/11/09 12:48:42 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Google
[2012/11/09 12:20:11 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Skype
[2012/11/09 12:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/09 12:20:02 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/11/09 12:20:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/09 12:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/11/09 11:42:01 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\{34A0B027-EAB3-4299-94F5-0F23174E7A18}
[2012/11/09 10:47:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\TuneUp Software
[2012/11/09 10:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/11/09 10:47:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012/11/09 10:47:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/11/09 10:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp
[2012/11/09 10:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2012/11/09 10:46:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\OpenCandy
[2012/11/09 10:45:30 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\TuneUpMedia
[2012/11/09 10:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2012/11/06 23:04:01 | 000,000,000 | R--D | C] -- C:\Users\Bob\Documents\HP Photo Creations
[2012/11/06 23:04:01 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Visan
[2012/11/06 22:55:26 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\OneNote Notebooks
[2012/11/06 22:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/11/06 22:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012/11/06 22:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/11/06 22:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/11/06 22:48:27 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Microsoft Help
[2012/11/06 22:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/11/06 22:47:54 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/11/06 17:07:16 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2012/11/06 17:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012/11/06 17:02:17 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\Fonts
[2012/11/06 17:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/11/06 17:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/11/06 16:30:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Identities
[2012/11/06 15:12:10 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\ids
[2012/11/06 15:12:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Car
[2012/11/06 12:24:46 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Apple Computer
[2012/11/06 12:24:45 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Apple Computer
[2012/11/06 12:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/06 12:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/06 12:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/06 12:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/11/06 12:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/06 12:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/06 12:23:38 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Apple
[2012/11/06 12:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/11/06 12:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/11/06 12:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/11/06 11:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012/11/06 11:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2012/11/06 11:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2012/11/06 11:25:58 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\HpUpdate
[2012/11/06 11:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/11/06 11:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/11/06 11:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/11/06 11:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/11/06 11:17:08 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Macromedia
[2012/11/06 11:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/11/06 10:55:37 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\HP
[2012/11/06 10:37:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/11/05 16:46:18 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\hpqlog
[2012/11/05 16:09:57 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Mozilla
[2012/11/05 16:09:57 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Mozilla
[2012/11/05 16:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/05 16:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/05 16:03:36 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Macromedia
[2012/11/05 15:26:45 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Hewlett-Packard
