Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
ukash (Chesire Police) help needed
Message
<blockquote data-quote="jondeevoy" data-source="post: 107329" data-attributes="member: 6233"><p>OTL logfile created on: 26/02/2013 15:11:48 - Run 1</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Downloads</p><p> Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy</p><p> </p><p>2.87 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 61.45% Memory free</p><p>5.73 Gb Paging File | 4.11 Gb Available in Paging File | 71.75% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 109.99 Gb Total Space | 9.92 Gb Free Space | 9.02% Space Free | Partition Type: NTFS</p><p>Drive G: | 30.01 Gb Total Space | 6.54 Gb Free Space | 21.79% Space Free | Partition Type: NTFS</p><p>Drive Z: | 157.98 Gb Total Space | 84.71 Gb Free Space | 53.62% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: HP-PC | User Name: HP | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: All users</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - [2013/02/26 15:11:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Downloads\OTL.exe</p><p>PRC - [2013/02/26 12:33:25 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe</p><p>PRC - [2013/01/30 15:45:22 | 006,864,896 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe</p><p>PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe</p><p>PRC - [2012/12/02 23:38:02 | 001,666,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\VIP Access Client\VIPUIManager.exe</p><p>PRC - [2012/12/02 23:38:00 | 000,081,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\VIP Access Client\VIPAppService.exe</p><p>PRC - [2012/11/30 02:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe</p><p>PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe</p><p>PRC - [2012/08/08 23:17:23 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe</p><p>PRC - [2012/05/02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe</p><p>PRC - [2012/05/01 23:55:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe</p><p>PRC - [2012/05/01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe</p><p>PRC - [2012/04/24 01:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe</p><p>PRC - [2012/01/19 11:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe</p><p>PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe</p><p>PRC - [2011/01/28 05:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\pg_ctl.exe</p><p>PRC - [2011/01/28 05:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\postgres.exe</p><p>PRC - [2010/05/12 16:23:04 | 000,130,496 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\HP\AppData\Local\Citrix\ICA Client\CDViewer.exe</p><p>PRC - [2010/05/12 16:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\HP\AppData\Local\Citrix\ICA Client\wfcrun32.exe</p><p>PRC - [2010/05/12 16:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\HP\AppData\Local\Citrix\ICA Client\concentr.exe</p><p>PRC - [2010/05/12 15:52:16 | 001,918,392 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\HP\AppData\Local\Citrix\ICA Client\wfica32.exe</p><p>PRC - [2010/01/29 13:59:00 | 005,110,304 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe</p><p>PRC - [2010/01/12 15:32:22 | 000,907,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe</p><p>PRC - [2009/12/30 19:36:06 | 000,114,688 | ---- | M] () -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe</p><p>PRC - [2009/12/08 18:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe</p><p>PRC - [2009/11/17 17:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe</p><p>PRC - [2009/09/30 19:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>PRC - [2009/09/30 19:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - [2013/02/14 03:29:09 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll</p><p>MOD - [2013/02/14 03:28:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll</p><p>MOD - [2013/01/30 08:25:28 | 000,397,312 | ---- | M] () -- C:\Program Files\Free Download Manager\iefdmdm.dll</p><p>MOD - [2013/01/11 03:17:32 | 000,105,984 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmumsp.dll</p><p>MOD - [2013/01/10 03:32:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll</p><p>MOD - [2013/01/10 03:31:28 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll</p><p>MOD - [2013/01/10 03:31:26 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll</p><p>MOD - [2013/01/10 03:31:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll</p><p>MOD - [2013/01/10 03:31:03 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll</p><p>MOD - [2013/01/10 03:30:46 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll</p><p>MOD - [2012/12/26 08:13:54 | 003,547,136 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmbtsupp.dll</p><p>MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF</p><p>MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll</p><p>MOD - [2010/05/12 16:23:00 | 000,087,488 | ---- | M] () -- C:\Users\HP\AppData\Local\Citrix\ICA Client\AxWfIcaLib.dll</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV - File not found [Auto | Stopped] -- H:\HitmanPro.exe /crusader:boot -- (HitmanPro37CrusaderBoot)</p><p>SRV - [2013/02/26 12:33:25 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)</p><p>SRV - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)</p><p>SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)</p><p>SRV - [2012/12/02 23:38:00 | 000,081,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)</p><p>SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)</p><p>SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)</p><p>SRV - [2012/05/02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)</p><p>SRV - [2012/05/01 23:55:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)</p><p>SRV - [2012/05/01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)</p><p>SRV - [2012/01/19 11:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)</p><p>SRV - [2011/01/28 05:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- c:\postgreSQL\bin\pg_ctl.exe -- (postgresql-8.4)</p><p>SRV - [2010/09/10 19:59:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)</p><p>SRV - [2010/06/25 17:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)</p><p>SRV - [2009/12/30 19:36:06 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)</p><p>SRV - [2009/12/08 18:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)</p><p>SRV - [2009/11/17 17:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)</p><p>SRV - [2009/09/30 19:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)</p><p>SRV - [2009/09/30 19:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)</p><p>SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)</p><p>DRV - [2012/04/27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)</p><p>DRV - [2012/04/24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)</p><p>DRV - [2012/04/16 20:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)</p><p>DRV - [2011/11/28 14:51:44 | 000,032,896 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\anvsnddrv.sys -- (anvsnddrv)</p><p>DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)</p><p>DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)</p><p>DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)</p><p>DRV - [2010/07/28 05:00:20 | 001,559,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur)</p><p>DRV - [2010/07/15 07:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)</p><p>DRV - [2010/07/15 07:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)</p><p>DRV - [2010/06/25 17:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)</p><p>DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)</p><p>DRV - [2010/04/22 01:05:56 | 000,324,672 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmrkusbu.sys -- (NMRKUSBU)</p><p>DRV - [2010/04/22 01:05:54 | 000,040,000 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmrkusba.sys -- (NMRKUSBA)</p><p>DRV - [2010/04/16 15:22:04 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)</p><p>DRV - [2010/02/25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)</p><p>DRV - [2009/12/23 10:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)</p><p>DRV - [2009/09/22 01:45:12 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)</p><p>DRV - [2009/09/17 11:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)</p><p>DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)</p><p>DRV - [2007/10/24 09:47:26 | 000,023,288 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB)</p><p>DRV - [2005/05/09 19:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p> </p><p> </p><p>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_GB</p><p>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_GB</p><p>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p> </p><p>IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/</p><p>IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp</p><p>IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB</p><p>IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 56 66 60 DA 10 CE 01 [binary data]</p><p>IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..