1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Google looks weird.

Discussion in 'Malware Removal Help' started by Erik Chard, Jan 27, 2013.

  1. Erik Chard

    Erik Chard

    Joined:
    Jan 27, 2013
    Messages:
    4
    Operating System:
    Windows 7
    My home page on both Internet Explorer and Google Chrome is google.com
    This morning, I opened Chrome, and google looked like this: [​IMG]

    I opened internet explorer, and it was the same.
    Google.com/NCR doesn't change it either
    I live in the US, but I decided to check and it's also messed up for google.co.uk
    However, google.com.au, google.com.hk, and many of the other foreign googles look normal.
    I ran a full virus scan with Malwarebytes, and did a computer cleaning with CCleaner and it didn't change anything.
    Anybody have any idea what could possibly be the problem?
     
  2. woodyblade

    woodyblade Inactive Staff Member

    Joined:
    Dec 20, 2009
    Messages:
    720
    Operating System:
    Windows 8
    Hi,

    Firstly I would check what programs have installed recently, make sure there are no toolbars or anything you don't recognise.

    Please follow these instructions as I think something must be installed causing the pages to render the wrong website, post the results back to this thread once done, I'll get one of the Malware staff to have a look at this for you - http://computerhelpforums.net/threads/preparation-for-malware-removal-help.4818/
     
  3. Erik Chard

    Erik Chard

    Joined:
    Jan 27, 2013
    Messages:
    4
    Operating System:
    Windows 7

    Attached Files:

  4. Erik Chard

    Erik Chard

    Joined:
    Jan 27, 2013
    Messages:
    4
    Operating System:
    Windows 7
  5. woodyblade

    woodyblade Inactive Staff Member

    Joined:
    Dec 20, 2009
    Messages:
    720
    Operating System:
    Windows 8
    Sorry for the late reply, I believe you have some sort of virus to cause the redirect, or a slight possibility something has changed your DNS settings but this would have likely been via a virus, if you could follow the thread below and post the results to this I can get one of the Malware staff here to have a look for you.
    http://computerhelpforums.net/threads/preparation-for-malware-removal-help.4818/
     
  6. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Erik,

    Woodyblade asked me to take a look at your thread.

    As he suggested, this may have been cause by a recent program install ( all sorts of rubbish get added now to an install)
    We can check that and run an additional program to check your hosts file.... just in case the problem lies there.

    Here's what i'd like you to do:

    Step 1
    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on the Delete button.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    Step 2
    • Download OTL to your desktop.
      right click on the link and select 'Save Link/Target As'.

      if you have problems, try this download link:
      OTL
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .

    .
    [​IMG]

    Now copy the lines in bold below.

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT


    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      [​IMG]
      .
    • Click the Run Scan button.

      [​IMG]
    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.


    In your next reply, please submit:
    ADWCleaner report
    and both reports from OTL


    Thanks.
     
  7. Erik Chard

    Erik Chard

    Joined:
    Jan 27, 2013
    Messages:
    4
    Operating System:
    Windows 7
    Hey, sorry that I'm just getting back to you. I ran both of the programs and here are the reports:

    AdwCleaner:
    # AdwCleaner v2.113 - Logfile created 02/27/2013 at 18:47:26
    # Updated 23/02/2013 by Xplode
    # Operating system : Windows 7 Home Premium (64 bits)
    # User : gameroom - GAMEROOM-HP
    # Boot Mode : Normal
    # Running from : C:\Users\gameroom\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : WajamUpdater

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Users\gameroom\AppData\Roaming\Mozilla\Firefox\Profiles\q0ur9g92.default\searchplugins\WebSearch.xml
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Optimizer Pro
    Folder Deleted : C:\Program Files (x86)\Wajam
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Browse2save
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\RightClick
    Folder Deleted : C:\Users\gameroom\AppData\Local\APN
    Folder Deleted : C:\Users\gameroom\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\gameroom\AppData\Local\Wajam
    Folder Deleted : C:\Users\gameroom\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\gameroom\AppData\LocalLow\Browse2save
    Folder Deleted : C:\Users\gameroom\AppData\LocalLow\Search-NewTab
    Folder Deleted : C:\Users\gameroom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
    Folder Deleted : C:\Users\gameroom\AppData\Roaming\Mozilla\Firefox\Profiles\q0ur9g92.default\extensions\5116758a15e51@5116758a15e8c.com
    Folder Deleted : C:\Users\gameroom\AppData\Roaming\OpenCandy
    Folder Deleted : C:\Users\gameroom\AppData\Roaming\Optimizer Pro

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Alexa Internet
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Mozilla Firefox v4.0.1 (en-US)

    File : C:\Users\gameroom\AppData\Roaming\Mozilla\Firefox\Profiles\q0ur9g92.default\prefs.js

    C:\Users\gameroom\AppData\Roaming\Mozilla\Firefox\Profiles\q0ur9g92.default\user.js ... Deleted !

    Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.1.0.20");
    Deleted : user_pref("browser.startup.homepage", "hxxps://isearch.avg.com?cid=%7Bbc7047ad-5891-4f19-bf0d-c0492a[...]
    Deleted : user_pref("extensions.enabledAddons", "{BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0,{82AF8DCA-6DE9-405[...]
    Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7Bbc7047ad-5891-4f19-bf0d-c0492a72b2f1[...]
    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\gameroom\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [8204 octets] - [27/02/2013 18:47:26]

    ########## EOF - C:\AdwCleaner[S1].txt - [8264 octets] ##########


    OTL.txt

    OTL logfile created on: 2/27/2013 7:01:04 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gameroom\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    5.75 Gb Total Physical Memory | 4.16 Gb Available Physical Memory | 72.30% Memory free
    11.50 Gb Paging File | 9.21 Gb Available in Paging File | 80.13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 919.33 Gb Total Space | 697.60 Gb Free Space | 75.88% Space Free | Partition Type: NTFS
    Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
    Drive F: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.35% Space Free | Partition Type: NTFS
    Drive G: | 453.58 Gb Total Space | 406.24 Gb Free Space | 89.56% Space Free | Partition Type: NTFS
    Drive H: | 12.08 Gb Total Space | 1.49 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
    Computer Name: GAMEROOM-HP | User Name: gameroom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    ========== Processes (SafeList) ==========
    PRC - C:\Users\gameroom\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe ()
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
    PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
    PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
    PRC - \\.\globalroot\systemroot\svchost.exe ()
    PRC - \\.\globalroot\systemroot\svchost.exe ()
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    ========== Modules (No Company Name) ==========
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
    MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
    MOD - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
    MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
    MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
    MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
    MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
    MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
    MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
    MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
    MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
    MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
    ========== Services (SafeList) ==========
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
    SRV - (vToolbarUpdater12.1.3) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe ()
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
    SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe (Symantec Corporation)
    SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
    SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
    SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    ========== Driver Services (SafeList) ==========
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
    DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symtdiv.sys (Symantec Corporation)
    DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symefa64.sys (Symantec Corporation)
    DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\cchpx64.sys (Symantec Corporation)
    DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
    DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
    DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\ironx64.sys (Symantec Corporation)
    DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtsp64.sys (Symantec Corporation)
    DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\srtspx64.sys (Symantec Corporation)
    DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
    DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
    DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0404000.00C\symds64.sys (Symantec Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130227.003\ex64.sys (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130227.003\eng64.sys (Symantec Corporation)
    DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation)
    DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130226.002\IDSviA64.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
    ========== Standard Registry (SafeList) ==========
    ========== Internet Explorer ==========
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{1EECAEDA-C6C3-4727-97C8-A3E4B47CCACD}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{3418D63A-550B-41F4-B980-BD37F23CC90F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{5024B748-E2F7-4821-B920-3D964F597034}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{7D693D4A-6699-45B8-8D77-63BF5143D7B1}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{1EECAEDA-C6C3-4727-97C8-A3E4B47CCACD}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{3418D63A-550B-41F4-B980-BD37F23CC90F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{5024B748-E2F7-4821-B920-3D964F597034}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{7D693D4A-6699-45B8-8D77-63BF5143D7B1}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPDSK/1
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{1EECAEDA-C6C3-4727-97C8-A3E4B47CCACD}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKCU\..\SearchScopes\{3418D63A-550B-41F4-B980-BD37F23CC90F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKCU\..\SearchScopes\{5024B748-E2F7-4821-B920-3D964F597034}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{56AA9076-F01B-E7F5-FDE8-595510203E62}: "URL" = http://www.amazon.com/websearch/ref..._15_15_20120429_US_ie_ds_&query={searchTerms}
    IE - HKCU\..\SearchScopes\{7552E88D-CDC5-40EE-BC01-193FBDA9FF7A}: "URL" = http://www.google.com/search?q={searchTerms}
    IE - HKCU\..\SearchScopes\{7D693D4A-6699-45B8-8D77-63BF5143D7B1}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{D9EF5128-9CE1-4A37-A613-1243BE8E0E71}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    ========== FireFox ==========
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/18 03:02:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/19 21:10:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2013/02/27 18:54:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/18 11:16:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/07 19:08:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/18 11:16:14 | 000,000,000 | ---D | M]
