Page 1 of 11 123 ... LastLast
Results 1 to 10 of 103
  1. #1
    Member
    Join Date
    Mar 2013
    Posts
    56
    Points
    2

    Default Windows update error

    Hello,

    Several weeks ago Windows update reported that it couldn't check for updates. If I try to check manually, I get the error message "Windows could not search for updates... Code 80080005". And 'Installed updates' reports that "There are no updates on this computer". Also all my System Restore points have all gone except the latest. Curiously, this latest restore point tells me that a Critical Update was installed earlier today!

    I've run Microsoft's 'FixIt' tool but although it found 2 errors and claimed to have fixed them, nothing has changed. I installed and ran Malwarebytes and it came up with only one small Trojan relating to an iTunes registry key.

    I'm running Windows 7, and use Nod32 for my antivirus.

    Can anybody help, please?

    Thanks,
    Marie
    Last edited by trulymad; 03-22-2013 at 07:30 PM. Reason: Typo

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,522
    Points
    563

    Default

    Hi trulymad,

    Welcome to Help2Go!

    Could you please post the MBAM log that found the small trojan?

    To find the log:

    Click on the MBAM icon > Logs tab. You'll find the log within.

    Thank you,

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. The Following User Says Thank You to DonnaB For This Useful Post:


  4. #3
    Member
    Join Date
    Mar 2013
    Posts
    56
    Points
    2

    Default

    Thank you very much for your kind welcome, Donna, and for jumping in. Here's the Malwarebytes log that you requested:

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    Malwarebytes : Free anti-malware download

    Database version: v2013.03.07.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Marie :: MARIE-PC [administrator]

    Protection: Enabled

    07/03/2013 01:43:25
    mbam-log-2013-03-07 (01-43-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208401
    Time elapsed: 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iTunes.exe (Security.Hijack) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  5. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,522
    Points
    563

    Default

    Hi trulymad,

    My apologies for the delay. Seems you have a couple different issues here that may or may not be related. I'd like for you to download the following program and provide the logs that are produced for my viewing pleasure. It will take some time to research the entries so your patience will be much appreciated.

    Please download OTL to your Desktop
    • Right-click on and select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.
    • Please post the contents of both OTL.txt and Extras.txt files in your next reply.


    Thank you,

    Donna
    Last edited by DonnaB; 03-24-2013 at 10:01 AM.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  6. The Following User Says Thank You to DonnaB For This Useful Post:


  7. #5
    Member
    Join Date
    Mar 2013
    Posts
    56
    Points
    2

    Default

    Gosh, don't apologise, Donna! I'm only too grateful for your help whenever you can spare time for it. I'm only sorry that the contents of the OTL text files will be time-consuming for you to go through. I would so like to pay you for your time, but if this isn't allowed please accept my undying gratitude in lieu.

    OK, here we go...

    OTL.Txt:
    OTL logfile created on: 24/03/2013 13:56:41 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marie\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    7.98 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.32% Memory free
    15.97 Gb Paging File | 13.49 Gb Available in Paging File | 84.47% Paging File free
    Paging file location(s): e:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 59.53 Gb Total Space | 8.57 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 729.29 Gb Free Space | 78.29% Space Free | Partition Type: NTFS