\SearchScopes,DefaultScope = {1E09192B-1999-459A-8D88-951703DA3A5F}</p><p>IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</p><p>IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..\SearchScopes\{1E09192B-1999-459A-8D88-951703DA3A5F}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=</p><p>IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - prefs.js..browser.search.defaultengine: "Ask.com"</p><p>FF - prefs.js..browser.search.defaultenginename: "Ask.com"</p><p>FF - prefs.js..browser.search.order.1: "Ask.com"</p><p>FF - prefs.js..browser.search.selectedEngine: "Ask.com"</p><p>FF - prefs.js..browser.startup.homepage: "http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_GB"</p><p>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24</p><p>FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.5.7.9</p><p>FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51</p><p>FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1</p><p>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31</p><p>FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_GB&apn_uid=59ea409b-a143-475e-938c-000d913aa8de&apn_ptnrs=%5EABZ&apn_sauid=FBF15115-19E3-4674-92C9-4D75AB78F452&apn_dtid=%5EYYYYYY%5EYY%5EGB&&q="</p><p>FF - prefs.js..network.proxy.type: 0</p><p>FF - user.js - File not found</p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)</p><p>FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/03 19:10:09 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files\Symantec\VIP Access Client\ [2012/12/15 16:24:25 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/09 22:21:39 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/09 01:46:45 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6\components [2012/01/04 20:08:33 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6\plugins [2013/01/09 01:46:45 | 000,000,000 | ---D | M]</p><p>FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/03 19:10:09 | 000,000,000 | ---D | M]</p><p> </p><p>[2011/02/21 01:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Extensions</p><p>[2013/02/01 19:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\z30k7fsq.default\extensions</p><p>[2012/06/26 23:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</p><p>[2012/06/26 23:31:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll</p><p>[2010/05/12 15:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll</p><p>[2010/05/12 15:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll</p><p>[2010/05/12 15:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll</p><p>[2010/05/12 15:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll</p><p>[2010/05/12 16:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll</p><p>[2010/05/12 15:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll</p><p>[2012/06/26 23:31:11 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml</p><p>[2012/06/26 23:31:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml</p><p>[2012/06/26 23:31:11 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml</p><p>[2012/06/26 23:31:11 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml</p><p>[2012/06/26 23:31:11 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml</p><p> </p><p>O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts</p><p>O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)</p><p>O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)</p><p>O3 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.</p><p>O4 - HKLM..\Run: [] File not found</p><p>O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)</p><p>O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)</p><p>O4 - HKLM..\Run: [ConnectionCenter] C:\Users\HP\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)</p><p>O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)</p><p>O4 - HKLM..\Run: [RtkOSD] C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe (Realtek Semiconductor Corp.)</p><p>O4 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)</p><p>O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()</p><p>O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()</p><p>O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()</p><p>O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()</p><p>O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)</p><p>O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)</p><p>O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)</p><p>O13 - gopher Prefix: missing</p><p>O15 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)</p><p>O15 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)</p><p>O15 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..Trusted Domains: soe.com ([]* in Trusted sites)</p><p>O15 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..Trusted Domains: sony.com ([]* in Trusted sites)</p><p>O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)</p><p>O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)</p><p>O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)</p><p>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)</p><p>O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C5BDD5-3CA2-4D07-B4FC-169980637DDA}: DhcpNameServer = 192.168.1.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{457E5F1B-EF8C-42DA-830D-3074961A12A4}: DhcpNameServer = 192.168.1.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F220F9CC-71A8-4F3E-88D2-13A48D0BD4E6}: DhcpNameServer = 10.0.0.2</p><p>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\HP\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\HP\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</p><p>O33 - MountPoints2\{60c64d37-43cf-11e2-aa2c-00269edb0a1b}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{60c64d37-43cf-11e2-aa2c-00269edb0a1b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a</p><p>O33 - MountPoints2\D\Shell - "" = AutoRun</p><p>O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/02/26 20:47:21 | 000,000,000 | ---D | C] -- C:\FRST</p><p>[2013/02/26 20:22:19 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware</p><p>[2013/02/26 13:25:26 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe</p><p>[2013/02/26 12:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>[2013/02/26 12:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro</p><p>[2013/02/26 12:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro</p><p>[2013/02/25 13:22:45 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\-- Writing --</p><p>[2013/02/24 00:53:19 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Programs</p><p>[2013/02/14 03:03:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb</p><p>[2013/02/14 03:03:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll</p><p>[2013/02/14 03:03:07 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll</p><p>[2013/02/14 03:03:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll</p><p>[2013/02/14 03:03:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe</p><p>[2013/02/14 03:03:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll</p><p>[2013/02/14 03:03:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll</p><p>[2013/02/14 03:03:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl</p><p>[2013/02/13 07:19:07 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys</p><p>[2013/02/13 07:18:58 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe</p><p>[2013/02/13 07:18:58 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe</p><p>[2013/02/13 07:18:51 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS</p><p>[2013/02/13 07:18:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll</p><p>[2013/02/12 22:27:13 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\-- Story Notes --</p><p>[2013/02/08 22:47:37 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{2BF0BB93-1A54-4E6B-91D9-16223DC13523}</p><p>[2013/02/08 22:47:20 | 000,000,000 | ---D | C] -- C:\Users\HP\Tracing</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/02/26 14:59:12 | 000,015,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/02/26 14:59:12 | 000,015,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/02/26 