    [2011/03/06 21:10:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gameroom\AppData\Roaming\Mozilla\Extensions
    [2013/02/27 18:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gameroom\AppData\Roaming\Mozilla\Firefox\Profiles\q0ur9g92.default\extensions
    [2013/02/10 20:08:16 | 000,000,000 | ---D | M] (Search-NewTab) -- C:\Users\gameroom\AppData\Roaming\Mozilla\Firefox\Profiles\q0ur9g92.default\extensions\511675d85b43c@511675d85b475.com
    [2012/07/20 22:44:44 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Users\gameroom\AppData\Roaming\Mozilla\Firefox\Profiles\q0ur9g92.default\extensions\extension@freepricealerts.com
    [2012/07/20 22:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gameroom\AppData\Roaming\Mozilla\Firefox\Profiles\q0ur9g92.default\extensions\extension@freepricealerts.com\chrome
    [2012/07/20 22:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gameroom\AppData\Roaming\Mozilla\Firefox\Profiles\q0ur9g92.default\extensions\extension@freepricealerts.com\defaults
    [2012/12/29 20:18:30 | 000,491,479 | ---- | M] () (No name found) -- C:\Users\gameroom\AppData\Roaming\Mozilla\Firefox\Profiles\q0ur9g92.default\extensions\abb@amazon.com.xpi
    [2012/04/11 21:39:30 | 000,001,850 | ---- | M] () (No name found) -- C:\Users\gameroom\AppData\Roaming\Mozilla\Firefox\Profiles\q0ur9g92.default\extensions\xgtbvsjvrp@xgtbvsjvrp.org.xpi
    [2012/04/29 16:06:39 | 000,001,212 | ---- | M] () -- C:\Users\gameroom\AppData\Roaming\Mozilla\Firefox\Profiles\q0ur9g92.default\searchplugins\amazon-distro.xml
    [2012/06/28 09:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/05/14 15:02:48 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/06/28 09:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2011/08/09 19:52:10 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/03/29 22:44:21 | 000,002,127 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
    ========== Chrome ==========
    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Yahoo! (Enabled)
    CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
    CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\gameroom\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
    CHR - plugin: registryAccess (Enabled) = C:\Users\gameroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.15.2.0_0\background/registryAccess.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\gameroom\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
    O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} http://clients.futuremark.com/calico/systeminfodeploy/FMSI_v460.cab (FuturemarkSystemInfoX Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67090656-D476-4EC9-92E1-75B155F1A3E9}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{407ea072-b55b-11df-82a6-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{407ea072-b55b-11df-82a6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\launcher.exe
    O33 - MountPoints2\{5c4bb72d-d35d-11e0-9fbd-d48564ac3c47}\Shell - "" = AutoRun
    O33 - MountPoints2\{5c4bb72d-d35d-11e0-9fbd-d48564ac3c47}\Shell\AutoRun\command - "" = M:\setup.exe
    O33 - MountPoints2\{a9819f85-5bc7-11e2-8fd8-d48564ac3c47}\Shell - "" = AutoRun
    O33 - MountPoints2\{a9819f85-5bc7-11e2-8fd8-d48564ac3c47}\Shell\AutoRun\command - "" = N:\MotoCastSetup.exe -a
    O33 - MountPoints2\{fb83d8a9-574b-11e0-a7ee-d48564ac3c47}\Shell - "" = AutoRun
    O33 - MountPoints2\{fb83d8a9-574b-11e0-a7ee-d48564ac3c47}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
    O33 - MountPoints2\N\Shell - "" = AutoRun
    O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\Autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
    MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe - (Hewlett-Packard Company)
    MsConfig:64bit - StartUpFolder: C:^Users^gameroom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk - C:\Users\gameroom\FrostWire\FrostWire.exe - (FrostWire Group)
    MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    MsConfig:64bit - StartUpReg: Bing Bar - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: GameXN (news) - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: GameXN (update) - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: HPAdvisorDock - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
    MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
    MsConfig:64bit - StartUpReg: LWS - hkey= - key= - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    MsConfig:64bit - StartUpReg: PUSH Wallpaper - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    MsConfig:64bit - State: "startup" - Reg Error: Key error.
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
    ========== Files/Folders - Created Within 30 Days ==========
    [2013/02/27 18:58:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gameroom\Desktop\OTL.exe
    [2013/02/19 15:22:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/02/19 15:22:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/02/19 15:22:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/02/19 15:22:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/02/19 15:22:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/02/19 15:22:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/02/19 15:22:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/02/19 15:22:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/02/19 15:22:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/02/19 15:22:30 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/02/19 15:22:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/02/19 15:22:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/02/19 15:22:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/02/19 15:22:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/02/19 15:22:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/02/16 12:39:56 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2013/02/16 12:39:56 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2013/02/16 12:39:56 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2013/02/16 12:39:56 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013/02/16 12:39:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2013/02/16 12:39:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/02/16 12:39:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2013/02/16 12:39:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/02/16 12:39:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/02/16 12:39:54 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013/02/16 12:39:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/02/16 12:39:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/02/16 12:39:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/02/16 