[2012/11/05 15:07:02 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Hewlett-Packard
[2012/11/05 15:06:59 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Bluetooth
[2012/11/05 15:06:59 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\bluesoleil
[2012/11/05 15:06:25 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/05 15:06:25 | 000,000,000 | R--D | C] -- C:\Users\Bob\Searches
[2012/11/05 15:06:25 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/11/05 15:06:24 | 000,000,000 | R--D | C] -- C:\Users\Bob\Contacts
[2012/11/05 15:06:20 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Adobe
[2012/11/05 15:06:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2012/11/05 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Power2Go8
[2012/11/05 15:04:34 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Synaptics
[2012/11/05 15:03:20 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\VirtualStore
[2012/11/05 15:03:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2012/11/05 15:03:04 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Packages
[2012/11/05 15:02:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/11/05 15:02:09 | 000,000,000 | --SD | C] -- C:\Users\Bob\AppData\Roaming\Microsoft
[2012/11/05 15:02:09 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2012/11/05 15:02:09 | 000,000,000 | R--D | C] -- C:\Users\Bob\Desktop
[2012/11/05 15:02:09 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/05 15:02:09 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2012/11/05 15:02:09 | 000,000,000 | -H-D | C] -- C:\Users\Bob\AppData
[2012/11/05 15:02:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Temp
[2012/11/05 15:02:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Microsoft
[2012/11/05 15:02:09 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Videos
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Saved Games
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Pictures
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Music
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Links
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Favorites
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Downloads
[2012/11/05 15:02:08 | 000,000,000 | R--D | C] -- C:\Users\Bob\Documents
[2012/11/05 15:02:08 | 000,000,000 | -H-D | C] -- C:\Users\Bob\Documents\hp.system.package.metadata
[2012/11/05 15:02:08 | 000,000,000 | -H-D | C] -- C:\Users\Bob\Documents\hp.applications.package.appdata
========== Files - Modified Within 30 Days ==========
[2012/11/15 13:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/15 13:53:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/15 13:42:10 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/11/15 12:53:57 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/15 00:27:16 | 001,711,535 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\Cat.DB
[2012/11/14 20:26:59 | 000,000,821 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2012/11/14 20:23:56 | 000,004,524 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012/11/14 20:23:54 | 000,000,043 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012/11/14 20:23:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/14 20:20:02 | 000,000,231 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2012/11/14 15:12:10 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/14 15:12:10 | 000,788,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/14 15:12:10 | 000,162,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/14 15:11:48 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/14 15:07:21 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2012/11/14 15:07:18 | 768,622,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/13 15:17:59 | 000,000,972 | ---- | M] () -- C:\Users\Bob\Desktop\File Shredder.lnk
[2012/11/13 15:03:10 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/11/13 15:02:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/11/13 14:57:08 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/11/13 14:52:28 | 000,290,500 | ---- | M] () -- C:\Users\Bob\AppData\Local\funmoods-speeddial_sf.crx
[2012/11/13 14:52:28 | 000,031,465 | ---- | M] () -- C:\Users\Bob\AppData\Local\funmoods.crx
[2012/11/12 22:34:57 | 000,001,160 | ---- | M] () -- C:\Users\Bob\Desktop\Tracks Eraser Pro.lnk
[2012/11/12 11:50:14 | 000,002,967 | ---- | M] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2012/11/09 22:57:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2012/11/09 22:13:20 | 000,067,986 | ---- | M] () -- C:\Users\Bob\Documents\LGW285XX227E.pdf
[2012/11/09 12:49:46 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/11/09 12:20:03 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/09 11:37:47 | 000,336,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/09 10:46:53 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp.lnk