13:51:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2013/02/26 13:25:26 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe</p><p>[2013/02/26 13:25:26 | 000,001,076 | ---- | M] () -- C:\Windows\System32\.crusader</p><p>[2013/02/26 12:33:25 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk</p><p>[2013/02/25 18:02:22 | 000,001,909 | ---- | M] () -- C:\Users\HP\Desktop\Kies Air Discovery Service.lnk</p><p>[2013/02/24 00:53:36 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/02/23 19:11:45 | 000,005,245 | ---- | M] () -- C:\Users\HP\.TransferManager.db</p><p>[2013/02/23 14:05:08 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe</p><p>[2013/02/23 14:05:08 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl</p><p>[2013/02/23 14:04:05 | 000,001,053 | ---- | M] () -- C:\Users\HP\Desktop\Free Download Manager.lnk</p><p>[2013/02/14 03:27:23 | 000,395,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT</p><p>[2013/02/14 03:01:21 | 000,652,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat</p><p>[2013/02/14 03:01:21 | 000,121,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat</p><p>[2013/02/12 22:23:39 | 000,094,502 | ---- | M] () -- C:\Users\HP\Documents\a-beautiful-mind.pdf</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/02/26 12:33:25 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk</p><p>[2013/02/26 12:27:35 | 000,001,076 | ---- | C] () -- C:\Windows\System32\.crusader</p><p>[2013/02/23 19:08:50 | 000,001,909 | ---- | C] () -- C:\Users\HP\Desktop\Kies Air Discovery Service.lnk</p><p>[2013/02/12 22:23:39 | 000,094,502 | ---- | C] () -- C:\Users\HP\Documents\a-beautiful-mind.pdf</p><p>[2012/12/04 22:53:39 | 000,004,934 | ---- | C] () -- C:\ProgramData\flwjycbm.bab</p><p>[2012/07/24 18:56:43 | 000,721,758 | ---- | C] () -- C:\Windows\unins000.exe</p><p>[2012/07/24 18:56:43 | 000,035,103 | ---- | C] () -- C:\Windows\unins000.dat</p><p>[2012/07/18 10:57:44 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad</p><p>[2012/07/09 17:50:50 | 000,000,045 | ---- | C] () -- C:\Users\HP\AppData\Local\machpro.dat</p><p>[2012/05/30 14:05:58 | 013,545,472 | ---- | C] () -- C:\Windows\System32\SSL X-Verb Stereo.dll</p><p>[2012/05/30 14:05:58 | 006,569,984 | ---- | C] () -- C:\Windows\System32\SSL X-Eq Stereo.dll</p><p>[2012/05/30 14:05:58 | 006,569,984 | ---- | C] () -- C:\Windows\System32\SSL X-Eq Mono.dll</p><p>[2012/05/30 14:05:58 | 006,217,728 | ---- | C] () -- C:\Windows\System32\SSL X-Comp Stereo.dll</p><p>[2012/05/30 14:05:58 | 006,217,728 | ---- | C] () -- C:\Windows\System32\SSL X-Comp Mono.dll</p><p>[2012/05/30 14:05:58 | 005,079,040 | ---- | C] () -- C:\Windows\System32\SSL Vocalstrip Stereo.dll</p><p>[2012/05/30 14:05:57 | 015,695,872 | ---- | C] () -- C:\Windows\System32\SSL Channel Stereo.dll</p><p>[2012/05/30 14:05:57 | 005,787,648 | ---- | C] () -- C:\Windows\System32\SSL Drumstrip Stereo.dll</p><p>[2012/05/30 14:05:57 | 005,783,552 | ---- | C] () -- C:\Windows\System32\SSL Drumstrip Mono.dll</p><p>[2012/05/30 14:05:57 | 005,074,944 | ---- | C] () -- C:\Windows\System32\SSL Vocalstrip Mono.dll</p><p>[2012/05/30 14:05:56 | 015,687,680 | ---- | C] () -- C:\Windows\System32\SSL Channel Mono.dll</p><p>[2012/05/30 14:05:56 | 007,122,944 | ---- | C] () -- C:\Windows\System32\SSL Bus Compressor Stereo.dll</p><p>[2012/05/30 14:05:56 | 007,122,944 | ---- | C] () -- C:\Windows\System32\SSL Bus Compressor Mono.dll</p><p>[2012/05/30 14:05:56 | 000,069,632 | ---- | C] () -- C:\Windows\System32\FxShared.dll</p><p>[2012/05/30 14:05:56 | 000,069,632 | ---- | C] () -- C:\Windows\System32\com.fxpansion.fxshared.dll</p><p>[2012/03/21 08:42:13 | 000,005,245 | ---- | C] () -- C:\Users\HP\.TransferManager.db</p><p>[2012/01/06 18:27:39 | 000,001,057 | ---- | C] () -- C:\Users\HP\AppData\Roaming\vso_ts_preview.xml</p><p>[2011/10/15 22:17:53 | 000,101,958 | ---- | C] () -- C:\Users\HP\AppData\Roaming\icarus-dxdiag.xml</p><p>[2011/07/03 23:10:35 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll</p><p>[2011/07/03 23:05:15 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys</p><p>[2011/07/03 23:04:45 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg</p><p>[2011/06/03 19:06:08 | 000,170,015 | ---- | C] () -- C:\Windows\hpoins14.dat</p><p>[2011/06/03 19:06:08 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat</p><p>[2011/01/16 21:43:21 | 000,005,632 | ---- | C] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2011/01/16 09:21:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat</p><p>[2010/09/25 15:27:09 | 000,007,604 | ---- | C] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p>"ThreadingModel" = Both</p><p>"" = C:\Windows\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = C:\Windows\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Alternate Data Streams ==========</span></p><p> </p><p>@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:BF3D62E7</p><p></p><p>< End of report ></p><hr /><p></p><p>OTL Extras logfile created on: 26/02/2013 15:11:48 - Run 1</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Downloads</p><p> Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy</p><p> </p><p>2.87 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 61.45% Memory free</p><p>5.73 Gb Paging File | 4.11 Gb Available in Paging File | 71.75% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 109.99 Gb Total Space | 9.92 Gb Free Space | 9.02% Space Free | Partition Type: NTFS</p><p>Drive G: | 30.01 Gb Total Space | 6.54 Gb Free Space | 21.79% Space Free | Partition Type: NTFS</p><p>Drive Z: | 157.98 Gb Total Space | 84.71 Gb Free Space | 53.62% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: HP-PC | User Name: HP | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: All users</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Extra Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== File Associations ==========</span></p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]</p><p>.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)</p><p>.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)</p><p> </p><p>[HKEY_USERS\S-1-5-21-3563083970-3628164584-3303492815-1000\SOFTWARE\Classes\<extension>]</p><p>.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)</p><p> </p><p><span style="color: #E56717">========== Shell Spawning ==========</span></p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]</p><p>batfile [open] -- "%1" %*</p><p>cmdfile [open] -- "%1" %*</p><p>comfile [open] -- "%1" %*</p><p>cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)</p><p>exefile [open] -- "%1" %*</p><p>helpfile [open] -- Reg Error: Key error.</p><p>hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)</p><p>htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)</p><p>htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)</p><p>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)</p><p>piffile [open] -- "%1" %*</p><p>regfile [merge] -- Reg Error: Key error.</p><p>scrfile [config] -- "%1"</p><p>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l</p><p>scrfile [open] -- "%1" /S</p><p>txtfile [edit] -- Reg Error: Key error.</p><p>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1</p><p>Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()</p><p>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)</p><p>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</p><p>Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()</p><p>Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</p><p>Folder [explore] -- Reg Error: Value error.