12:39:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2013/02/16 12:39:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2013/02/16 12:39:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2013/02/16 12:39:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2013/02/16 12:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/02/16 12:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/02/16 12:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2013/02/16 12:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2013/02/16 12:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2013/02/16 12:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2013/02/16 12:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2013/02/16 12:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2013/02/16 12:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2013/02/16 12:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2013/02/16 12:39:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/02/16 12:39:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/02/16 12:39:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2013/02/16 12:39:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/02/16 12:39:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/02/16 12:39:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/02/16 12:39:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/02/16 12:39:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/02/16 12:39:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2013/02/16 12:39:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/02/16 12:39:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2013/02/16 12:39:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2013/02/16 12:39:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/02/16 12:39:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/02/16 12:39:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2013/02/16 12:39:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2013/02/16 12:39:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/02/16 12:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2013/02/16 12:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2013/02/16 12:39:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2013/02/16 12:39:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2013/02/16 12:39:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2013/02/16 12:39:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2013/02/16 12:39:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2013/02/16 12:39:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2013/02/16 12:39:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2013/02/16 12:39:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/02/16 12:39:23 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
    [2013/02/09 11:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent Demo
    [2013/02/09 11:11:42 | 000,000,000 | ---D | C] -- C:\Users\gameroom\AppData\Roaming\NCdownloader
    [2013/02/09 10:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
    [2013/02/09 10:41:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\X86
    [2013/02/09 10:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solibo Ltd
    [2013/02/09 10:41:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AMD64
    [2013/02/08 13:58:04 | 000,000,000 | ---D | C] -- C:\Users\gameroom\Desktop\Drew
    [2013/02/08 13:50:25 | 000,000,000 | ---D | C] -- C:\Users\gameroom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameHitZone.com
    [2013/02/08 13:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHitZone.com
    [2013/02/08 13:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameHitZone.com
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    ========== Files - Modified Within 30 Days ==========
    [2013/02/27 19:01:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/27 19:01:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/27 18:59:08 | 000,745,916 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/27 18:59:08 | 000,637,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/27 18:59:08 | 000,112,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/27 18:58:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gameroom\Desktop\OTL.exe
    [2013/02/27 18:58:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/27 18:54:35 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/27 18:54:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/27 18:53:45 | 334,974,975 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/27 18:50:34 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForgameroom.job
    [2013/02/27 18:47:50 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/27 18:46:48 | 000,594,019 | ---- | M] () -- C:\Users\gameroom\Desktop\AdwCleaner.exe
    [2013/02/20 03:24:17 | 000,290,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/19 16:25:50 | 000,001,297 | ---- | M] () -- C:\Users\gameroom\Application Data\Microsoft\Internet Explorer\Quick Launch\Play HP Games.lnk
    [2013/02/19 16:25:49 | 000,001,273 | ---- | M] () -- C:\Users\gameroom\Desktop\Play HP Games.lnk
    [2013/02/19 15:33:28 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2013/02/16 13:05:19 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
    [2013/02/16 12:53:07 | 000,117,534 | ---- | M] () -- C:\Users\gameroom\Desktop\wtfgoogle.png
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    ========== Files Created - No Company Name ==========
    [2013/02/27 18:47:31 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/27 18:46:38 | 000,594,019 | ---- | C] () -- C:\Users\gameroom\Desktop\AdwCleaner.exe
    [2013/02/19 16:25:49 | 000,001,297 | ---- | C] () -- C:\Users\gameroom\Application Data\Microsoft\Internet Explorer\Quick Launch\Play HP Games.lnk
    [2013/02/19 16:25:49 | 000,001,273 | ---- | C] () -- C:\Users\gameroom\Desktop\Play HP Games.lnk
    [2013/02/16 13:05:19 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
    [2013/02/16 12:51:17 | 000,117,534 | ---- | C] () -- C:\Users\gameroom\Desktop\wtfgoogle.png
    [2012/12/24 13:47:04 | 000,006,601 | ---- | C] () -- C:\Users\gameroom\.recently-used.xbel
    [2012/12/04 16:48:42 | 000,762,120 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/20 22:52:09 | 000,004,608 | ---- | C] () -- C:\Users\gameroom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/12 14:24:30 | 000,000,066 | ---- | C] () -- C:\Windows\wininit.ini
    [2012/01/20 20:05:12 | 000,000,414 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2011/12/24 10:34:37 | 000,000,023 | ---- | C] () -- C:\Users\gameroom\jagexappletviewer.preferences
    [2011/12/23 23:08:04 | 000,000,032 | ---- | C] () -- C:\Users\gameroom\jagex_cl_runescape_LIVE.dat
