Page 1 of 3 123 LastLast
Results 1 to 10 of 21
  1. #1
    Member
    Join Date
    Mar 2009
    Posts
    22
    Points
    0

    Default Modem stops working after 10 - 20 minutes whn using my laptop.

    Hi there,

    I have a problem with my laptop that the modem stops working after 10 - 20 minutes use. I have a cable connection, and the first thing I did was get a new box from the cable company. I still have the same problem with the new box.
    When I use a tablet or smart phone I do not get the problem.

    The problem first appeared on 30-Jul-2014.

    When I try to do a system restore to before this date it gives an error as soon as I start the restore and does not run.

    Below are the hijackthis , superantispyware and malwarebytes logs.

    Hope you can help with this.

    Thanks a lot

    Matt



    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 11:37:12, on 03/08/2014
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v10.0 (10.00.9200.17028)

    FIREFOX: 31.0 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Matt\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
    C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
    C:\Users\Matt\Downloads\HijackThis(1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll
    O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    O4 - HKCU\..\Run: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
    O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\Matt\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: EOS Utility.lnk = C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {61EE044F-235C-41F6-A2DF-93B46DA9A756} (Cascade Document Control (No DB)) - https://www.cascadehrponline.net/axc...eDocAxNoDB.ocx
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: @oem20.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10871 bytes





    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 08/03/2014 at 10:48 AM

    Application Version : 6.0.1108
    Database Version : 11415

    Scan type : Complete Scan
    Total Scan Time : 00:17:48

    Operating System Information
    Windows 8 64-bit (Build 6.02.9200)
    UAC On - Limited User

    Memory items scanned : 595
    Memory threats detected : 0
    Registry items scanned : 59240
    Registry threats detected : 0
    File items scanned : 21819
    File threats detected : 298

    Adware.Tracking Cookie
    ds.serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V5QATEMS ]
    ilead.itrack.it [ C:\USERS\MATT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V5QATEMS ]
    msntest.serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V5QATEMS ]
    secure-uk.imrworldwide.com [ C:\USERS\MATT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V5QATEMS ]
    secure.insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V5QATEMS ]
    serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V5QATEMS ]
    stat.ed.cupidplc.com [ C:\USERS\MATT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V5QATEMS ]
    track.webgains.com [ C:\USERS\MATT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V5QATEMS ]
    tracking.onefeed.co.uk [ C:\USERS\MATT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V5QATEMS ]
    EliteMate.com, Free Online Dating, Free Picture Personals, Hottest Singles, Free Local Dating, Find Love, Friends, Pens Pals, Romance, Free Membership, Portal to other dating sites [ C:\USERS\MATT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V5QATEMS ]
    Entrepreneur - Start, run and grow your business. [ C:\USERS\MATT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V5QATEMS ]
    Pornonovinhas.net [ C:\USERS\MATT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V5QATEMS ]
    .imrworldwide.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtechus.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adinterax.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .eyeviewads.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    tracking.dc-storm.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    tracking.dc-storm.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .clickfuse.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .clickfuse.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .bs.serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .tradedoubler.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .tradedoubler.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adlooxtracking.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adlooxtracking.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    tracking.dc-storm.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.ist-track.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .tradedoubler.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    server.lon.liveperson.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .linksynergy.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .linksynergy.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    tracking.dc-storm.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .histats.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .histats.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .ad.mlnadvertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .clickfuse.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .247realmedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    ads2.williamhill.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .sambaporno.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    sexovideo.tv [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .royalmail.112.2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    ads2.globo.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .linksynergy.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .linksynergy.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .linksynergy.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    adserve.postrelease.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    a1.adform.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .googleads.g.doubleclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adform.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    ads2.williamhill.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    tracking.netrefer.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .pd0.imp.revsci.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .3492781.fls.doubleclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    server.adformdsp.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .linkedinsights.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .linkedinsights.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .linkedinsights.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .linkedinsights.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    in.getclicky.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    server.adformdsp.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adformdsp.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    questionnaire.holidaycottages.co.uk [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    statse.webtrendslive.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    tracking-lr.adsafety.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .helponclick.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .basebanner.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .weborama.fr [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .weborama.fr [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    tradefx.advertserve.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    track.adform.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .survey.g.doubleclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    ilead.itrack.it [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .newsquestdigitalmedia.122.2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adinterax.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    c1.adform.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .e-2dj6wclieocpmcq.stats.esomniture.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .tradedoubler.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .tradedoubler.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .tradedoubler.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .smartadserver.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .bs.serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    ilead.itrack.it [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    ww251.smartadserver.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .uk.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    Porno Gratis [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .sambaporno.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .sambaporno.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .sambaporno.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    sexovideo.tv [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    sexovideo.tv [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .sexovideo.tv [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .sexovideo.tv [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .sexovideo.tv [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    sexovideo.tv [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    sexovideo.tv [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    sexovideo.tv [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    sexovideo.tv [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    sexovideo.tv [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .ero-advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .ero-advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .smartclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .exoclick.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .exoclick.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .ero-advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .smartclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adxpansion.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adxpansion.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adxpansion.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adxpansion.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    track.adform.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adform.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .uk.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .uk.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .uk.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    banners.pcg.org.uk [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    oasn-en1.247realmedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    track.supersonicads.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3Q1NLYJH.DEFAULT\COOKIES.SQLITE ]
    cdn1.static.pornhub.phncdn.com [ C:\USERS\SANDR_000\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\D69SE68J ]
    secure.insightexpressai.com [ C:\USERS\SANDR_000\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\D69SE68J ]