</p><p>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)</p><p> </p><p><span style="color: #E56717">========== Security Center Settings ==========</span></p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]</p><p>"cval" = 0</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]</p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]</p><p>"VistaSp1" = Reg Error: Unknown registry data type -- File not found</p><p>"AntiVirusOverride" = 0</p><p>"AntiSpywareOverride" = 0</p><p>"FirewallOverride" = 0</p><p> </p><p><span style="color: #E56717">========== Firewall Settings ==========</span></p><p> </p><p><span style="color: #E56717">========== Authorized Applications List ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== HKEY_LOCAL_MACHINE Uninstall List ==========</span></p><p> </p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</p><p>"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam</p><p>"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor</p><p>"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2</p><p>"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended</p><p>"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer</p><p>"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center</p><p>"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status</p><p>"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan</p><p>"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1</p><p>"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works</p><p>"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter</p><p>"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch</p><p>"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker</p><p>"{1E03C8BE-0848-430F-BECA-7D7709401626}" = TP-LINK Wireless Client Utility</p><p>"{1E958728-CFA3-454A-A2D6-42A9FF718480}" = Intel(R) C++ Redistributables for Windows* on IA-32</p><p>"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp</p><p>"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148</p><p>"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update</p><p>"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions</p><p>"{261FDE14-0B8C-4B7A-8E37-A6F70FE5CEEA}" = Max 5.1.8</p><p>"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext</p><p>"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7</p><p>"{294B9A61-B4D6-4EDB-91BF-354619C43FE2}" = PCM Native Reverb Bundle</p><p>"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety</p><p>"{2991DD80-25AE-471E-9981-D572CA0887EE}" = Flux_StereoTool</p><p>"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor</p><p>"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm</p><p>"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update</p><p>"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery</p><p>"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min</p><p>"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery</p><p>"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons</p><p>"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery</p><p>"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool</p><p>"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile</p><p>"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy</p><p>"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX</p><p>"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg</p><p>"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01</p><p>"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive</p><p>"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater</p><p>"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5</p><p>"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter</p><p>"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform</p><p>"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content</p><p>"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport</p><p>"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB)</p><p>"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01</p><p>"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0</p><p>"{5776E400-655A-44E0-B67C-A236E498AB26}" = Flux_BitterSweetII</p><p>"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant</p><p>"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2</p><p>"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components</p><p>"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone</p><p>"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1</p><p>"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE</p><p>"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack</p><p>"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply</p><p>"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox</p><p>"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable</p><p>"{7281CABA-E70B-411A-AF4B-ECB3C8778364}_is1" = Mouse Recorder 2.3.6.2</p><p>"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053</p><p>"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client</p><p>"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger</p><p>"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable</p><p>"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert</p><p>"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set</p><p>"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570</p><p>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight</p><p>"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT</p><p>"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system</p><p>"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010</p><p>"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010</p><p>"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010</p><p>"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010</p><p>"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010</p><p>"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010</p><p>"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010</p><p>"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010</p><p>"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010</p><p>"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010</p><p>"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010</p><p>"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010</p><p>"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010</p><p>"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010</p><p>"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010</p><p>"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010</p><p>"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010</p><p>"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)</p><p>"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends</p><p>"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker</p><p>"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2</p><p>"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)</p><p>"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting</p><p>"{97C89A11-9AD7-49CE-9F90-54BF075623CE}" = VIP Access</p><p>"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster</p><p>"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17</p><p>"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161</p><p>"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail</p><p>"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help</p><p>"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer</p><p>"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer</p><p>"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common</p><p>"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer</p><p>"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer</p><p>"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)</p><p>"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set</p><p>"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software</p><p>"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter</p><p>"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync</p><p>"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)</p><p>"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR</p><p>"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0</p><p>"{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1" = Power CD+G Burner</p><p>"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations</p><p>"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content</p><p>"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant</p><p>"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail</p><p>"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget</p><p>"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection</p><p>"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars</p><p>"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform</p><p>"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack</p><p>"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100</p><p>"{D1E632A6-CE8B-436B-BC03-009851802E82}" = Sound Forge Pro 