    Computer Name: MARIE-PC | User Name: Marie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/03/24 13:53:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
    PRC - [2013/03/13 00:12:09 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    PRC - [2013/03/08 01:21:16 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2013/01/20 19:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2011/04/08 12:50:02 | 000,542,264 | ---- | M] (Google) -- E:\Program Files\Google Calendar Sync\GoogleCalendarSync.exe
    PRC - [2011/01/12 15:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2010/11/17 01:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/03/13 00:12:08 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    MOD - [2013/03/08 01:21:15 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2013/01/10 12:46:47 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll
    MOD - [2013/01/10 12:46:47 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll
    MOD - [2013/01/10 12:34:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/10 12:34:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
    MOD - [2013/01/10 12:34:39 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/10 12:34:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
    MOD - [2013/01/10 12:34:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013/01/10 12:34:21 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/10 12:34:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
    MOD - [2013/01/10 12:34:18 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/12/21 00:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/12/08 16:31:40 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
    SRV:64bit: - [2011/09/27 19:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/01/12 15:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
    SRV:64bit: - [2011/01/12 15:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/03/13 00:12:09 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/03/08 01:21:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/12/08 16:37:14 | 002,028,864 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2011/12/08 16:31:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
    SRV - [2011/05/20 02:32:49 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/02/06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 23:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2011/09/02 06:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/02 06:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV:64bit: - [2011/09/02 06:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/09/02 06:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
    DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/24 07:32:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/12/21 14:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2010/12/21 14:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2010/12/21 12:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV:64bit: - [2010/11/22 07:09:06 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
    DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/19 02:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/11/19 02:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/11/17 12:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
    DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2011/09/16 10:57:42 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
    DRV - [2011/05/18 15:19:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2881783767-3588832477-1932076221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-21-2881783767-3588832477-1932076221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN UK - Hotmail.co.uk sign in, Messenger, Skype and Latest News
    IE - HKU\S-1-5-21-2881783767-3588832477-1932076221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-2881783767-3588832477-1932076221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 C6 99 30 C6 15 CC 01 [binary data]
    IE - HKU\S-1-5-21-2881783767-3588832477-1932076221-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-2881783767-3588832477-1932076221-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2881783767-3588832477-1932076221-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_enGB432
    IE - HKU\S-1-5-21-2881783767-3588832477-1932076221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2881783767-3588832477-1932076221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.selectedEngine: "Google UK - from the UK"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://google.com/"
    FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
    FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5
    FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
    FF - prefs.js..extensions.enabledAddons: %7B23ad39a3-36e7-4d8e-92d2-ba116ee32c45%7D:2.0.2
    FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2
    FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
    FF - prefs.js..extensions.enabledAddons: bug489729%40alice0775:2.1
    FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
    FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13
    FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.5.1
    FF - prefs.js..extensions.enabledAddons: %7B6e84150a-d526-41f1-a480-a67d3fed910d%7D:1.5.6
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
    FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/03/19 11:58:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 01:21:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/05/19 18:03:18 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 01:21:16 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/05/30 00:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Extensions
    [2013/03/14 10:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions
    [2011/05/30 03:00:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2013/02/24 01:26:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2013/03/07 15:15:35 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
    [2012/12/05 21:24:31 | 000,000,000 | ---D | M] ("bug489729(Disable detach and tear off tab)") -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\bug489729@alice0775
    [2011/08/10 10:33:14 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\DeviceDetection@logitech.com
    [2012/09/19 11:15:04 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\amznUWL2@amazon.com.xpi
    [2012/12/08 01:54:25 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi
    [2012/11/27 00:52:12 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\tineye@ideeinc.com.xpi
    [2011/12/16 18:58:03 | 000,095,142 | ---- | M] () (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\{23ad39a3-36e7-4d8e-92d2-ba116ee32c45}.xpi
    [2013/03/14 10:48:31 | 000,111,028 | ---- | M] () (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
    [2013/03/05 01:35:55 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
    [2012/09/06 01:03:07 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
    [2013/02/14 18:30:17 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2011/12/23 20:51:45 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
    [2013/03/19 01:19:35 | 000,002,442 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\lnd8xpqt.default\searchplugins\google-uk---from-the-uk.xml
    [2013/03/08 01:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/03/08 01:21:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/08/30 10:03:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/02/20 00:59:18 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: Google
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Marie\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Marie\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marie\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
    CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/np-rf-plugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - Extension: Angry Birds = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: Web Developer = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.3_0\
    CHR - Extension: Add to Amazon Wish List = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_1\
    CHR - Extension: Recent History = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmkfdfomhhlonpbnpiibloacemdhjjm\2.1.4.1_0\
    CHR - Extension: Chrome Bookmarks Manager = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mopdfailalkoendlohkhlidichkifokh\1.0.5_0\
    CHR - Extension: MyHarmony Chrome Plugin = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf\1.2.0.0_0\
    CHR - Extension: Google Reader = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\