[2012/11/06 23:42:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2012/11/06 23:03:27 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/11/06 22:55:26 | 000,001,310 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/11/06 17:14:17 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/11/06 17:11:16 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBob.job
[2012/11/06 17:10:19 | 000,010,074 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\VT20121008.022
[2012/11/06 17:04:15 | 000,000,060 | ---- | M] () -- C:\Windows\wininit.ini
[2012/11/06 17:04:10 | 000,001,213 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 7.0.lnk
[2012/11/06 12:24:44 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/06 11:25:54 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3000 J310 series.lnk
[2012/11/06 11:25:53 | 000,002,272 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3000 J310 series.lnk
[2012/11/06 11:25:44 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/10/19 12:07:54 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\isolate.ini
========== Files Created - No Company Name ==========
[2012/11/14 15:11:48 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/14 15:11:46 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/13 15:17:58 | 000,000,972 | ---- | C] () -- C:\Users\Bob\Desktop\File Shredder.lnk
[2012/11/13 15:03:10 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/11/13 14:57:08 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/11/13 14:52:34 | 000,290,500 | ---- | C] () -- C:\Users\Bob\AppData\Local\funmoods-speeddial_sf.crx
[2012/11/13 14:52:32 | 000,031,465 | ---- | C] () -- C:\Users\Bob\AppData\Local\funmoods.crx
[2012/11/12 22:34:56 | 000,001,160 | ---- | C] () -- C:\Users\Bob\Desktop\Tracks Eraser Pro.lnk
[2012/11/09 22:57:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2012/11/09 22:13:20 | 000,067,986 | ---- | C] () -- C:\Users\Bob\Documents\LGW285XX227E.pdf
[2012/11/09 12:49:45 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/11/09 12:48:49 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/09 12:48:48 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/09 12:20:03 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/09 11:37:39 | 000,336,040 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/09 10:46:53 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp.lnk
[2012/11/06 23:42:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2012/11/06 23:03:28 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/11/06 22:55:25 | 000,001,310 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/11/06 17:04:15 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/06 17:04:10 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 7.0.lnk
[2012/11/06 17:04:09 | 000,001,213 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 7.0.lnk
[2012/11/06 15:13:35 | 000,361,934 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2012/11/06 15:13:12 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2012/11/06 15:13:12 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/11/06 15:12:05 | 001,008,075 | ---- | C] () -- C:\Users\Bob\Documents\VillaAdria.xps
[2012/11/06 15:12:05 | 000,005,454 | ---- | C] () -- C:\Users\Bob\Documents\Trees RegisterSY330651[1].pdf
[2012/11/06 15:12:04 | 000,301,038 | ---- | C] () -- C:\Users\Bob\Documents\Travel Insurance for India.pdf
[2012/11/06 15:12:01 | 001,312,616 | ---- | C] () -- C:\Users\Bob\Documents\Tallinn_en.pdf
[2012/11/06 15:12:01 | 000,033,421 | -H-- | C] () -- C:\Users\Bob\Documents\songs.rtf
[2012/11/06 15:11:59 | 001,346,606 | ---- | C] () -- C:\Users\Bob\Documents\Riga_en.pdf
[2012/11/06 15:11:57 | 000,536,480 | ---- | C] () -- C:\Users\Bob\Documents\RAC_Policy_ Corsa.pdf
[2012/11/06 15:11:56 | 000,005,201 | ---- | C] () -- C:\Users\Bob\Documents\perftest - Shortcut.lnk
[2012/11/06 15:11:54 | 001,491,728 | ---- | C] () -- C:\Users\Bob\Documents\Mobile User Guide K700.pdf
[2012/11/06 15:11:52 | 000,000,423 | ---- | C] () -- C:\Users\Bob\Documents\Le Mans.html
[2012/11/06 15:11:51 | 000,106,967 | ---- | C] () -- C:\Users\Bob\Documents\itinerary.xps
[2012/11/06 15:11:50 | 001,468,523 | ---- | C] () -- C:\Users\Bob\Documents\Israel & Palestine Territories - Jerusalem (Chapter).pdf
[2012/11/06 15:11:49 | 000,002,052 | ---- | C] () -- C:\Users\Bob\Documents\Invoice.htm
[2012/11/06 15:11:46 | 000,614,409 | ---- | C] () -- C:\Users\Bob\Documents\Epsom44.pdf
[2012/11/06 15:11:44 | 001,583,860 | ---- | C] () -- C:\Users\Bob\Documents\ELECTION.jpg
[2012/11/06 15:11:43 | 000,156,788 | ---- | C] () -- C:\Users\Bob\Documents\Chingoma to Addis Ababa xls.pdf