10.0</p><p>"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set</p><p>"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common</p><p>"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform</p><p>"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker</p><p>"{D51FED8C-2A72-4D72-8CE3-7EB7D7673363}" = uMusic</p><p>"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential</p><p>"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set</p><p>"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan</p><p>"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX)</p><p>"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV)</p><p>"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365</p><p>"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting</p><p>"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources</p><p>"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal</p><p>"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10</p><p>"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set</p><p>"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne</p><p>"{E7C814DF-6D2F-4E70-8491-B739A2CF2230}" = TableNinja</p><p>"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger</p><p>"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1</p><p>"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin</p><p>"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10</p><p>"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set</p><p>"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]</p><p>"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219</p><p>"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver</p><p>"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL</p><p>"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01</p><p>"{F50A4470-7A45-4A5A-97F8-806990B736C2}" = MP3+G Toolz</p><p>"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety</p><p>"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials</p><p>"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022</p><p>"4Videosoft AMV Media Converter_is1" = 4Videosoft AMV Media Converter</p><p>"Adobe AIR" = Adobe AIR</p><p>"Adobe Audition 3.0" = Adobe Audition 3.0</p><p>"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX</p><p>"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin</p><p>"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.5.8</p><p>"ASIO4ALL" = ASIO4ALL</p><p>"Avira AntiVir Desktop" = Avira Free Antivirus</p><p>"BazzISM2 VST2" = BazzISM2 VST2 2.4.6</p><p>"BazzISM2 VST3" = BazzISM2 VST3 2.4.6</p><p>"bx_saturator_is1" = bx_saturator 1.0.2</p><p>"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web</p><p>"Cyclop_is1" = Sugar Bytes Cyclop 1.0.1</p><p>"DMGAudio PitchFunk_is1" = DMGAudio PitchFunk 1.02</p><p>"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.1.1 Home Edition</p><p>"eLicenser Control" = eLicenser Control</p><p>"Football Manager 2012_is1" = Football Manager 2012</p><p>"Free Download Manager_is1" = Free Download Manager 3.9.2</p><p>"GhostMouse_is1" = GhostMouse</p><p>"HitmanPro37" = HitmanPro 3.7</p><p>"HoldemManager2" = Holdem Manager 2</p><p>"HP Imaging Device Functions" = HP Imaging Device Functions 13.0</p><p>"HP Photosmart Essential" = HP Photosmart Essential 3.5</p><p>"HP Smart Web Printing" = HP Smart Web Printing 4.51</p><p>"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0</p><p>"HPExtendedCapabilities" = HP Customer Participation Program 13.0</p><p>"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0</p><p>"ImgBurn" = ImgBurn</p><p>"iZotope Stutter Edit_is1" = iZotope Stutter Edit</p><p>"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control</p><p>"Live 8.2.8" = Live 8.2.8</p><p>"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100</p><p>"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile</p><p>"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended</p><p>"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2</p><p>"minimoog V2_is1" = minimoog V2 2.0</p><p>"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)</p><p>"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)</p><p>"Mp3tag" = Mp3tag v2.48</p><p>"Native Instruments Controller Editor" = Native Instruments Controller Editor</p><p>"Native Instruments Massive" = Native Instruments Massive</p><p>"Native Instruments Service Center" = Native Instruments Service Center</p><p>"Native Instruments Traktor" = Native Instruments Traktor</p><p>"Office14.PROPLUS" = Microsoft Office Professional Plus 2010</p><p>"Ohmboyz VST2" = OhmForce Ohmboyz VST2</p><p>"Ohmicide VST" = Ohm Force - Ohmicide VST</p><p>"PCM Native Reverb Bundle" = PCM Native Reverb Bundle</p><p>"PokerStars" = PokerStars</p><p>"PokerTracker4" = PokerTracker 4 (remove only)</p><p>"PostgreSQL 8.4" = PostgreSQL 8.4</p><p>"PreSonus Studio One 2" = PreSonus Studio One 2</p><p>"PSP 85 32bit" = PSP 85 32bit</p><p>"PSP EasyVerb 1.6.0 32bit" = PSP EasyVerb 1.6.0 32bit</p><p>"QuickSFV" = QuickSFV (Remove only)</p><p>"Shop for HP Supplies" = Shop for HP Supplies</p><p>"Softube FET Compressor VST RTAS_is1" = Softube FET Compressor VST RTAS v1.0.3</p><p>"Softube Tube-Tech CL 1B VST RTAS_is1" = Softube Tube-Tech CL 1B VST RTAS v1.0.3</p><p>"Sonic Charge µTonic VST" = Sonic Charge µTonic VST</p><p>"Sonnoxplugins Oxford Elite Collection Native_is1" = Sonnoxplugins Oxford Elite Collection Native v1.0</p><p>"SopCast" = SopCast 3.4.0</p><p>"SoundToys Native Effects VST RTAS_is1" = SoundToys Native Effects VST RTAS v4.0.2</p><p>"Speccy" = Speccy</p><p>"SPL Analog Code Bundle_is1" = SPL Analog Code Bundle v1.1</p><p>"SSL Duende Native_is1" = SSL Duende Native (32-bit) v3.6.6</p><p>"StarCraft II" = StarCraft II</p><p>"SubBoomBass_is1" = Rob Papen SubBoomBass 1.0.5 Multi-core</p><p>"SyncroSoft Emu" = SyncroSoft Emu (Remove only)</p><p>"Syncrosoft License Control" = Syncrosoft License Control</p><p>"SynTPDeinstKey" = Synaptics Pointing Device Driver</p><p>"TeamViewer 7" = TeamViewer 7</p><p>"USB_AUDIO_DEusb-audio.deNumark" = Numark USB Audio driver</p><p>"uTorrent" = µTorrent</p><p>"ValhallaRoom_is1" = ValhallaRoom 1.1.0</p><p>"VirtualCloneDrive" = VirtualCloneDrive</p><p>"VLC media player" = VLC media player 2.0.1</p><p>"WBFS Manager 3.0" = WBFS Manager 3.0</p><p>"WinLiveSuite" = Windows Live Essentials</p><p>"WinPcapInst" = WinPcap 4.1.2</p><p>"WinRAR archiver" = WinRAR archiver</p><p>"Wireshark" = Wireshark 1.6.4</p><p>"World of Warcraft" = World of Warcraft</p><p>"Zoiper" = Zoiper</p><p> </p><p><span style="color: #E56717">========== HKEY_USERS Uninstall List ==========</span></p><p> </p><p>[HKEY_USERS\S-1-5-21-3563083970-3628164584-3303492815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</p><p>"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater</p><p>"090215de958f1060" = Curse Client</p><p>"Dropbox" = Dropbox</p><p>"Juniper_Setup_Client" = Juniper Networks Setup Client</p><p>"Neoteris_Host_Checker" = Juniper Networks Host Checker</p><p> </p><p><span style="color: #E56717">========== Last 20 Event Log Errors ==========</span></p><p> </p><p>[ Application Events ]</p><p>Error - 24/02/2013 20:03:16 | Computer Name = HP-PC | Source = Application Hang | ID = 1002</p><p>Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting</p><p> with Windows and was closed. To see if more information about the problem is available,</p><p> check the problem history in the Action Center control panel. Process ID: 13dc Start</p><p> Time: 01ce12b7fc306da9 Termination Time: 15 Application Path: C:\Program Files\Internet</p><p> Explorer\iexplore.exe Report Id: be6ac092-7ede-11e2-bb40-00269edb0a1b </p><p> </p><p>Error - 24/02/2013 20:04:03 | Computer Name = HP-PC | Source = Application Hang | ID = 1002</p><p>Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting</p><p> with Windows and was closed. To see if more information about the problem is available,</p><p> check the problem history in the Action Center control panel. Process ID: 7c4 Start</p><p> Time: 01ce12eb83cb1257 Termination Time: 12 Application Path: C:\Program Files\Internet</p><p> Explorer\iexplore.exe Report Id: db3d17fd-7ede-11e2-bb40-00269edb0a1b </p><p> </p><p>Error - 24/02/2013 20:06:55 | Computer Name = HP-PC | Source = Application Hang | ID = 1002</p><p>Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting</p><p> with Windows and was closed. To see if more information about the problem is available,</p><p> check the problem history in the Action Center control panel. Process ID: 17d0 Start</p><p> Time: 01ce12eba07f714c Termination Time: 16 Application Path: C:\Program Files\Internet</p><p> Explorer\iexplore.exe Report Id: 40fe5fcf-7edf-11e2-bb40-00269edb0a1b </p><p> </p><p>Error - 26/02/2013 07:25:41 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0</p><p>Description = 2013-02-26 11:25:41 GMTFATAL: the database system is starting up </p><p> </p><p>Error - 26/02/2013 08:14:36 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0</p><p>Description = 2013-02-26 12:14:36 GMTFATAL: the database system is starting up </p><p> </p><p>Error - 26/02/2013 08:14:40 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0</p><p>Description = 2013-02-26 12:14:40 GMTFATAL: the database system is starting up </p><p> </p><p>Error - 26/02/2013 08:29:21 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0</p><p>Description = 2013-02-26 12:29:21 GMTFATAL: the database system is starting up </p><p> </p><p>Error - 26/02/2013 09:06:56 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0</p><p>Description = 2013-02-26 13:06:56 GMTFATAL: the database system is starting up </p><p> </p><p>Error - 26/02/2013 09:27:22 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0</p><p>Description = 2013-02-26 13:27:22 GMTFATAL: the database system is starting up </p><p> </p><p>Error - 26/02/2013 09:51:53 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0</p><p>Description = 2013-02-26 13:51:53 GMTFATAL: the database system is starting up </p><p> </p><p>[ System Events ]</p><p>Error - 26/02/2013 09:27:45 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7001</p><p>Description = The HomeGroup Provider service depends on the Function Discovery Resource</p><p> Publication service which failed to start because of the following error: %%-2147024891</p><p> </p><p>Error - 26/02/2013 09:51:45 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000</p><p>Description = The HitmanPro 3.7 Crusader (Boot) service failed to start due to the</p><p> following error: %%2</p><p> </p><p>Error - 26/0</p></blockquote><p></p>