    Adware.InstallCore
    C:\USERS\MATT\DOWNLOADS\FLASHPLAYER_SETUP.EXE

    ============
    End of Log
    ============





    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 03/08/2014
    Scan Time: 10:55:17
    Logfile: mbam_20140803.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.08.03.02
    Rootkit Database: v2014.08.01.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: Matt

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 332057
    Time Elapsed: 20 min, 2 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  2. #2
    Member
    Join Date
    Mar 2009
    Posts
    22
    Points
    0

    Default Forgot to mention

    I have Norton security installed which doesn't find any problems...

  3. #3
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello matadoro,

    You have been over looked, do you still need help.

    Joe

  4. #4
    Member
    Join Date
    Mar 2009
    Posts
    22
    Points
    0

    Default

    Yes please, I am still getting the problem, although it now just freezes the modem for 5 or so minutes, then it is fine for another 10 mins and so on.

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

  6. #6
    Member
    Join Date
    Mar 2009
    Posts
    22
    Points
    0

    Default

    Looks like I have to post as 2 seperate threads, the modem gives up before the thread is posted if I try all in 1 go.

    OTL logfile created on: 08/08/2014 08:46:35 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Downloads
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.17028)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    5.89 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 70.07% Memory free
    6.83 Gb Paging File | 4.80 Gb Available in Paging File | 70.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 910.64 Gb Total Space | 857.41 Gb Free Space | 94.16% Space Free | Partition Type: NTFS
    Drive D: | 20.11 Gb Total Space | 2.49 Gb Free Space | 12.41% Space Free | Partition Type: NTFS