[2012/11/06 15:11:43 | 000,023,018 | ---- | C] () -- C:\Users\Bob\Documents\chelsea BADGE.jpg
[2012/11/06 15:11:42 | 000,510,718 | ---- | C] () -- C:\Users\Bob\Documents\ccsetup123.exe
[2012/11/06 15:11:42 | 000,061,074 | ---- | C] () -- C:\Users\Bob\Documents\cc_20051224_1802.reg
[2012/11/06 15:11:41 | 000,532,081 | ---- | C] () -- C:\Users\Bob\Documents\cardoman club conf.xps
[2012/11/06 12:24:43 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/06 12:23:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/11/06 12:12:12 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBob.job
[2012/11/06 12:09:18 | 000,002,967 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2012/11/06 12:08:21 | 000,000,231 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2012/11/06 11:26:02 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/11/06 11:25:53 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3000 J310 series.lnk
[2012/11/06 11:25:53 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3000 J310 series.lnk
[2012/11/06 11:25:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/11/06 11:05:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/05 15:06:20 | 000,001,434 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/05 15:06:01 | 000,002,226 | ---- | C] () -- C:\Users\Public\Desktop\Visit eBay.co.uk.lnk
[2012/11/05 15:06:00 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\HP Games.lnk
[2012/11/05 15:05:59 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos.lnk
[2012/09/18 17:30:05 | 000,004,524 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012/09/18 17:30:05 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012/08/10 16:45:30 | 000,000,821 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2012/08/08 05:18:02 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/08/08 05:17:52 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/08 05:17:50 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/08/03 22:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/27 13:50:34 | 000,333,312 | ---- | C] () -- C:\Windows\SysWow64\BsExtendFunc.dll
[2012/07/26 08:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 08:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 07:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 01:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 20:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 20:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 20:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 20:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 20:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/07/10 17:04:10 | 000,062,976 | ---- | C] () -- C:\Windows\SysWow64\BsProfileFunc.dll
[2012/07/10 16:59:40 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\BsTrace.dll
[2012/07/10 16:26:44 | 000,090,208 | ---- | C] () -- C:\Windows\SysWow64\BSSkypeAgent.dll
[2012/07/10 16:26:44 | 000,086,108 | ---- | C] () -- C:\Windows\SysWow64\BSVoIPComm.dll
[2012/07/10 16:26:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2012/07/10 16:26:44 | 000,049,664 | ---- | C] () -- C:\Windows\SysWow64\BSWMPPlugin.dll
[2012/07/10 16:26:44 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\SCChangeMonitor.dll
[2012/06/13 07:45:02 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\SROF.dll
[2012/06/04 20:31:00 | 000,000,417 | ---- | C] () -- C:\Windows\SysWow64\RaoBLE.ini
[2012/06/02 14:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2012/08/16 20:00:28 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/10/11 05:45:39 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/10/11 05:07:29 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 03:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 03:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 03:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/11/13 15:17:25 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Babylon
[2012/11/09 10:46:35 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenCandy
[2012/11/05 15:04:34 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Synaptics
[2012/11/09 10:47:24 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TuneUp Software
[2012/11/11 16:08:54 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\TuneUpMedia
[2012/11/06 23:04:01 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Visan
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 15/11/2012 14:16:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bob\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16420)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
5.89 Gb Total Physical Memory | 3.57 Gb Available Physical Memory | 60.63% Memory free