[QUOTE="jondeevoy, post: 107329, member: 6233"] OTL logfile created on: 26/02/2013 15:11:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.87 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 61.45% Memory free 5.73 Gb Paging File | 4.11 Gb Available in Paging File | 71.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 109.99 Gb Total Space | 9.92 Gb Free Space | 9.02% Space Free | Partition Type: NTFS Drive G: | 30.01 Gb Total Space | 6.54 Gb Free Space | 21.79% Space Free | Partition Type: NTFS Drive Z: | 157.98 Gb Total Space | 84.71 Gb Free Space | 53.62% Space Free | Partition Type: NTFS Computer Name: HP-PC | User Name: HP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/02/26 15:11:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Downloads\OTL.exe PRC - [2013/02/26 12:33:25 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe PRC - [2013/01/30 15:45:22 | 006,864,896 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/02 23:38:02 | 001,666,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\VIP Access Client\VIPUIManager.exe PRC - [2012/12/02 23:38:00 | 000,081,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\VIP Access Client\VIPAppService.exe PRC - [2012/11/30 02:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/08/08 23:17:23 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/01 23:55:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012/05/01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/04/24 01:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/01/19 11:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/01/28 05:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\pg_ctl.exe PRC - [2011/01/28 05:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\postgres.exe PRC - [2010/05/12 16:23:04 | 000,130,496 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\HP\AppData\Local\Citrix\ICA Client\CDViewer.exe PRC - [2010/05/12 16:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\HP\AppData\Local\Citrix\ICA Client\wfcrun32.exe PRC - [2010/05/12 16:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\HP\AppData\Local\Citrix\ICA Client\concentr.exe PRC - [2010/05/12 15:52:16 | 001,918,392 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\HP\AppData\Local\Citrix\ICA Client\wfica32.exe PRC - [2010/01/29 13:59:00 | 005,110,304 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe PRC - [2010/01/12 15:32:22 | 000,907,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe PRC - [2009/12/30 19:36:06 | 000,114,688 | ---- | M] () -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe PRC - [2009/12/08 18:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe PRC - [2009/11/17 17:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe PRC - [2009/09/30 19:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 19:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/02/14 03:29:09 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/02/14 03:28:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/01/30 08:25:28 | 000,397,312 | ---- | M] () -- C:\Program Files\Free Download Manager\iefdmdm.dll MOD - [2013/01/11 03:17:32 | 000,105,984 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmumsp.dll MOD - [2013/01/10 03:32:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/10 03:31:28 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/10 03:31:26 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013/01/10 03:31:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/10 03:31:03 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/10 03:30:46 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/12/26 08:13:54 | 003,547,136 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmbtsupp.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/05/12 16:23:00 | 000,087,488 | ---- | M] () -- C:\Users\HP\AppData\Local\Citrix\ICA Client\AxWfIcaLib.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- H:\HitmanPro.exe /crusader:boot -- (HitmanPro37CrusaderBoot) SRV - [2013/02/26 12:33:25 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/12/02 23:38:00 | 000,081,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService) SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/01 23:55:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012/05/01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/01/19 11:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011/01/28 05:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- c:\postgreSQL\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2010/09/10 19:59:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/06/25 17:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2009/12/30 19:36:06 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service) SRV - [2009/12/08 18:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2009/11/17 17:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters) SRV - [2009/09/30 19:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/09/30 19:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus) DRV - [2012/04/27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 20:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/11/28 14:51:44 | 000,032,896 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\anvsnddrv.sys -- (anvsnddrv) DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/07/28 05:00:20 | 001,559,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2010/07/15 07:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2010/07/15 07:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010/06/25 17:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/04/22 01:05:56 | 000,324,672 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmrkusbu.sys -- (NMRKUSBU) DRV - [2010/04/22 01:05:54 | 000,040,000 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmrkusba.sys -- (NMRKUSBA) DRV - [2010/04/16 15:22:04 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2010/02/25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009/12/23 10:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd) DRV - [2009/09/22 01:45:12 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/09/17 11:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2007/10/24 09:47:26 | 000,023,288 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2005/05/09 19:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_GB IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_GB IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 56 66 60 DA 10 CE 01 [binary data] IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..\SearchScopes,DefaultScope = {1E09192B-1999-459A-8D88-951703DA3A5F} IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..