    Computer Name: MY_PC | User Name: Matt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/08/08 08:35:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Downloads\OTL.exe
    PRC - [2014/07/10 19:23:28 | 002,640,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2014/07/10 19:23:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2014/06/27 06:56:47 | 000,276,376 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe
    PRC - [2014/01/14 20:46:38 | 003,140,608 | ---- | M] () -- C:\Users\Matt\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/12/17 10:31:16 | 001,238,016 | ---- | M] (Canon INC.) -- C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
    PRC - [2013/12/17 10:31:16 | 000,266,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
    PRC - [2012/11/05 16:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    PRC - [2012/09/07 17:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2012/07/18 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2012/07/18 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2012/07/18 02:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    PRC - [2012/07/18 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2012/06/08 04:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    PRC - [2012/03/28 19:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    PRC - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/08/03 10:04:31 | 001,404,120 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
    MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
    MOD - [2014/02/19 09:09:25 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\025c33a6501815a024f28a2f71add897\CustomMarshalers.ni.dll
    MOD - [2014/02/19 09:08:42 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ea1456f24ec82177f7668e05dc3be08b\System.Configuration.ni.dll
    MOD - [2014/02/19 09:08:31 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\a3bbd31431d7ba74c429588f8532a231\Accessibility.ni.dll
    MOD - [2014/02/18 15:01:37 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9fd292dfdb6f603ef866ad1844e1c59c\System.Xml.ni.dll
    MOD - [2014/02/18 15:01:35 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a25f0fba1eabe72621a562b30081bcaa\System.Windows.Forms.ni.dll
    MOD - [2014/02/18 15:01:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\877505b0899d28885b04e71cf0358fc7\System.Drawing.ni.dll
    MOD - [2014/02/18 15:01:00 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\dc8da0badb9b3a5c24ad7756900f3325\System.ni.dll
    MOD - [2014/02/18 15:00:55 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\87a46d23bf6d209a5590e0fd66fdb68d\mscorlib.ni.dll
    MOD - [2014/01/14 20:46:38 | 003,140,608 | ---- | M] () -- C:\Users\Matt\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    MOD - [2013/12/17 10:31:16 | 000,491,520 | ---- | M] () -- C:\Program Files (x86)\Canon\EOS Utility\EDSDK.dll
    MOD - [2012/07/27 00:08:38 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    MOD - [2012/06/08 04:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/07/23 00:31:23 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2014/05/30 00:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2014/03/29 09:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV:64bit: - [2014/01/16 01:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
    SRV:64bit: - [2013/08/16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
    SRV:64bit: - [2013/06/25 17:58:39 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2013/06/24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
    SRV:64bit: - [2013/06/01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
    SRV:64bit: - [2013/05/04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2013/05/04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
    SRV:64bit: - [2013/04/09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2013/03/02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2013/03/02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2013/01/10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2012/11/06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV:64bit: - [2012/09/20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
    SRV:64bit: - [2012/08/10 16:24:28 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2012/07/26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
    SRV:64bit: - [2012/07/26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
    SRV:64bit: - [2012/07/26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
    SRV:64bit: - [2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
    SRV:64bit: - [2012/07/26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
    SRV:64bit: - [2012/07/26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
    SRV:64bit: - [2012/07/26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
    SRV:64bit: - [2012/07/26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
    SRV:64bit: - [2012/07/26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
    SRV:64bit: - [2012/07/26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
    SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
    SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV - [2014/07/23 07:12:25 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/07/10 19:23:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2014/07/08 19:02:19 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/06/27 06:56:47 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe -- (NIS)
    SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/11/06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV - [2012/09/07 17:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2012/08/08 12:09:02 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
    SRV - [2012/07/26 04:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2012/07/26 04:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2012/07/18 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012/07/18 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012/07/18 02:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
    SRV - [2012/07/18 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2012/07/14 17:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/07/10 19:23:38 | 000,358,616 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\RapportKE64.sys -- (RapportKE64)
    DRV:64bit: - [2014/07/10 19:23:38 | 000,288,440 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\RapportHades64.sys -- (RapportHades64)
    DRV:64bit: - [2014/03/28 20:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
    DRV:64bit: - [2014/03/23 23:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
    DRV:64bit: - [2014/03/04 05:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2014/02/18 02:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\symnets.sys -- (SymNetS)
    DRV:64bit: - [2014/02/13 02:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2014/01/29 12:55:29 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2013/12/04 11:02:30 | 002,505,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2013/10/10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
    DRV:64bit: - [2013/10/05 07:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
    DRV:64bit: - [2013/10/02 03:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
    DRV:64bit: - [2013/09/27 03:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2013/09/26 03:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\ccsetx64.sys -- (ccSet_NIS)
    DRV:64bit: - [2013/09/10 03:47:38 | 000,023,568 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\symelam.sys -- (SymELAM)