    O1 HOSTS File: ([2011/05/20 00:51:41 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
    O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
    O3:64bit: - HKU\S-1-5-21-2881783767-3588832477-1932076221-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKU\S-1-5-21-2881783767-3588832477-1932076221-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-2881783767-3588832477-1932076221-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2881783767-3588832477-1932076221-1000..\Run: [EPSON SX218 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Users\Marie\AppData\Local\Temp\E_S2E45.tmp" /EF "HKCU" File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab (PCPitstop Utility)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE9046C8-85CE-4CE2-AAAF-3D662DB20211}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
    O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O27:64bit: - HKLM IFEO\bonus.screenshotreader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
    O27:64bit: - HKLM IFEO\sprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
    O27 - HKLM IFEO\bonus.screenshotreader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
    O27 - HKLM IFEO\sprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/24 13:53:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
    [2013/03/14 17:03:09 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jitbit AutoText
    [2013/03/14 17:03:09 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\AutoText
    [2013/03/14 17:02:57 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\Deployment
    [2013/03/11 02:22:39 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2013/03/08 22:10:36 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/03/08 22:10:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/03/08 22:10:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/03/08 22:10:30 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/03/08 01:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/03/07 01:43:01 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Malwarebytes
    [2013/03/07 01:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/03/07 01:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/03/07 01:42:54 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/03/05 14:46:50 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution-backup
    [2013/03/05 11:10:41 | 000,000,000 | ---D | C] -- C:\Users\Marie\Desktop\David
    [2013/03/05 11:05:41 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\TeamViewer
    [2013/03/05 11:05:22 | 004,035,424 | ---- | C] (TeamViewer) -- C:\Users\Marie\Desktop\TeamViewerQS_en.exe
    [2013/03/05 01:31:17 | 000,000,000 | ---D | C] -- C:\MFT 218765
    [2013/03/04 20:21:23 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
    [2013/03/04 20:20:42 | 000,114,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\acaptuser32.dll
    [2013/03/02 16:15:17 | 000,000,000 | ---D | C] -- C:\Users\Marie\Desktop\PC problems
    [2013/03/02 15:16:42 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Users\Marie\Desktop\MicrosoftFixit.wu.LB.38285661821151682.10.1.Run.exe
    [2013/03/02 15:02:44 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Users\Marie\Desktop\MicrosoftFixit.wu.LB.38285661821151682.7.1.Run.exe
    [2013/03/02 14:40:17 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2013/02/27 21:06:26 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\MPEG Streamclip
    [2013/02/27 10:09:28 | 000,000,000 | ---D | C] -- E:\students
    [13 E:\*.tmp files -> E:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/03/24 13:53:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
    [2013/03/24 13:19:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2881783767-3588832477-1932076221-1000UA.job
    [2013/03/24 13:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/03/24 13:07:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/03/24 12:40:40 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/03/24 12:40:40 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/03/24 12:37:39 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/03/24 12:37:39 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/03/24 12:37:39 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/03/24 12:33:31 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/03/24 12:33:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/03/23 21:19:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2881783767-3588832477-1932076221-1000Core.job