    [2011/12/19 19:48:17 | 000,819,200 | -HS- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/12/19 19:48:17 | 000,180,224 | -HS- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/12/18 12:52:14 | 000,162,178 | ---- | C] () -- C:\Windows\hphins32.dat.temp
    [2011/12/18 12:52:14 | 000,000,632 | ---- | C] () -- C:\Windows\hphmdl32.dat.temp
    [2011/12/18 11:04:33 | 000,162,178 | ---- | C] () -- C:\Windows\hphins32.dat
    [2011/11/06 12:07:40 | 000,001,854 | ---- | C] () -- C:\Users\gameroom\AppData\Roaming\GhostObjGAFix.xml
    [2011/10/27 21:04:53 | 000,114,008 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/05/20 15:19:38 | 000,001,940 | ---- | C] () -- C:\Users\gameroom\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/14 15:06:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2011/02/09 16:10:33 | 000,000,117 | ---- | C] () -- C:\Users\gameroom\jagex_runescape_preferences2.dat
    [2011/02/09 16:09:43 | 000,000,034 | ---- | C] () -- C:\Users\gameroom\jagex_runescape_preferences.dat
    ========== ZeroAccess Check ==========
    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    ========== LOP Check ==========
    [2012/07/09 11:40:22 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\.minecraft
    [2012/05/23 20:44:01 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Atari
    [2012/06/23 20:56:43 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Builds
    [2012/09/23 12:40:10 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\DAEMON Tools Lite
    [2011/08/30 18:56:34 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\DAEMON Tools Pro
    [2012/07/08 01:46:11 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Deckadance19
    [2012/10/25 20:01:38 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Dropbox
    [2011/12/01 19:36:52 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\flightgear.org
    [2011/03/28 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\fltk.org
    [2012/05/23 20:06:05 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\FrostWire
    [2012/12/25 23:21:59 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\gtk-2.0
    [2012/07/07 23:48:07 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Image-Line
    [2011/05/14 11:12:30 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Leadertech
    [2013/02/09 11:11:42 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\NCdownloader
    [2011/12/11 19:48:58 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\NetMedia Providers
    [2010/12/25 13:34:36 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\PictureMover
    [2011/12/07 22:01:14 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Publish Providers
    [2012/07/20 22:52:09 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Solveig Multimedia
    [2012/07/08 01:46:11 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\SongManager
    [2012/01/16 17:35:44 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Sony
    [2012/12/15 22:31:05 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Spore
    [2011/12/01 19:37:03 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Subversion
    [2012/07/07 23:47:58 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\SynthMaker
    [2011/01/15 23:31:57 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Tific
    [2012/03/30 17:39:31 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Tourney Master 3 ES1 Ultimate
    [2012/12/04 16:49:09 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\TP
    [2013/01/04 22:05:17 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\WildTangent
    [2011/01/23 11:15:44 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\WinBatch
    [2011/08/06 20:50:38 | 000,000,000 | ---D | M] -- C:\Users\gameroom\AppData\Roaming\Windows Live Writer
    ========== Purity Check ==========
    ========== Custom Scans ==========
    < %SYSTEMDRIVE%\*.* >
    [2013/02/27 18:47:50 | 000,008,319 | ---- | M] () -- C:\AdwCleaner[S1].txt
    [2009/07/24 14:22:29 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2013/02/27 18:53:45 | 334,974,975 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/31 18:37:24 | 000,000,000 | RHS- | M] () -- C:\OS
    [2013/02/27 18:53:47 | 1878,290,431 | -HS- | M] () -- C:\pagefile.sys
    [2012/05/01 18:06:16 | 000,000,000 | ---- | M] () -- C:\temp.txt
    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    < %systemroot%\*. /mp /s >
    < %systemroot%\system32\*.dll /lockedfiles >
    < %systemroot%\Tasks\*.job /lockedfiles >
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    < %systemroot%\system32\*.exe /lockedfiles >
    < %systemroot%\System32\config\*.sav >
    < %PROGRAMFILES%\* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    < %USERPROFILE%\..|smtmp;true;true;true /FP >
    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/09 19:52:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/09 19:52:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/09 19:52:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/08/09 19:52:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/08/09 19:52:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/09 19:52:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/03/26 22:36:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/03/26 22:36:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/03/26 22:36:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/01/08 17:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013/01/08 17:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/07/20 01:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/07/20 01:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/07/20 01:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2012/07/20 01:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/08/09 19:52:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/08/09 19:52:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/08/09 19:52:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/08/09 19:52:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/08/09 19:52:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/08/09 19:52:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/03/26 22:36:47 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/03/26 22:36:47 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/03/26 22:36:47 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/01/08 17:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2013/01/08 17:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2012/07/20 01:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2012/07/20 01:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2012/07/20 01:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2012/07/20 01:48:16 | 002,388,376 | ---- | M] (Apple Inc.)