    DRV:64bit: - [2013/09/10 03:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\symds64.sys -- (SymDS)
    DRV:64bit: - [2013/09/10 02:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1504000.00D\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2013/08/16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
    DRV:64bit: - [2013/08/10 07:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2013/07/09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
    DRV:64bit: - [2013/07/02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
    DRV:64bit: - [2013/07/02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
    DRV:64bit: - [2013/06/29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2013/06/25 18:07:15 | 000,495,856 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2013/06/25 18:07:13 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
    DRV:64bit: - [2013/06/25 17:58:40 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2013/06/01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
    DRV:64bit: - [2013/03/02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
    DRV:64bit: - [2013/03/02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
    DRV:64bit: - [2013/01/10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
    DRV:64bit: - [2012/11/27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
    DRV:64bit: - [2012/11/20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
    DRV:64bit: - [2012/11/06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
    DRV:64bit: - [2012/10/12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/10/11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
    DRV:64bit: - [2012/09/24 13:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2012/09/20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2012/09/20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2012/08/31 09:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
    DRV:64bit: - [2012/08/24 10:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
    DRV:64bit: - [2012/08/08 06:17:54 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/07/31 20:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
    DRV:64bit: - [2012/07/31 09:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
    DRV:64bit: - [2012/07/26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/07/26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
    DRV:64bit: - [2012/07/26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
    DRV:64bit: - [2012/07/26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
    DRV:64bit: - [2012/07/26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
    DRV:64bit: - [2012/07/26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
    DRV:64bit: - [2012/07/26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
    DRV:64bit: - [2012/07/26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2012/07/26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2012/07/26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
    DRV:64bit: - [2012/07/26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2012/07/26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
    DRV:64bit: - [2012/07/26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
    DRV:64bit: - [2012/07/26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2012/07/26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
    DRV:64bit: - [2012/07/26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/07/26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/07/26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
    DRV:64bit: - [2012/07/26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
    DRV:64bit: - [2012/07/26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/07/26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
    DRV:64bit: - [2012/07/26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
    DRV:64bit: - [2012/07/26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
    DRV:64bit: - [2012/07/26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
    DRV:64bit: - [2012/07/26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
    DRV:64bit: - [2012/07/26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
    DRV:64bit: - [2012/07/26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
    DRV:64bit: - [2012/07/26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
    DRV:64bit: - [2012/07/26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
    DRV:64bit: - [2012/07/26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
    DRV:64bit: - [2012/07/26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
    DRV:64bit: - [2012/07/26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
    DRV:64bit: - [2012/07/26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
    DRV:64bit: - [2012/07/26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/07/26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
    DRV:64bit: - [2012/07/26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2012/07/26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
    DRV:64bit: - [2012/07/26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
    DRV:64bit: - [2012/07/26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
    DRV:64bit: - [2012/07/26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
    DRV:64bit: - [2012/07/25 23:53:22 | 011,926,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/07/04 14:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
    DRV:64bit: - [2012/07/03 00:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2012/06/29 03:00:48 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
    DRV:64bit: - [2012/06/19 16:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV - [2014/08/03 10:04:31 | 000,631,128 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys -- (RapportCerberus_69875)
    DRV - [2014/07/10 19:23:38 | 000,414,296 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
    DRV - [2014/07/10 19:23:38 | 000,299,736 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
    DRV - [2014/06/28 10:23:13 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140807.009\ex64.sys -- (NAVEX15)
    DRV - [2014/06/28 10:23:13 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140807.009\eng64.sys -- (NAVENG)
    DRV - [2014/06/12 01:24:09 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2014/06/11 05:26:31 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2014/05/16 06:09:34 | 000,631,096 | ---- | M] () [Kernel | Disabled | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys -- (RapportCerberus_68261)
    DRV - [2014/05/10 02:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2014/03/26 07:40:34 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140806.001\IDSviA64.sys -- (IDSVia64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1001\..\SearchScopes\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN UK - Outlook.com formerly Hotmail, Bing, Skype and Latest News
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1004\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1004\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1004\..\SearchScopes\{C5366604-2FED-4B35-9AEB-30FC4DA8F5B8}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1004\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    IE - HKU\S-1-5-21-1600574198-2878953194-4214060220-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
    FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.28.1
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@canon.com/UCPlugin: C:\Program Files (x86)\Canon\Uploader for CANON iMAGE GATEWAY Plugin\\npUploaderForCiG.dll ()