    [2013/03/20 01:32:05 | 000,001,456 | ---- | M] () -- C:\Users\Marie\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2013/03/18 16:09:31 | 000,001,296 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2013/03/17 19:18:45 | 000,000,241 | ---- | M] () -- C:\Users\Marie\Desktop\index.htm
    [2013/03/15 13:54:39 | 000,001,030 | ---- | M] () -- C:\Users\Marie\Desktop\TopStyle 5.lnk
    [2013/03/14 17:03:09 | 000,000,312 | ---- | M] () -- C:\Users\Marie\Desktop\AutoText.appref-ms
    [2013/03/14 16:20:48 | 000,002,368 | ---- | M] () -- C:\Users\Marie\Desktop\Google Chrome.lnk
    [2013/03/13 00:12:09 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/03/13 00:12:09 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/03/11 02:18:32 | 396,878,101 | ---- | M] () -- C:\Users\Marie\Desktop\Windows6.1-KB947821-v26-x64.msu
    [2013/03/09 00:15:25 | 000,001,683 | ---- | M] () -- C:\Users\Marie\.TransferManager.db
    [2013/03/08 22:10:45 | 000,001,893 | ---- | M] () -- C:\Users\Marie\Desktop\Kies Air Discovery Service.lnk
    [2013/03/08 22:10:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/03/08 22:10:27 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/03/08 22:10:26 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
    [2013/03/08 22:10:26 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2013/03/08 22:10:26 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/03/08 22:10:26 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/03/07 01:42:55 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/05 11:05:23 | 004,035,424 | ---- | M] (TeamViewer) -- C:\Users\Marie\Desktop\TeamViewerQS_en.exe
    [2013/03/02 15:16:43 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Users\Marie\Desktop\MicrosoftFixit.wu.LB.38285661821151682.10.1.Run.exe
    [2013/03/02 15:02:50 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Users\Marie\Desktop\MicrosoftFixit.wu.LB.38285661821151682.7.1.Run.exe
    [2013/03/02 14:39:38 | 000,001,140 | ---- | M] () -- C:\Users\Marie\Desktop\Windows Update Troubleshooting Info.lnk
    [13 E:\*.tmp files -> E:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/03/17 19:18:45 | 000,000,241 | ---- | C] () -- C:\Users\Marie\Desktop\index.htm
    [2013/03/14 17:03:09 | 000,000,312 | ---- | C] () -- C:\Users\Marie\Desktop\AutoText.appref-ms
    [2013/03/11 02:16:07 | 396,878,101 | ---- | C] () -- C:\Users\Marie\Desktop\Windows6.1-KB947821-v26-x64.msu
    [2013/03/09 00:15:25 | 000,001,683 | ---- | C] () -- C:\Users\Marie\.TransferManager.db
    [2013/03/07 01:42:55 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/02 14:39:38 | 000,001,140 | ---- | C] () -- C:\Users\Marie\Desktop\Windows Update Troubleshooting Info.lnk
    [2012/11/09 12:14:06 | 000,001,252 | ---- | C] () -- C:\Users\Marie\letters.csh
    [2012/09/30 18:38:23 | 000,012,956 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Comma Separated Values (DOS).CAL
    [2011/07/09 00:42:45 | 000,000,132 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Adobe BMP Format CS5 Prefs
    [2011/07/05 00:09:54 | 000,155,356 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/06/20 19:35:41 | 042,331,811 | ---- | C] () -- C:\Users\Marie\Photoshop-Course.zip
    [2011/06/06 14:27:48 | 000,000,132 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/06/06 14:27:03 | 000,000,132 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Adobe GIF Format CS5 Prefs
    [2011/06/04 01:37:28 | 000,000,132 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
    [2011/06/03 15:53:30 | 000,001,456 | ---- | C] () -- C:\Users\Marie\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011/05/31 22:52:49 | 000,134,124 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
    [2011/05/19 06:37:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/05/16 18:59:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/05/16 17:07:19 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
    [2011/05/16 17:05:08 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