    < End of report >


    OTL Extras logfile created on: 2/27/2013 7:01:04 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gameroom\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.75 Gb Total Physical Memory | 4.16 Gb Available Physical Memory | 72.30% Memory free
    11.50 Gb Paging File | 9.21 Gb Available in Paging File | 80.13% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 919.33 Gb Total Space | 697.60 Gb Free Space | 75.88% Space Free | Partition Type: NTFS
    Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
    Drive F: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.35% Space Free | Partition Type: NTFS
    Drive G: | 453.58 Gb Total Space | 406.24 Gb Free Space | 89.56% Space Free | Partition Type: NTFS
    Drive H: | 12.08 Gb Total Space | 1.49 Gb Free Space | 12.31% Space Free | Partition Type: NTFS

    Computer Name: GAMEROOM-HP | User Name: gameroom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0B8FF513-0635-4B47-BD3F-0B8C9A281F10}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0E483B0B-A9A6-49AA-B295-422655926156}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1D254D9A-C4D7-42DE-9753-18D68726AAA6}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{21C98827-212B-42D5-8AF4-C6E469BBD3CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4608E4CA-61A2-4006-8DB6-3EAB44E53680}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{535F4C92-6DA5-4702-827E-B53B0C5FF29A}" = rport=137 | protocol=17 | dir=out | app=system |
    "{53DA7941-46DD-4925-82BD-40F1A1CF1CA9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6659589B-7DB4-4D08-8B3F-14C4C1096F62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{76DA09CE-B5AE-43AD-9D8B-33A6AC104AFE}" = rport=139 | protocol=6 | dir=out | app=system |
    "{7D8ED90D-4EC9-47AA-A062-1D580A712907}" = rport=138 | protocol=17 | dir=out | app=system |
    "{83C2F638-EFD5-41BA-A683-EBA57E4CDA7B}" = lport=137 | protocol=17 | dir=in | app=system |
    "{84FB24CC-3FA1-43D2-8C7C-682687FCE905}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{8D48CED2-BE6B-4F24-BF2B-BB2A8E7356DB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{90FD5167-06FE-4FB4-9A4A-B7E0DC8D1B05}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{9B63A4C7-7378-43E8-905E-2141157EBF7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9D3D9BF6-0082-481B-9FBE-B103CF24FF40}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{A4A03D30-55CA-437A-8E78-D1728B604AD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AA779703-B1BA-4971-9727-C02043D8DD2F}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{B3D5A9AC-4561-4BEC-852E-8E7C21D152B7}" = lport=445 | protocol=6 | dir=in | app=system |
    "{B7DCB03F-E85F-4D58-B317-F9C7417510CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C1B21642-930B-4BB6-ADA6-17A8A6EC3DE8}" = rport=445 | protocol=6 | dir=out | app=system |
    "{C2EDEBFD-ABCA-43CD-B491-3A9CD97934E4}" = lport=139 | protocol=6 | dir=in | app=system |
    "{C5DCF0D2-2F99-47B5-B29A-3E99B8E1FF53}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CF8FEAE2-593A-48DF-AB6E-AC84FE584998}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{D92A8971-ECC9-4624-8869-D9FE9D2BC288}" = lport=138 | protocol=17 | dir=in | app=system |
    "{EE65B52F-AC77-49BE-AA81-0B69B0292218}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F90DCDE1-F447-4855-AAE8-79D67ADFD669}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0B6000C2-A782-4657-8DA9-E17FDA9C5D09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0E4CFD36-9960-4A86-A139-A680391428D2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
    "{1AE90379-BABD-4FBE-BE15-EE727E9ED09E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{26407E5C-908D-4731-9F66-984B6137E282}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{2D513294-42A4-45B8-855A-0ADDB2D2EE13}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{3426E0D4-3AA0-4F54-99FC-247ECA96F71B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{35E1FA73-7BBB-492D-8DFA-729AA8E37927}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{36DB3C38-0CFC-44C4-B56B-390559CB83AA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{37A46F11-57C4-4D0E-84ED-1946B84EB6CF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{39A0944E-1C47-473A-839E-93B22B47ADAD}" = protocol=6 | dir=in | app=c:\users\gameroom\frostwire\frostwire.exe |
    "{4600DF8D-2899-4B21-98A2-14A74C3804C8}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
    "{4661B98B-2510-49F0-AB94-73F9F3F235BB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{4856F464-E1A7-44FB-B23F-D55AFD960648}" = protocol=6 | dir=out | app=system |
    "{49EF1F3E-342C-4C55-B03E-851640D9B1EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4A0D05A1-A252-4D9B-8A12-AA424CE043FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{59B614DC-685F-4E28-94D7-DAB92594CB87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{5DEE361E-8656-469A-932D-E61522188187}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{5F852884-37D5-43FB-9CC9-8C6E9428122E}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
    "{62D6F013-E3B0-410A-BBD7-D1F4B7982ADD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{638D5452-0957-4866-8C02-68E1443640EB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{67D4F9A9-C938-4562-B7BD-6B910DC8C791}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6E1CF348-56AE-48B2-A7A4-65BD701BBF7E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{735A71C4-18B4-48BD-B9C2-8BEBD568B3AE}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
    "{76CDBB81-08DD-4D3D-9EF0-F608DF3EDEC6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{792A63A3-DB81-4DAD-B67A-B31F578463BF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{7BC5A1FA-E2DF-4EB2-9F65-F9FF2CC15C33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{7E1C4B11-E46D-4639-8D30-B714E2ADBF68}" = protocol=17 | dir=in | app=c:\users\gameroom\frostwire\frostwire.exe |
    "{8E8FC30E-0C78-4E87-B5B4-4558D283695B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{8E91F68C-25D5-4677-8155-A3B7343B2293}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
    "{97AE2DFC-95F9-43F9-82BA-23831E4190EE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{995349A2-F430-4F9F-9B62-CB74103F3F2A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9D592D1B-8A22-4160-82E1-379CF1B79C8F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{A11739D1-98FA-4F8D-8DE2-C2556C08514A}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
    "{A4FC22B4-2868-45CE-9879-6775D1EE8741}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A7C38E0E-A171-4B89-A2A2-BEB153D35919}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
    "{AA83FF67-A7E7-4B9D-B951-A8A6C12D0602}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB29557F-3A73-4474-A2A4-B9C6281DB9A2}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\civilization4.exe |
    "{ADEC2756-8806-4EEE-B741-2EDDE21D3B79}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{AEBBE1D0-BECD-4450-8C7C-15B3916C44E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{AF583D30-08A6-4581-BFD8-725DEC21E594}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
    "{B0D15AD9-E06F-4D70-AE75-BEEC06A8CA7C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B15AF0E8-E122-4DB5-AF67-DC48FA1723EA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{BA93FA40-82EC-4BCA-A408-1C625A98BEB4}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
    "{BD442A30-A719-41C0-9F63-1139881B1972}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{BE46F112-F832-4258-A8ED-22F3F8A365C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{C19DB956-EE82-48F9-9D0B-A96DCBDBFDC2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{CD009491-E0D1-415E-B870-BF66C57082D1}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
    "{D3994503-A57B-4C1E-8331-9FA9C56DFA3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{D4DFF00B-C39F-4FA3-9F27-6200F364C8DF}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\warlords\civ4warlords.exe |
    "{D9114FBC-55D3-47AE-8317-3A5D0B38F759}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
    "{E214FE85-98DC-493C-9EA3-642B799EDE35}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{E4861F4E-4E47-42EE-B59F-4CF6A46FD5FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe |
    "{E6201E69-ECFC-4D97-B2F0-3F34389E3A49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E7BF3577-31F2-4AE7-8DCE-6159EBF70532}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E86A8A4D-BDA3-4D59-A5FC-FD6E86889A70}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
    "{EC2B6849-8181-4079-B74A-4029D679A859}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
    "{F0646124-6552-4586-A5F6-A185B4DFFCBE}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 gold\civilization4.exe |
    "{F295550D-EA38-4B12-A049-10DE256B62D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F4D20014-A780-4C4F-8946-8C8461B1333F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FC0A69A4-6A97-4628-8E8B-040F61366396}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FF09FD93-1435-4D57-BA9E-53C7CFFB6E3D}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe |
    "TCP Query User{B71FA428-38EA-4635-9080-B52893E27A66}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
    "UDP Query User{CF909162-637C-4CA5-A490-0E1F35F75B64}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
    "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Shop for HP Supplies" = Shop for HP Supplies