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/08/03 10:05:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014/02/18 14:31:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2013/01/04 21:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\mozilla\Extensions
    [2014/07/17 12:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\mozilla\Firefox\Profiles\3q1nlyjh.default\extensions
    [2013/09/04 11:48:06 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Matt\AppData\Roaming\mozilla\Firefox\Profiles\3q1nlyjh.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    [2014/07/23 07:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/07/23 07:12:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
    O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll (Symantec Corporation)
    O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll (Symantec Corporation)
    O3:64bit: - HKU\S-1-5-21-1600574198-2878953194-4214060220-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-1600574198-2878953194-4214060220-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-1600574198-2878953194-4214060220-1001..\Run: [Amazon Cloud Player] C:\Users\Matt\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
    O4 - HKU\S-1-5-21-1600574198-2878953194-4214060220-1001..\Run: [Power2GoExpress8] C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp.)
    O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
    O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk = C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {61EE044F-235C-41F6-A2DF-93B46DA9A756} https://www.cascadehrponline.net/axc...eDocAxNoDB.ocx (Cascade Document Control (No DB))
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{033C2D49-B65B-4B99-86FF-AA63DEA8E6A9}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/08/03 10:54:54 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/08/03 10:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/08/03 10:54:29 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/08/03 10:54:28 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
    [2014/08/03 10:54:28 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/08/03 10:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
    [2014/08/03 10:43:49 | 000,000,000 | ---D | C] -- C:\logs
    [2014/08/03 10:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/08/03 10:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/08/03 10:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/07/29 11:06:06 | 000,000,000 | ---D | C] -- C:\ATS
    [2014/07/23 07:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2014/07/09 18:11:52 | 006,974,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2014/07/09 18:11:51 | 001,824,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2014/07/09 18:11:51 | 001,023,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
    [2014/07/09 18:11:50 | 000,693,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
    [2014/07/09 18:11:50 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
    [2014/07/09 18:11:49 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
    [2014/07/09 18:11:49 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
    [2014/07/09 18:11:49 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
    [2014/07/09 18:11:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
    [2014/07/09 18:11:43 | 001,557,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
    [2014/07/09 18:11:43 | 001,440,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
    [2014/07/09 18:11:33 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
    [2014/07/09 18:11:21 | 001,281,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2014/07/09 18:11:20 | 000,588,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
    [2014/07/09 18:11:17 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
    [2014/07/09 18:11:17 | 000,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
    [2014/07/09 18:10:28 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/07/09 18:10:23 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2014/07/09 18:10:22 | 001,508,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/07/09 18:10:22 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2014/07/09 18:10:21 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2014/07/09 18:10:20 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/07/09 18:10:20 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
    [2014/07/09 18:10:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/07/09 18:10:20 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/07/09 18:10:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2014/07/09 18:10:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2014/07/09 18:10:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2014/07/09 18:10:17 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/07/09 18:10:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2014/07/09 18:10:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2014/07/09 18:10:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2014/07/09 18:10:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
    [2014/07/09 18:10:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2014/07/09 18:10:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2014/07/09 18:10:14 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
    [2014/07/09 18:10:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2014/07/09 18:10:12 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2014/07/09 18:10:02 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
    [2014/07/09 18:10:02 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
    [6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/08/08 08:15:06 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/08/08 08:12:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/08/08 08:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/08/08 07:50:10 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/08/04 17:53:49 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMatt.job
    [2014/08/03 10:55:01 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/08/03 10:54:34 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/08/03 10:28:25 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/08/03 10:06:44 | 000,941,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/08/03 10:06:44 | 000,788,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/08/03 10:06:44 | 000,162,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/08/03 10:01:52 | 000,323,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/08/03 10:01:32 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
    [2014/08/03 10:01:31 | 768,622,591 | -HS- | M] () -- C:\hiberfil.sys
    [2014/07/31 11:53:15 | 000,042,291 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1504000.00D\VT20140731.006
    [2014/07/15 17:12:07 | 002,754,681 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1504000.00D\Cat.DB
    [2014/07/15 17:11:19 | 000,002,461 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2014/07/10 19:23:38 | 000,358,616 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
    [2014/07/10 19:23:38 | 000,288,440 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportHades64.sys
    [6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/08/03 10:54:34 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/08/03 10:28:24 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/08/03 10:01:41 | 000,323,592 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/09/11 07:13:08 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
    [2013/06/17 19:41:18 | 000,005,632 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/03/31 13:58:06 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI

    ========== ZeroAccess Check ==========

    [2012/08/31 22:56:44 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 09:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 07:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >

  7. #7
    Member
    Join Date
    Mar 2009
    Posts
    22
    Points
    0

    Default

    OTL Extras logfile created on: 08/08/2014 08:46:36 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Downloads
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.17028)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    5.89 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 70.07% Memory free
    6.83 Gb Paging File | 4.80 Gb Available in Paging File | 70.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 910.64 Gb Total Space | 857.41 Gb Free Space | 94.16% Space Free | Partition Type: NTFS
    Drive D: | 20.11 Gb Total Space | 2.49 Gb Free Space | 12.41% Space Free | Partition Type: NTFS

    Computer Name: MY_PC | User Name: Matt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1600574198-2878953194-4214060220-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1114BE7B-1F5B-4C8C-A73C-BDFD638E8643}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2CA236D8-DA06-4B25-BDD4-E60EBD1EF18B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{30D6A666-F1B1-4A71-B691-B65D4329B3BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{42E9539D-8EE4-4F0A-8FFF-556C8B6E78E6}" = rport=139 | protocol=6 | dir=out | app=system |
    "{43883C4A-1A30-47BB-960E-FC1295D4B3E8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{46C59779-D883-4999-A807-C1070195508A}" = rport=445 | protocol=6 | dir=out | app=system |
    "{511B5D88-B2D0-4090-9D75-7FCF2B8817BF}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{5A64322A-E1D5-4635-9C3F-0D685EA131EF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5DB070F0-50E1-4CCA-BE51-4422C1447D5D}" = lport=137 | protocol=17 | dir=in | app=system |
    "{6E207A65-ADDA-48C2-8BA9-1A3850C4D2D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7CE5D70F-3607-4242-87A6-0A3694F88F1D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{90FCFF28-C61F-48BD-AC8B-CD80890F0DAB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A18C0B53-5F9E-416F-A10A-243899D9A82A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A93A8320-EB71-4D54-A389-BCAA608C1F0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B8ECF4D8-4613-4510-B912-DFCD3A470B5B}" = lport=139 | protocol=6 | dir=in | app=system |
    "{C605A3AB-C47B-4CAF-8D91-7900AC4514C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{C7FB0E46-21D8-41EB-AE63-476B3F3EF63B}" = lport=138 | protocol=17 | dir=in | app=system |
    "{DB717B52-C1FF-4878-9327-5C195FD4204E}" = rport=138 | protocol=17 | dir=out | app=system |
    "{E3C6BDDC-0D96-47C9-9893-4D26CDA39D58}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{E42AA00C-B2F2-4511-B466-48FDF48D5524}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EA94A2B9-5100-4CD9-A13A-03299C1A5D90}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{EAE055C1-B03C-4216-88E9-6240ECD1D21B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{ECE26FE2-EFD3-4B34-A7CF-30F7D11F181D}" = rport=10243 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{021528AB-F137-435D-9869-FC45DC84B79D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{0508DF8E-A024-4EB1-8F80-7F864F3730BF}" = protocol=6 | dir=in | app=c:\program files (x86)\canon\eos utility\eosupnpsv.exe |
    "{09FF91F0-EEA8-4FBC-985F-D63C895CDFF7}" = dir=out | name=flow free |
    "{0A13DC4C-C90B-4F9A-A4F8-96C5B7185CF7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{0A309EED-6FC0-4359-B33E-AA0F1B99328B}" = dir=out | name=hp printer control |
    "{0DFF597A-BF8E-4028-A6C7-16233C9A3B2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1490ED48-D9AA-4B1F-8CBB-348C44AC48BD}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
    "{172F33F7-E164-4B3F-8D48-6CC4C00C3775}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{18D767C3-DF1F-470F-B13B-CE6835768140}" = dir=in | name=@{microsoft.skypeapp_1.6.0.114_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
    "{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
    "{1D20B732-61E0-4C5D-8D32-4DB847C84FC4}" = dir=in | name=hp connected photo powered by snapfish |