6.83 Gb Paging File | 4.19 Gb Available in Paging File | 61.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.46 Gb Total Space | 771.82 Gb Free Space | 84.68% Space Free | Partition Type: NTFS
Drive D: | 19.29 Gb Total Space | 2.41 Gb Free Space | 12.52% Space Free | Partition Type: NTFS
Computer Name: BOBSLAPTOP | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Shred With Tracks Eraser Pro] -- C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\fileshred.exe %1 (Acesoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Shred With Tracks Eraser Pro] -- C:\Program Files (x86)\Acesoft\Tracks Eraser Pro\fileshred.exe %1 (Acesoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04909704-570B-452D-9A7A-F63B957F90BE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{069AE9F2-A467-434F-8F5C-CB1B2B13D715}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1094082E-44CA-4157-9CE2-58E09B244F5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1613F03B-A0FC-4784-9F5D-58A823BBD3F3}" = rport=139 | protocol=6 | dir=out | app=system |
"{22698059-8293-4073-8D34-17BE6813F58B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{46A66B46-C44C-4C6B-BEE0-D2A87B331AA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4778A3B2-BFF5-41C9-A5D5-440DF96FB98F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B3AA776-8616-41D1-B9F2-8BAB5B33A34D}" = lport=445 | protocol=6 | dir=in | app=system |
"{5D6FCF03-F7E1-4544-B42F-EBF65167F461}" = lport=137 | protocol=17 | dir=in | app=system |
"{60DC2EF2-A286-40F0-AFE8-187F426DEAAA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7155161E-4229-4496-9437-ACA5329C5D32}" = rport=10243 | protocol=6 | dir=out | app=system |
"{727E5371-5731-4EA1-9F23-A66C402825DB}" = lport=139 | protocol=6 | dir=in | app=system |
"{859BA2FF-8D2A-4EF3-8780-193E84F60E7D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{892E50A7-7D02-4A18-AA7D-833E2F6AE3B1}" = rport=445 | protocol=6 | dir=out | app=system |
"{8DB634A9-66B5-43A4-852E-819507527149}" = lport=138 | protocol=17 | dir=in | app=system |
"{93954726-2CA4-48C4-A17B-36F8DB7793A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A38E4FE2-A20C-4868-828E-13685922E1FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A9DE21CC-4407-4EF7-A2D3-4EA822E70D65}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE2151B4-2644-4B83-B95E-D84B2C3F1644}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF047AB1-4ED9-4C5F-A895-3F9C32F6D601}" = rport=138 | protocol=17 | dir=out | app=system |
"{BEC26B81-D4B8-4914-A8A7-F61E5B1CEAD6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C7233BB2-04C6-4A1E-A729-AFCCB850C9E8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F1E0A333-EE60-47FE-BA12-E3975E49EC8C}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011014E5-333B-4514-A81C-B67EEE60BDDC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{03FAE64E-BF19-46BD-990C-4139948E3FE6}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{078E2929-DB70-452F-914D-A0D60F8C6AD0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{09CFA2F7-FDBF-46EC-B57A-20EE60B5274C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0C0A116B-47A3-44A7-A208-CFD18B098CB8}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{0F13CE5D-E226-44D3-BAC8-D3AC4E7FD08B}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{1BEC32E1-0DD5-4393-A7C8-E4C657B8CAAB}" = protocol=1 | dir=out | [email protected],-28544 |
"{1CAF90EF-588F-4207-A1A7-3DB7F781EB2D}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{1E8CD739-CB70-49B8-B640-BAA882EE6C91}" = dir=out | name=national rail enquiries |
"{27F0B5F3-4FA8-473E-BCB0-558EDB905425}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{283A7023-48F8-467F-A51D-EFC6D9AEBFEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A5DB40F-6AEF-447E-91FE-36CEF41B4E5F}" = protocol=58 | dir=out | [email protected],-28546 |
"{2C296D02-90DD-4600-AA5A-83109295C11C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{371BF8E0-0E18-414D-B703-0D3B4D84EF5C}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{376D59C5-BCF9-4375-8B91-F62CB666BC17}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3955B721-3115-4D38-9B38-EC8C1E2E5C8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C229153-0966-48D3-B467-59F1018A7A29}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3EC378B5-298B-42B7-8148-17151B9237C9}" = dir=out | name=hp connected photo powered by snapfish |
"{3EF35806-C4E1-45C8-A002-4C874DFC7886}" = dir=out | name=getting started with windows 8 |