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
    "{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{203E564A-51E6-44E5-9DF9-8D0AD66E401D}" = DJ_SF_05_D2600_Software_Min
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
    "{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
    "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
    "{266F34CA-580F-4615-80FE-BDFBD56B748F}" = School Tycoon
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
    "{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
    "{2CE4119A-FF7F-3EE6-42A4-EB53C6057FFE}" = Zinio Reader 4
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
    "{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
    "{55502C49-F061-428C-BF26-06ECDFB3AC29}" = Sid Meier's Civilization 4 Gold
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
    "{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
    "{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
    "{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
    "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{775290AD-C54E-418C-9564-A10836F42C1C}" = D2600
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
    "{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
    "{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{97DF1C46-FCCE-4591-9974-5A12CE667B9D}" = Tournament Maker
    "{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
    "{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
    "{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B95T9A00-40176-4AC6-N973-5A8AB71A09DJ}_is1" = GTA IV + EFLC version 1.5
    "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
    "{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister
    "{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{C9912275-67A2-4624-A212-83E53AF7ADC8}" = Minutor
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
    "{E97C937C-AE21-453D-86A0-A231507543D1}" = ACID Music Studio 8.0
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
    "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EE89DCAD-37AD-4B43-B466-DB8FFEB083C5}" = Tourney Master 3 Ultimate
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2F7D8E1-03A2-11E1-AA2E-F04DA23A5C58}" = MSVCRT Redists
    "{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
    "{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
    "{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}" = ACID Pro 7.0
    "{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
    "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "7-Zip" = 7-Zip 9.25 alpha
    "Activision_SBPUninstallKey" = Snowboard Park Tycoon
    "Activision_SpaceInvadersUninstallKey" = Space Invaders
    "Adobe AIR" = Adobe AIR
    "Algodoo_is1" = Algodoo v2.0.1
    "ArmA 2" = ArmA 2 Free Uninstall
    "ASIO4ALL" = ASIO4ALL
    "Carnivores" = Carnivores
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Deckadance" = Deckadance
    "EADM" = EA Download Manager
    "EasyBCD" = EasyBCD 2.0
    "FL Studio 10" = FL Studio 10
    "FlightGear 2.4.0_is1" = FlightGear 2.4.0
    "FrostWire" = FrostWire 4.21.3
    "FrostWire 5" = FrostWire 5.3.8
    "Google Chrome" = Google Chrome
    "HyperCam 3" = HyperCam 3
    "IL Download Manager" = IL Download Manager
    "IL Shared Libraries" = IL Shared Libraries
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{EE89DCAD-37AD-4B43-B466-DB8FFEB083C5}" = Tourney Master 3 Ultimate
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Kobo" = Kobo
    "Logitech Vid" = Logitech Vid HD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "My HP Game Console" = HP Game Console
    "N360" = Norton Security Suite
    "Native Instruments Massive" = Native Instruments Massive
    "Native Instruments Service Center" = Native Instruments Service Center
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PDF Complete" = PDF Complete Special Edition
    "Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
    "WildTangent hp Master Uninstall" = HP Games
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.01 (32-bit)
    "WT087328" = Blackhawk Striker 2
    "WT087335" = Build-a-lot 2
    "WT087342" = Dora's Carnival Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087373" = Jewel Quest 3
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087513" = Virtual Villagers - The Secret City
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
    "Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/27/2013 10:29:21 AM | Computer Name = gameroom-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5008