    ========== ZeroAccess Check ==========

    [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 972 bytes -> C:\Users\Marie\AppData\Local\h3la3szjyw:rzP9GBxXrNLJ2C1TE8I5t
    @Alternate Data Stream - 1160 bytes -> C:\Users\Marie\AppData\Local\k5zYh5qFI:XQP5IaySiZT3S9r5z052HnEMgR

    < End of report >


    Extras.Txt:
    OTL Extras logfile created on: 24/03/2013 13:56:41 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marie\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    7.98 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.32% Memory free
    15.97 Gb Paging File | 13.49 Gb Available in Paging File | 84.47% Paging File free
    Paging file location(s): e:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 59.53 Gb Total Space | 8.57 Gb Free Space | 14.40% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 729.29 Gb Free Space | 78.29% Space Free | Partition Type: NTFS

    Computer Name: MARIE-PC | User Name: Marie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = jsfile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2881783767-3588832477-1932076221-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{051E80A7-AC38-4A07-A047-275D1F09679D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{06C98478-C75A-4F8C-8A1A-D0C37ABE7776}" = lport=139 | protocol=6 | dir=in | app=system |
    "{0E674C01-4994-4C7F-BC5B-B2F2820EA195}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
    "{13770184-226E-4EA8-8893-86821780066A}" = rport=445 | protocol=6 | dir=out | app=system |
    "{1B587948-E022-4F3B-ADCB-58EE84761AE0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{319F1560-8BE6-48DA-B12C-B37C9CC8A7FD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{35F78641-E6EB-40F9-A582-7E4F1234E998}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{4D4EBBA3-F335-4694-A06F-887C535C48DC}" = lport=445 | protocol=6 | dir=in | app=system |
    "{4F24E27B-C97A-4E45-B561-401C6349C0FC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{51A87C0F-0966-4175-9411-971E261DE299}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5E02FEE1-CBE3-41D7-93C7-1D550616B24B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6219ABD3-A728-4FA9-9273-2FB7A68203FB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{62A244F0-5386-4862-9AA6-D709E422B8CC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{62C1A6D8-6D5A-4F94-B8E1-4D63A18BAE79}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{66F166D9-79A5-4FBE-AECC-AAFFEA4C2820}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6754CC09-1CA1-4CDE-A4C3-4E3C46B361BE}" = lport=137 | protocol=17 | dir=in | app=system |
    "{72A3A40F-A4D7-456E-81EF-1BCC4AED3491}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7440E153-49B0-4A04-8456-261F9638253F}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{75275F25-0085-4CD5-98CA-D31199122B17}" = rport=139 | protocol=6 | dir=out | app=system |
    "{80DE9C63-4A45-4680-B118-1B37CB30ADBD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8AA273C1-8B89-448E-B649-69D1DB50A8A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9839C682-10A5-409C-81C1-7643AB8F7E84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A0C6E3E8-FA99-48B9-8CB2-A1F45289D180}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
    "{AEB589D1-DC49-492B-86B5-87428429238C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B1A66DA7-AFF6-490D-AED3-F2876D15C34D}" = rport=138 | protocol=17 | dir=out | app=system |
    "{BD3A2301-2091-432E-902C-DF0032F788EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BDBFADFC-6FD4-440A-92A4-B4F6D22BA9B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{BDF570A3-7C1B-4E03-9628-B50A0C5F5E57}" = rport=137 | protocol=17 | dir=out | app=system |
    "{E29FE2FF-1B26-4BD3-8407-594C4A6CE8E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EFADA6F9-0F19-49EE-95A0-48F7891EED60}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{F140412C-9343-4914-9977-F310E7976411}" = lport=138 | protocol=17 | dir=in | app=system |
    "{F52EDA5C-74C0-43B7-BEDB-8F1AD255497E}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{F78D40C6-EC8C-41DB-A0E9-F271C8151100}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FA3C6F08-E23D-444C-9BBC-DDCD565D199E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{093C24EB-0BCC-4A90-99FF-8847EC4EEBCA}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
    "{17B04D3A-2AEC-4721-A57E-B0421047652E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3238DECA-5409-4E9E-9D05-A35367BD5B37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{3271EF1B-3B40-4475-B395-14C041F62FFA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{3CCF9B55-8610-4ED9-9E63-CCE3F124602F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{68F8704C-EB0A-4868-B6C6-F711817E9CA2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6A14FAC2-D231-406A-A848-FFEA150D2408}" = protocol=6 | dir=out | app=system |
    "{6B01BF9C-443F-4500-92A8-BFC4C043F4B2}" = protocol=17 | dir=in | app=c:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe |
    "{74685EFB-F05A-4FF9-864D-99DEA8C0A9E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{762DA69B-AF70-42CB-AD65-D07357CA4C43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7BDCCCD6-E7A1-4F65-BFB5-3E03DCF84999}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{81B6760B-8FEE-4280-B47C-44041CB64FE6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{87D5D37C-2278-4360-8FD0-C083C8C46F60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{891C5222-F59F-4E0F-A943-694742C6DE12}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{8E6A66F4-4878-4F11-8ADB-D4482A611304}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{92749CA1-13B5-49FF-9C8A-B58F0BBCD516}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{95FCD478-BB62-493F-BAAF-8121CFD85E56}" = protocol=6 | dir=in | app=c:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe |
    "{9648088A-1D71-4356-8EF9-CB74C5A9CC1F}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