\SearchScopes\{1E09192B-1999-459A-8D88-951703DA3A5F}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= IE - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_GB" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.5.7.9 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_GB&apn_uid=59ea409b-a143-475e-938c-000d913aa8de&apn_ptnrs=%5EABZ&apn_sauid=FBF15115-19E3-4674-92C9-4D75AB78F452&apn_dtid=%5EYYYYYY%5EYY%5EGB&&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/03 19:10:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files\Symantec\VIP Access Client\ [2012/12/15 16:24:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/09 22:21:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/09 01:46:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6\components [2012/01/04 20:08:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6\plugins [2013/01/09 01:46:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/03 19:10:09 | 000,000,000 | ---D | M] [2011/02/21 01:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Extensions [2013/02/01 19:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\z30k7fsq.default\extensions [2012/06/26 23:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/06/26 23:31:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/05/12 15:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2010/05/12 15:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2010/05/12 15:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2010/05/12 15:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2010/05/12 16:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010/05/12 15:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012/06/26 23:31:11 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/06/26 23:31:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/06/26 23:31:11 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012/06/26 23:31:11 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012/06/26 23:31:11 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) O3 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ConnectionCenter] C:\Users\HP\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor) O4 - HKLM..\Run: [RtkOSD] C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3563083970-3628164584-3303492815-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C5BDD5-3CA2-4D07-B4FC-169980637DDA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{457E5F1B-EF8C-42DA-830D-3074961A12A4}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F220F9CC-71A8-4F3E-88D2-13A48D0BD4E6}: DhcpNameServer = 10.0.0.2 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\HP\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\HP\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{60c64d37-43cf-11e2-aa2c-00269edb0a1b}\Shell - "" = AutoRun O33 - MountPoints2\{60c64d37-43cf-11e2-aa2c-00269edb0a1b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/02/26 20:47:21 | 000,000,000 | ---D | C] -- C:\FRST [2013/02/26 20:22:19 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware [2013/02/26 13:25:26 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013/02/26 12:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2013/02/26 12:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013/02/26 12:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/02/25 13:22:45 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\-- Writing -- [2013/02/24 00:53:19 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Programs [2013/02/14 03:03:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/02/14 03:03:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/02/14 03:03:07 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/02/14 03:03:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/02/14 03:03:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/02/14 03:03:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/02/14 03:03:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/02/14 03:03:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/02/13 07:19:07 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/02/13 07:18:58 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/02/13 07:18:58 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/02/13 07:18:51 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013/02/13 07:18:47 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013/02/12 22:27:13 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\-- Story Notes -- [2013/02/08 22:47:37 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\{2BF0BB93-1A54-4E6B-91D9-16223DC13523} [2013/02/08 22:47:20 | 000,000,000 | ---D | C] -- C:\Users\HP\Tracing [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/02/26 14:59:12 | 000,015,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/26 14:59:12 | 000,015,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/26 13:51:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/26 13:25:26 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013/02/26 13:25:26 | 000,001,076 | ---- | M] () -- C:\Windows\System32\.crusader [2013/02/26 12:33:25 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/02/25 18:02:22 | 000,001,909 | ---- | M] () -- C:\Users\HP\Desktop\Kies Air Discovery Service.lnk [2013/02/24 00:53:36 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/02/23 19:11:45 | 000,005,245 | ---- | M] () -- C:\Users\HP\.TransferManager.db [2013/02/23 14:05:08 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/02/23 14:05:08 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/02/23 14:04:05 | 000,001,053 | ---- | M] () -- C:\Users\HP\Desktop\Free Download Manager.lnk [2013/02/14 03:27:23 | 000,395,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/02/14 03:01:21 | 000,652,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/14 03:01:21 | 000,121,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/12 22:23:39 | 000,094,502 | ---- | M] () -- C:\Users\HP\Documents\a-beautiful-mind.pdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/02/26 12:33:25 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/02/26 12:27:35 | 000,001,076 | ---- | C] () -- C:\Windows\System32\.crusader [2013/02/23 19:08:50 | 000,001,909 | ---- | C] () -- C:\Users\HP\Desktop\Kies Air Discovery Service.lnk [2013/02/12 22:23:39 | 000,094,502 | ---- | C] () -- C:\Users\HP\Documents\a-beautiful-mind.pdf [2012/12/04 22:53:39 | 000,004,934 | ---- | C] () -- C:\ProgramData\flwjycbm.bab [2012/07/24 18:56:43 | 000,721,758 | ---- | C] () -- C:\Windows\unins000.exe [2012/07/24 18:56:43 | 000,035,103 | ---- | C] () -- C:\Windows\unins000.dat [2012/07/18 10:57:44 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad [2012/07/09 17:50:50 | 000,000,045 | ---- | C] () -- C:\Users\HP\AppData\Local\machpro.dat [2012/05/30 14:05:58 | 013,545,472 | ---- | C] () -- C:\Windows\System32\SSL X-Verb Stereo.dll [2012/05/30 14:05:58 | 006,569,984 | ---- | C] () -- C:\Windows\System32\SSL X-Eq Stereo.dll [2012/05/30 14:05:58 | 006,569,984 | ---- | C] () -- C:\Windows\System32\SSL X-Eq Mono.dll [2012/05/30 14:05:58 | 006,217,728 | ---- | C] () -- C:\Windows\System32\SSL X-Comp Stereo.dll [2012/05/30 14:05:58 | 006,217,728 | ---- | C] () -- C:\Windows\System32\SSL X-Comp Mono.dll [2012/05/30 14:05:58 | 005,079,040 | ---- | C] () -- C:\Windows\System32\SSL Vocalstrip Stereo.dll [2012/05/30 14:05:57 | 015,695,872 | ---- | C] () -- C:\Windows\System32\SSL Channel Stereo.dll [2012/05/30 14:05:57 | 005,787,648 | ---- | C] () -- C:\Windows\System32\SSL Drumstrip Stereo.dll [2012/05/30 14:05:57 | 005,783,552 | ---- | C] () -- C:\Windows\System32\SSL Drumstrip Mono.dll [2012/05/30 14:05:57 | 005,074,944 | ---- | C] () -- C:\Windows\System32\SSL Vocalstrip Mono.dll [2012/05/30 14:05:56 | 015,687,680 | ---- | C] () -- C:\Windows\System32\SSL Channel Mono.dll [2012/05/30 14:05:56 | 007,122,944 | ---- | C] () -- C:\Windows\System32\SSL Bus Compressor Stereo.dll [2012/05/30 14:05:56 | 007,122,944 | ---- | C] () -- C:\Windows\System32\SSL Bus Compressor Mono.dll [2012/05/30 14:05:56 | 000,069,632 | ---- | C] () -- C:\Windows\System32\FxShared.dll [2012/05/30 14:05:56 | 000,069,632 | ---- | C] () -- C:\Windows\System32\com.fxpansion.fxshared.dll [2012/03/21 08:42:13 | 000,005,245 | ---- | C] () -- C:\Users\HP\.TransferManager.db [2012/01/06 18:27:39 | 000,001,057 | ---- | C] () -- C:\Users\HP\AppData\Roaming\vso_ts_preview.xml [2011/10/15 22:17:53 | 000,101,958 | ---- | C] () -- C:\Users\HP\AppData\Roaming\icarus-dxdiag.xml [2011/07/03 23:10:35 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll [2011/07/03 23:05:15 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys [2011/07/03 23:04:45 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg [2011/06/03 19:06:08 | 000,170,015 | ---- | C] () -- C:\Windows\hpoins14.dat [2011/06/03 19:06:08 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat [2011/01/16 21:43:21 | 000,005,632 | ---- | C] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/16 09:21:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/09/25 15:27:09 | 000,007,604 | ---- | C] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\Windows\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\Windows\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:BF3D62E7 < End of report > [hr] OTL Extras logfile created on: 26/02/2013 15:11:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.87 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 61.45% Memory free 5.73 Gb Paging File | 4.11 Gb Available in Paging File | 71.