    Error - 2/27/2013 10:29:22 AM | Computer Name = gameroom-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/27/2013 10:29:22 AM | Computer Name = gameroom-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 6006

    Error - 2/27/2013 10:29:22 AM | Computer Name = gameroom-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6006

    Error - 2/27/2013 10:29:23 AM | Computer Name = gameroom-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/27/2013 10:29:23 AM | Computer Name = gameroom-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7020

    Error - 2/27/2013 10:29:23 AM | Computer Name = gameroom-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7020

    Error - 2/27/2013 10:29:24 AM | Computer Name = gameroom-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/27/2013 10:29:24 AM | Computer Name = gameroom-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8018

    Error - 2/27/2013 10:29:24 AM | Computer Name = gameroom-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8018

    [ Hewlett-Packard Events ]
    Error - 11/26/2012 4:00:52 AM | Computer Name = gameroom-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 5887 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 12/3/2012 4:03:57 PM | Computer Name = gameroom-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 5887 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 12/3/2012 4:03:58 PM | Computer Name = gameroom-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 5887 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 12/9/2012 6:52:39 PM | Computer Name = gameroom-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 5887 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 12/9/2012 6:52:40 PM | Computer Name = gameroom-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 5887 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 12/10/2012 5:39:21 PM | Computer Name = gameroom-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Message:
    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Source:
    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5887
    Ram
    Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


    Error - 12/10/2012 8:59:29 PM | Computer Name = gameroom-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Message:
    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Source:
    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5887
    Ram
    Utilization: 20 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


    Error - 12/11/2012 10:30:12 PM | Computer Name = gameroom-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Message:
    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Source:
    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5887
    Ram
    Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


    Error - 12/12/2012 8:00:56 AM | Computer Name = gameroom-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Message:
    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Source:
    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5887
    Ram
    Utilization: TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


    Error - 12/13/2012 5:33:32 PM | Computer Name = gameroom-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Message:
    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Source:
    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5887
    Ram
    Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


    [ System Events ]
    Error - 2/24/2013 4:00:44 AM | Computer Name = gameroom-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

    Error - 2/24/2013 4:00:44 AM | Computer Name = gameroom-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2799494).

    Error - 2/25/2013 4:00:38 AM | Computer Name = gameroom-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

    Error - 2/25/2013 4:00:38 AM | Computer Name = gameroom-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2799494).

    Error - 2/26/2013 4:00:42 AM | Computer Name = gameroom-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

    Error - 2/26/2013 4:00:42 AM | Computer Name = gameroom-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2799494).

    Error - 2/27/2013 4:00:51 AM | Computer Name = gameroom-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

    Error - 2/27/2013 4:00:51 AM | Computer Name = gameroom-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2799494).

    Error - 2/27/2013 7:54:22 PM | Computer Name = gameroom-HP | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:51:31 PM on ?2/?27/?2013 was unexpected.

    Error - 2/27/2013 7:54:23 PM | Computer Name = gameroom-HP | Source = BugCheck | ID = 1001
    Description =


    < End of report >

     
  8. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Erik

    P2P Warning
    Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
    Once upon a time, P2P file sharing was fairly safe. That is no longer true.
    P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

    Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
    When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

    You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
    If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

    If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


    Step 1
    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2

    [​IMG]


    [​IMG]

    This is an example, you may rename ComboFix to anything you want.

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
      For more information read:
      How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

      Then:

      Double click on Combo-Fix.exe & follow the prompts.

      Vista/Win7 users should right click on the icon and select Run as Administrator.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

      If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Thanks
     

Share This Page