    "{980F9D63-C919-4BC6-AB08-89E376C93A61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A19DC6A1-A9D3-44A6-A3D5-4D3961EE91AE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{A62173F3-BD49-4BB1-AFB8-2F45B23077BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AFB6D11C-E9D6-4864-9804-5757BA52FF2D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{BE3FCDF2-13F8-42A8-AC4D-E26FDB20CF3C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{BF3EA018-85A1-4B91-8E13-1D2BA39DB6DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{CA2EEDF5-471D-4135-84B4-0F03999B3CA4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{CE50D68E-1931-4534-BE5F-2B9648F39A30}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D0CE8DA0-CC65-4262-8203-91CBA817EA22}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D6ECE3B9-EB14-401B-809D-E11A28492E24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{DE4FCA65-57E2-4186-94C6-639752456FC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{E0E24B0A-E354-4258-B8FF-3AB664C01071}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
    "{E35A3DEB-37E5-47AE-B713-407E51815D08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E5D8CA03-A1A7-4E7E-AAD4-D200500469F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E9A1B541-016E-4E30-9A68-CA6762E0B301}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FAE02BB4-D4C3-48C0-8F32-2B659C34D2E0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FD5EAFAB-4C6A-4183-96CB-F13D5495ED75}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
    "TCP Query User{0FDDDE78-2FDA-454C-9A0B-2C09F450F080}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "TCP Query User{4AA4BF76-A17E-4394-A17C-A7B6F37864CB}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "TCP Query User{8E33C2D0-9E9D-4E4B-AB2E-2E759AEB1F26}E:\program files\new folder\bin\java.exe" = protocol=6 | dir=in | app=e:\program files\new folder\bin\java.exe |
    "TCP Query User{A1648933-30AF-47FB-A771-3C6E18CF7CCA}C:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{156DA707-24AD-4D10-85E3-5A699BA5F571}E:\program files\new folder\bin\java.exe" = protocol=17 | dir=in | app=e:\program files\new folder\bin\java.exe |
    "UDP Query User{47FE9CF4-6719-48EE-B054-DCA725FA64F9}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{B3A40B00-CF3A-4E2F-80EA-2A6ED7ED134D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{EBAE507C-C041-424E-B874-6B636E62A826}C:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{40B91513-A7B9-94AB-5353-926FB1C07334}" = WMV9/VC-1 Video Playback
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{47B188E2-2447-5C40-15B6-9D49DC90BF5B}" = ATI Catalyst Install Manager
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{50E9E32F-063A-412A-9627-553D5DA57C17}" = ESET NOD32 Antivirus
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
    "{6AFF6A80-67F8-4540-B567-14F93E37AA08}" = SmartFTP Client
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A4DA1935-2F04-4AFF-BE48-085CCC7BD0CB}" = Microsoft Research Cliplets
    "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
    "{D7B6A47A-3DC9-64FE-BFD0-ED02F036D539}" = ccc-utility64
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
    "Defraggler" = Defraggler
    "EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "sp6" = Logitech SetPoint 6.32
    "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 (x64)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
    "{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
    "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
    "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{41C82F93-7DBE-2A27-ADF2-71C33A0DD25A}" = SlideshowPlus Design Editor
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{507F35F2-21AA-B252-64B0-9A6B2A818D24}" = PowerSlider Design Editor
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
    "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software (x86)
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
    "{8E884205-E3A3-55F3-2EE2-0E39F8E6CCED}" = Catalyst Control Center Graphics Previews Common
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9329BA0E-DD91-D33E-B73F-AA5179C53736}" = Catalyst Control Center
    "{95381165-5D16-4CD4-9162-57799A3F3AB5}" = Hi-Speed USB Bridge-Network Cable
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Franšais, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}_954" = Adobe Acrobat 9.5.4 - CPSID_83708
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Franšais, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
    "{BD5D6437-94F6-C8F4-AF1B-B1658E0CB8F7}" = CCC Help English
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F38556C1-486C-C07B-4655-2F1BCF18C68A}" = Catalyst Control Center InstallProxy
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
    "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AI RoboForm" = RoboForm 7-8-7-5 (All Users)
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "ColorPic" = ColorPic
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "EPSON Scanner" = EPSON Scan
    "EPSON SX218 Series Manual" = EPSON SX218 Series Manual
    "Google Calendar Sync" = Google Calendar Sync
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "IrfanView" = IrfanView (remove only)
    "JQueryColorsEditor" = PowerSlider Design Editor
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MultiCommander" = MultiCommander
    "Office14.SingleImage" = Microsoft Office Home and Business 2010
    "PSPad editor_is1" = PSPad editor
    "SlideshowPlusEditor" = SlideshowPlus Design Editor
    "SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
    "SmartFTP Client 4.1 (x64) Setup Files" = SmartFTP Client Setup Files 4.1 (x64) (remove only)
    "TextCrawler" = TextCrawler 2.2
    "TopStyle4_is1" = TopStyle 4
    "TopStyle5_is1" = TopStyle 5
    "TuneUp Utilities 2011" = TuneUp Utilities 2011
    "WOW Slider" = WOW Slider