"{3FD29425-7A43-427E-A48A-97A49FEEA26B}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{41AD2E57-E420-4434-BBDD-23E27C82BA39}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{465EF04C-C67B-49DA-9F8D-9EC663F03E05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49812522-70F6-426F-AE8B-67E51E3D0473}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49FDA019-A97D-4324-8BD9-FE4DE9B04B14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{553B2B80-1492-4B68-B5DA-759D617AD35A}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{561D6132-85EE-42A7-BFE1-55262FCC6630}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{574A9CB4-3759-4E19-9DF5-86CFE6F681ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{59D60411-5266-4B0E-906B-11D134111C19}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{62E9EC49-6487-4225-99B8-52C7D133FAE4}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{662232C2-EFA2-4592-85D3-D7578EDB1B5B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{68BF1E7F-67C0-4F1B-969F-F0A4270F6D7A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6A6D446F-1C54-47EC-AE5F-995B591F0956}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AC85AEC-9EC4-4033-8509-5728F76C71E3}" = protocol=58 | dir=in | [email protected],-28545 |
"{71FD83DD-0368-43CC-B699-B57167DA9F00}" = dir=out | name=sky news |
"{73F3272D-919D-46A8-B7C1-6DE9F2350673}" = dir=in | name=ebay |
"{74B9DB35-8B61-4932-844E-38B854758630}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{755AFE5C-771A-4ED7-9F0B-D61191AC5099}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{782D79EE-99EB-42E9-A0DF-0381199C8BD4}" = dir=out | name=calculator² |
"{7A3E2CF0-6D06-445D-9293-009569009AD5}" = dir=out | name=ebay |
"{7E337F56-D60B-4FCA-A619-BDD66A49B210}" = dir=out | name=wikipedia |
"{7FFFCCFA-6E84-4C56-9F00-BF09B68E68A8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{86899BEB-CDB0-49CF-A1DF-A63C3E8A9460}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{89406223-8A17-45B1-AF54-31E1CE6F15FA}" = dir=out | name=norton studio |
"{8AAE2B5B-3E2B-4EEC-9CC9-DA42B9E6909D}" = protocol=6 | dir=out | app=system |
"{94400154-00AB-4E54-938F-D8DAAE9E6DAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{980003D1-B103-4846-A1B7-FCE240377AC5}" = dir=out | name=hp registration |
"{9D8B73BA-98AB-4C16-9075-D9D89CE7FCC2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9E16DDFE-CC7E-4487-B387-F98F0DB69C08}" = dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicatorcom.exe |
"{A1970B55-2BF8-433D-9B9A-1A33F519AC5B}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A1A5983F-B5C2-4ABA-9CAC-53120B18076F}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{A2CDBC12-6D8A-46DF-99D6-1EAAB8DF52DC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A3ADCDF8-2D8C-4ECB-ADEA-EED512936CBB}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{AB6E1643-59BB-4017-8BB2-FB1ACF1B5747}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{AF9918AD-6B50-4F17-9F8D-5BF79B2BEFD2}" = protocol=1 | dir=in | [email protected],-28543 |
"{AFD91B15-834C-46D6-B143-FA1F9DAE8193}" = dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe |
"{B11E8882-8CBC-491C-BF63-5C25251480CB}" = dir=out | name=google search |
"{B64D7E5C-6D04-4F4E-97FA-98D2FEAF6481}" = dir=out | name=@{microsoft.zunemusic_1.1.137.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{B8826631-6A22-479B-8DDE-331858CDE131}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{B9D13DCD-8465-4D94-8539-3A6AFC22B4EB}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{C1AA3091-FAC8-49D6-82DA-7E0EB3022A31}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{C31F8740-6F1C-421A-BB89-51CF76F972DB}" = dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe |
"{CB38DF93-9298-4471-815D-919341A571CC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{D3F7AD13-F22B-4DE8-9812-C869CD89589C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D4BD51FB-AB70-4C26-98A8-E10C79F5B103}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D8758972-B1AB-439E-BEE4-C88BEA4D3553}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{DDC6EE12-EF69-4AE3-9D5B-354E58397690}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E3CE7892-B246-47C4-95E1-54F2CD2D75BC}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EC41597F-0B5F-4233-A307-B2155E15FADD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EE0C58A9-812C-4AFD-8C28-E6489DEB6B58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFF86DBD-0EDA-4D68-B445-63D7C8BCBEDA}" = dir=out | name=hp printer control |
"{F478B02E-9E96-45FE-8A02-47490CF7A74E}" = dir=in | name=hp printer control |
"{FE31B915-AF81-4839-92A6-769E34AF20B9}" = dir=in | name=hp connected photo powered by snapfish |
"{FEC27D2E-E315-4FC1-8A91-DD195DF4E3B6}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}" = Ralink Bluetooth Stack64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73A0F534-1455-4340-9747-5CE7D2825869}" = HP Deskjet 3000 J310 series Product Improvement Study