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 109.99 Gb Total Space | 9.92 Gb Free Space | 9.02% Space Free | Partition Type: NTFS Drive G: | 30.01 Gb Total Space | 6.54 Gb Free Space | 21.79% Space Free | Partition Type: NTFS Drive Z: | 157.98 Gb Total Space | 84.71 Gb Free Space | 53.62% Space Free | Partition Type: NTFS Computer Name: HP-PC | User Name: HP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3563083970-3628164584-3303492815-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1E03C8BE-0848-430F-BECA-7D7709401626}" = TP-LINK Wireless Client Utility "{1E958728-CFA3-454A-A2D6-42A9FF718480}" = Intel(R) C++ Redistributables for Windows* on IA-32 "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{261FDE14-0B8C-4B7A-8E37-A6F70FE5CEEA}" = Max 5.1.8 "{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{294B9A61-B4D6-4EDB-91BF-354619C43FE2}" = PCM Native Reverb Bundle "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{2991DD80-25AE-471E-9981-D572CA0887EE}" = Flux_StereoTool "{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01 "{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5 "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB) "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01 "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0 "{5776E400-655A-44E0-B67C-A236E498AB26}" = Flux_BitterSweetII "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7281CABA-E70B-411A-AF4B-ECB3C8778364}_is1" = Mouse Recorder 2.3.6.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97C89A11-9AD7-49CE-9F90-54BF075623CE}" = VIP Access "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5) "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set "{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web) "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BC21E1FA-BD9C-4351-8EA3-4EC377B1E439}_is1" = Power CD+G Burner "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100 "{D1E632A6-CE8B-436B-BC03-009851802E82}" = Sound Forge Pro 10.0 "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D51FED8C-2A72-4D72-8CE3-7EB7D7673363}" = uMusic "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan "{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX) "{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV) "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365 "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne "{E7C814DF-6D2F-4E70-8491-B739A2CF2230}" = TableNinja "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1 "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01 "{F50A4470-7A45-4A5A-97F8-806990B736C2}" = MP3+G Toolz "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "4Videosoft AMV Media Converter_is1" = 4Videosoft AMV Media Converter "Adobe AIR" = Adobe AIR "Adobe Audition 3.0" = Adobe Audition 3.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.5.8 "ASIO4ALL" = ASIO4ALL "Avira AntiVir Desktop" = Avira Free Antivirus "BazzISM2 VST2" = BazzISM2 VST2 2.4.6 "BazzISM2 VST3" = BazzISM2 VST3 2.4.6 "bx_saturator_is1" = bx_saturator 1.0.2 "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web "Cyclop_is1" = Sugar Bytes Cyclop 1.0.1 "DMGAudio PitchFunk_is1" = DMGAudio PitchFunk 1.02 "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.1.1 Home Edition "eLicenser Control" = eLicenser Control "Football Manager 2012_is1" = Football Manager 2012 "Free Download Manager_is1" = Free Download Manager 3.9.2 "GhostMouse_is1" = GhostMouse "HitmanPro37" = HitmanPro 3.7 "HoldemManager2" = Holdem Manager 2 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0 "ImgBurn" = ImgBurn "iZotope Stutter Edit_is1" = iZotope Stutter Edit "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control "Live 8.2.8" = Live 8.2.8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "minimoog V2_is1" = minimoog V2 2.0 "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB) "Mp3tag" = Mp3tag v2.48 "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments Massive" = Native Instruments Massive "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Traktor" = Native Instruments Traktor "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Ohmboyz VST2" = OhmForce Ohmboyz VST2 "Ohmicide VST" = Ohm Force - Ohmicide VST "PCM Native Reverb Bundle" = PCM Native Reverb Bundle "PokerStars" = PokerStars "PokerTracker4" = PokerTracker 4 (remove only) "PostgreSQL 8.4" = PostgreSQL 8.4 "PreSonus Studio One 2" = PreSonus Studio One 2 "PSP 85 32bit" = PSP 85 32bit "PSP EasyVerb 1.6.0 32bit" = PSP EasyVerb 1.6.0 32bit "QuickSFV" = QuickSFV (Remove only) "Shop for HP Supplies" = Shop for HP Supplies "Softube FET Compressor VST RTAS_is1" = Softube FET Compressor VST RTAS v1.0.3 "Softube Tube-Tech CL 1B VST RTAS_is1" = Softube Tube-Tech CL 1B VST RTAS v1.0.3 "Sonic Charge µTonic VST" = Sonic Charge µTonic VST "Sonnoxplugins Oxford Elite Collection Native_is1" = Sonnoxplugins Oxford Elite Collection Native v1.0 "SopCast" = SopCast 3.4.0 "SoundToys Native Effects VST RTAS_is1" = SoundToys Native Effects VST RTAS v4.0.2 "Speccy" = Speccy "SPL Analog Code Bundle_is1" = SPL Analog Code Bundle v1.1 "SSL Duende Native_is1" = SSL Duende Native (32-bit) v3.6.6 "StarCraft II" = StarCraft II "SubBoomBass_is1" = Rob Papen SubBoomBass 1.0.5 Multi-core "SyncroSoft Emu" = SyncroSoft Emu (Remove only) "Syncrosoft License Control" = Syncrosoft License Control "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 7" = TeamViewer 7 "USB_AUDIO_DEusb-audio.deNumark" = Numark USB Audio driver "uTorrent" = µTorrent "ValhallaRoom_is1" = ValhallaRoom 1.1.0 "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 2.0.1 "WBFS Manager 3.0" = WBFS Manager 3.0 "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "WinRAR archiver" = WinRAR archiver "Wireshark" = Wireshark 1.6.4 "World of Warcraft" = World of Warcraft "Zoiper" = Zoiper [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3563083970-3628164584-3303492815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "090215de958f1060" = Curse Client "Dropbox" = Dropbox "Juniper_Setup_Client" = Juniper Networks Setup Client "Neoteris_Host_Checker" = Juniper Networks Host Checker [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 24/02/2013 20:03:16 | Computer Name = HP-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 13dc Start Time: 01ce12b7fc306da9 Termination Time: 15 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: be6ac092-7ede-11e2-bb40-00269edb0a1b Error - 24/02/2013 20:04:03 | Computer Name = HP-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 7c4 Start Time: 01ce12eb83cb1257 Termination Time: 12 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: db3d17fd-7ede-11e2-bb40-00269edb0a1b Error - 24/02/2013 20:06:55 | Computer Name = HP-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 17d0 Start Time: 01ce12eba07f714c Termination Time: 16 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: 40fe5fcf-7edf-11e2-bb40-00269edb0a1b Error - 26/02/2013 07:25:41 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0 Description = 2013-02-26 11:25:41 GMTFATAL: the database system is starting up Error - 26/02/2013 08:14:36 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0 Description = 2013-02-26 12:14:36 GMTFATAL: the database system is starting up Error - 26/02/2013 08:14:40 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0 Description = 2013-02-26 12:14:40 GMTFATAL: the database system is starting up Error - 26/02/2013 08:29:21 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0 Description = 2013-02-26 12:29:21 GMTFATAL: the database system is starting up Error - 26/02/2013 09:06:56 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0 Description = 2013-02-26 13:06:56 GMTFATAL: the database system is starting up Error - 26/02/2013 09:27:22 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0 Description = 2013-02-26 13:27:22 GMTFATAL: the database system is starting up Error - 26/02/2013 09:51:53 | Computer Name = HP-PC | Source = PostgreSQL | ID = 0 Description = 2013-02-26 13:51:53 GMTFATAL: the database system is starting up [ System Events ] Error - 26/02/2013 09:27:45 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error - 26/02/2013 09:51:45 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000 Description = The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error: %%2 Error - 26/0[/hr] [/QUOTE]
Insert quotes…
Verification
Post reply
Top