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2881783767-3588832477-1932076221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "4734ddf6fafc297e" = AutoText
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 24/03/2013 09:56:20 | Computer Name = Marie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514,
    time stamp: 0x4ce7989b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000003c5f7
    Faulting
    process id: 0x1068 Faulting application start time: 0x01ce28975c902b3f Faulting application
    path: C:\Windows\servicing\TrustedInstaller.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 9a544561-948a-11e2-ad5a-1c6f65c6fad8

    Error - 24/03/2013 09:56:50 | Computer Name = Marie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514,
    time stamp: 0x4ce7989b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000003c5f7
    Faulting
    process id: 0x450 Faulting application start time: 0x01ce28976e9361a6 Faulting application
    path: C:\Windows\servicing\TrustedInstaller.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: ac46b2e7-948a-11e2-ad5a-1c6f65c6fad8

    Error - 24/03/2013 09:57:20 | Computer Name = Marie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514,
    time stamp: 0x4ce7989b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000003c5f7
    Faulting
    process id: 0xc0c Faulting application start time: 0x01ce28978099a54d Faulting application
    path: C:\Windows\servicing\TrustedInstaller.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: be4cf68e-948a-11e2-ad5a-1c6f65c6fad8

    Error - 24/03/2013 09:57:50 | Computer Name = Marie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514,
    time stamp: 0x4ce7989b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000003c5f7
    Faulting
    process id: 0x1098 Faulting application start time: 0x01ce2897928d9973 Faulting application
    path: C:\Windows\servicing\TrustedInstaller.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: d043f7f4-948a-11e2-ad5a-1c6f65c6fad8

    Error - 24/03/2013 09:58:20 | Computer Name = Marie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514,
    time stamp: 0x4ce7989b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000003c5f7
    Faulting
    process id: 0xd38 Faulting application start time: 0x01ce2897a4849ad9 Faulting application
    path: C:\Windows\servicing\TrustedInstaller.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: e24a3b9c-948a-11e2-ad5a-1c6f65c6fad8

    Error - 24/03/2013 09:58:20 | Computer Name = Marie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514,
    time stamp: 0x4ce7989b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000003c5f7
    Faulting
    process id: 0x6a4 Faulting application start time: 0x01ce2897a4aac07d Faulting application
    path: C:\Windows\servicing\TrustedInstaller.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: e2611efe-948a-11e2-ad5a-1c6f65c6fad8

    Error - 24/03/2013 09:58:51 | Computer Name = Marie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514,
    time stamp: 0x4ce7989b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000003c5f7
    Faulting
    process id: 0x614 Faulting application start time: 0x01ce2897b6a1c1e3 Faulting application
    path: C:\Windows\servicing\TrustedInstaller.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: f45699c4-948a-11e2-ad5a-1c6f65c6fad8

    Error - 24/03/2013 09:58:51 | Computer Name = Marie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514,
    time stamp: 0x4ce7989b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000003c5f7
    Faulting
    process id: 0x13e0 Faulting application start time: 0x01ce2897b6b59804 Faulting application
    path: C:\Windows\servicing\TrustedInstaller.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: f46a6fe5-948a-11e2-ad5a-1c6f65c6fad8

    Error - 24/03/2013 09:59:21 | Computer Name = Marie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514,
    time stamp: 0x4ce7989b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000003c5f7
    Faulting
    process id: 0x11e8 Faulting application start time: 0x01ce2897c8ab12ca Faulting application
    path: C:\Windows\servicing\TrustedInstaller.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 065e640b-948b-11e2-ad5a-1c6f65c6fad8

    Error - 24/03/2013 09:59:51 | Computer Name = Marie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514,
    time stamp: 0x4ce7989b Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000003c5f7
    Faulting
    process id: 0x114 Faulting application start time: 0x01ce2897da9f06f0 Faulting application
    path: C:\Windows\servicing\TrustedInstaller.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 18525831-948b-11e2-ad5a-1c6f65c6fad8

    [ System Events ]
    Error - 24/03/2013 09:58:51 | Computer Name = Marie-PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Modules Installer service terminated unexpectedly. It
    has done this 255 time(s).

    Error - 24/03/2013 09:58:51 | Computer Name = Marie-PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Modules Installer service terminated unexpectedly. It
    has done this 256 time(s).

    Error - 24/03/2013 09:59:21 | Computer Name = Marie-PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Modules Installer service terminated unexpectedly. It
    has done this 257 time(s).

    Error - 24/03/2013 09:59:51 | Computer Name = Marie-PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Modules Installer service terminated unexpectedly. It
    has done this 258 time(s).

    Error - 24/03/2013 10:00:21 | Computer Name = Marie-PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Modules Installer service terminated unexpectedly. It
    has done this 259 time(s).

    Error - 24/03/2013 10:00:21 | Computer Name = Marie-PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Modules Installer service terminated unexpectedly. It
    has done this 260 time(s).

    Error - 24/03/2013 10:00:21 | Computer Name = Marie-PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Modules Installer service terminated unexpectedly. It
    has done this 261 time(s).