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8D4C9954-7EFA-4BCD-8EA0-E654E7013A40}" = HP Deskjet 3000 J310 series Basic Device Software
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{F244D07D-1876-4CDD-914D-214E15A8D327}" = HP 3D DriveGuard
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense
"{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}" = HP Documentation
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1" = Connected Music powered by Universal Music Group version 1.0
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654A65DA-7173-4B51-ACEB-F855201EE033}" = HP Deskjet 3000 J310 series Help
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT3290 802.11bgn Wi-Fi Adapter
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"File Shredder_is1" = File Shredder 2.0
"funmoods" = Funmoods
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"RealPlayer 15.0" = RealPlayer
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"Tracks Eraser Pro_is1" = Tracks Eraser Pro v8.8 build 1001
"TuneUpMedia" = TuneUp 2.4.6.4
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0277131d-4166-4824-a16d-d7f9d62f2a32" = Mahjongg Artifacts
"WTA-0fef7120-f837-4db9-a93d-0e2e96e64dc5" = Trinklit Supreme
"WTA-18085ec4-908b-4300-b344-5561de0d539a" = Crazy Chicken Soccer
"WTA-21bd7ca7-4ca5-418a-83b0-db888aed8426" = Ranch Rush 2 - Premium Edition
"WTA-3a4984d0-8de5-46a5-a8c5-b849c4e1b60e" = Zuma's Revenge
"WTA-46584c58-4169-4a61-a1d4-d78ce24b4bca" = Virtual Families
"WTA-58df2672-1d75-4634-b40f-7c509d14aef9" = Jewel Match 3
"WTA-5d115c9b-4c2b-4cef-9f57-d572ef4ae942" = Build-a-lot 4 - Power Source
"WTA-614356ca-ab7a-429a-8324-238236710591" = Bejeweled 3
"WTA-620fd5a7-86e2-48e8-a87e-8f26d0749100" = Farm Frenzy
"WTA-64ba2c69-6373-4f32-8c30-a7ff027371a3" = Mystery of Mortlake Mansion
"WTA-6c293bc3-d436-4053-ab12-f846a29de511" = Cradle of Rome 2
"WTA-73ee9e27-dc4c-45db-8cdd-56c632f9fe48" = Governor of Poker 2 Premium Edition
"WTA-8aa65c9b-ae02-4b16-9ea0-a7a77a76a4e0" = Jewel Quest Solitaire 2
"WTA-8de0a914-4203-4dd8-bb6c-67c9f3ae9cf4" = Final Drive Fury
"WTA-8f0dea5a-8aed-477d-b356-36508758c1e7" = 7 Wonders II
"WTA-9fd2f560-246a-442e-b7d8-a892af9fd343" = Aloha TriPeaks
"WTA-a33ad5dc-a9c9-4e73-9c47-ddda80a51ceb" = Chuzzle Deluxe
"WTA-a8499fbd-cee6-4a71-a18a-f72b910d2c7b" = Jewel Quest II
"WTA-aa36582d-fe16-4f0e-9b05-d8c2080aec46" = Polar Bowler
"WTA-b99191e0-5131-4708-825f-a5b54d991b7b" = Wedding Dash
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13/11/2012 11:48:02 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5750
Error - 13/11/2012 11:48:02 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5750
Error - 13/11/2012 11:48:03 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13/11/2012 11:48:03 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6922
Error - 13/11/2012 11:48:03 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6922
Error - 13/11/2012 11:48:04 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13/11/2012 11:48:04 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8109
Error - 13/11/2012 11:48:04 | Computer Name = BobsLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8109
Error - 13/11/2012 13:44:03 | Computer Name = BobsLaptop | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Package microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe
was terminated because it took too long to suspend.
Error - 13/11/2012 13:44:53 | Computer Name = BobsLaptop | Source = Application Hang | ID = 1002
Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 172c Start
Time: 01cdbe703fe2b7ff Termination Time: 4294967295 Application Path: C:\Windows\system32\wwahost.exe
Report
Id: b8b252e6-2db9-11e2-be75-6894234cfe3a Faulting package full name: microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe
Faulting
package-relative application ID: Microsoft.WindowsLive.Mail
[ System Events ]
Error - 06/11/2012 11:21:20 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =
Error - 06/11/2012 11:33:20 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =
Error - 06/11/2012 11:45:21 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =
Error - 06/11/2012 11:57:21 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =
Error - 06/11/2012 12:09:21 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =
Error - 06/11/2012 12:21:19 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =
Error - 06/11/2012 12:33:18 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =
Error - 06/11/2012 12:45:19 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =
Error - 06/11/2012 13:57:15 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =
Error - 06/11/2012 18:45:18 | Computer Name = BobsLaptop | Source = bowser | ID = 8003
Description =
< End of report >