    Error - 24/03/2013 10:00:22 | Computer Name = Marie-PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Modules Installer service terminated unexpectedly. It
    has done this 262 time(s).

    Error - 24/03/2013 10:00:22 | Computer Name = Marie-PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Modules Installer service terminated unexpectedly. It
    has done this 263 time(s).

    Error - 24/03/2013 10:00:22 | Computer Name = Marie-PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Modules Installer service terminated unexpectedly. It
    has done this 264 time(s).


    < End of report >

  8. #6
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,522
    Points
    563

    Default

    Hi trulymad,

    Awww! How nice of you to offer payment in return of my desire to help others. My reward is your appreciation for my help.

    Thank you for posting the logs!

    From past experience, and researching the entry that MBAM found in the key it quarantined and deleted, intuition tells me that eveytime you started iTunes that TuneUp Utilities 2011 was executed. Since MBAM has removed that key though, there is no way to export the key to find out for sure.

    Personally, I wouldn't use TuneUp Utilities or any other type of optimizing software on my PC's. In my opinion they're a waste of good HDD space and what they do for the PC is more harmful then what they advertise. Windows 7 is far better at managing itself. I would uninstall the program. Please let me know if you do decide to do so.

    Ccleaner also includes a registry cleaner as does TuneUp Utilities. We advise not to use this or any registry cleaner as there have been reports of them clearing out needed registry entries and messing up PCs. In addition, what they do clean up is so small that little or no advantages are noticed.

    Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix.

    Registry cleaners cannot distinguish between good and bad. If you run a registry cleaner, it will delete all those keys which are obsolete and sitting idle; but in reality, those keys may well be needed by some programs or windows at a later time.

    I have to be honest though, I do use Ccleaner myself though I never use the registry cleaner for the reason I mentioned above. This could be the cause of your Windows Updates problem. I've seen registry cleaners totally anihilate complete hives in the registry and the only solution is to wipe the drive and reformat.

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defenders
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.



    In the meantime, I'll continue viewing your logs above.

    Again, thank you!

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  9. The Following 2 Users Say Thank You to DonnaB For This Useful Post:


  10. #7
    Member
    Join Date
    Mar 2013
    Posts
    56
    Points
    2

    Default

    Donna, you are an angel and a genius!

    Thank you so much for taking the time to explain things so clearly - what you say makes perfect sense, in fact I've long suspected that TuneUp utilities was the culprit for other strange behaviour. I will uninstall it with pleasure.

    I'll be back soon with Farbar Scanner's report.

    Marie

  11. #8
    Member
    Join Date
    Mar 2013
    Posts
    56
    Points
    2

    Default

    Hello Donna

    Here is the FSS text log:

    Farbar Service Scanner Version: 03-03-2013
    Ran by Marie (administrator) on 24-03-2013 at 15:32:32
    Running from "C:\Users\Marie\Desktop\PC problems"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Yahoo.com is offline


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

  12. #9
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,522
    Points
    563

    Default

    Hi trulymad,

    Thank you kindly for the compliment, though I fear I'll have to give credit for my knowledge to all those here at H2G who took me under their wing and shared their knowledge with me.

    Please do the following.

    • Open an elevated command prompt by right clicking on the command prompt and choosing Run as administrator.
    • In the elevated command prompt, type sfc /scannow and press Enter. Please note the space between sfc /. <--Very Important
    • This may take a little bit of time to finish so your patience will be needed.
    • When the scan is complete, open another elevated command prompt and copy and paste the following command, then press Enter.

      findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

      This will place a sfcdetails.txt file on your desktop with only the SFC scan result details from the CBS.LOG in it.
    • Please copy and paste the results in your next reply.


    If the file is too large, you might have to upload it to a Microsoft Skydrive acct or Dropbox acct. and provide the link.

    Thank you,

    Donna
    Last edited by DonnaB; 03-29-2013 at 04:04 PM.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  13. The Following 2 Users Say Thank You to DonnaB For This Useful Post:


  14. #10
    Member
    Join Date
    Mar 2013
    Posts
    56
    Points
    2

    Default

    Ah, the command prompt shows a blank white, 'unrecognised file' symbol. If I double-click on it I get the message: 'Windows cannot open this file: Command Prompt.Ink.

    I can run the CMD thingy though - is that the same thing?

    The sfcdetails.txt is 400 lines long and can be found here, on Dropbox.

    Again, many thanks for your continuing help, Donna - I'm truly grateful.

Page 1 of 11 123 ... LastLast