    "{1DCF9EDF-F8B7-42E7-A76E-F9D54C4685E7}" = dir=out | name=getting started with windows 8 |
    "{1F58C23B-A11E-4EB9-B9A7-D0977A2DDBA7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{1FD761B3-327D-48E4-89E8-0454A9C172E2}" = dir=out | name=@{microsoft.xboxlivegames_1.2.143.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    "{20A92B18-9B17-4A69-8E80-5C1E4CC39539}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{226A890B-05D7-4796-AB5E-7FBC235DD10D}" = dir=out | name=bubblebreaker |
    "{25CF385A-9724-4F84-8427-FC16E73052C9}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    "{2B9EA570-8A85-40CC-878D-12AE2A478447}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
    "{2EDB77FD-1549-44CE-ADE0-90E1D083828E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
    "{2EF49296-A654-46F4-8780-7E4353113767}" = dir=in | name=hp printer control |
    "{37D8D9DF-201F-4814-B923-8432BF446A7E}" = dir=out | name=norton studio |
    "{3C48FAF2-E406-4382-A60E-D92DA552AE17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{3C74868E-25B0-4533-BA64-18F5A2A552B3}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{3D47C117-555B-4132-973F-EDA2BBAE9BAB}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{3D68D98F-9538-480A-874B-9DC76BC1EC46}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{401D921D-4622-411D-9D08-8B71F77C1398}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
    "{41D72BAD-A836-4C69-A106-306D985F1145}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{41DA2E08-D224-4D88-B073-1C14B573C112}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
    "{423E2393-8383-4B1B-B2AB-86DFD75EF9AB}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{43732E37-7740-4456-9D88-3A5D1975918F}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
    "{46B4B2A6-11CB-44C3-8F5A-5E6107727F6C}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{4C1508E1-283C-409D-8594-F69F1984E5E5}" = dir=out | name=ebay |
    "{4DD67B24-FDA8-44C8-82DA-543CDB305B22}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
    "{4E62FFA1-D4B6-421A-9440-07AB74A15744}" = dir=out | name=blocked in |
    "{525F43C4-3100-440A-AC93-F940113948C1}" = dir=out | name=hp registration |
    "{568661BC-5BEB-41F5-AB20-D1BAB4871B74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5B1BCB57-7A5D-4958-AE02-003925B8B3B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5B667034-F0FC-40DF-A841-1A8FA4799F19}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{6003DE2F-ABEA-48E0-BD52-EFB77257D5E1}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
    "{6249882D-E60B-4E0B-A509-B378D80C9C68}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{65E22696-26FE-483E-B653-B9D54484E825}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{664DC1F3-EB36-4324-B787-DECB9512A6F9}" = dir=in | name=hp connected photo powered by snapfish |
    "{6A10743F-884E-40F1-BBD2-FC8F984E794F}" = dir=out | name=@{microsoft.xboxlivegames_1.2.143.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    "{6B4EB465-3529-4A1D-9ED4-3A1816F5C111}" = dir=out | name=@{microsoft.zunevideo_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
    "{6BAAD4CA-534F-4F14-A2EF-F1FF4117DEFB}" = dir=out | name=cut the rope |
    "{6E2DCEDB-1588-4759-B329-4515FA1C8A0F}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{6E5BFB6C-2C10-4739-AB5B-32FD058C2B7E}" = dir=in | name=ebay |
    "{712A9778-5B2B-4FA4-8190-A1DA0EE1B0D6}" = dir=out | name=norton studio |
    "{7775E9F0-EAC5-477B-B04E-8218A853E481}" = dir=out | name=hp connected photo powered by snapfish |
    "{7BD941EE-F745-4DA8-8339-BD848DE9FA54}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7F8CD008-A402-4145-93B5-894EAA56D3A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{87F3B423-A109-42F0-863C-D8A18474539B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{88717A9D-19B4-4A5A-8660-73BE9A3549D9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{8AFB7276-F31B-42BE-9472-71634DA88CBC}" = dir=out | name=ebay |
    "{959ECBAE-80A3-46BF-AD69-86CD5C055B69}" = dir=out | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
    "{97473A64-98D6-4270-82F7-3235AE6D2B5B}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    "{9AE6C66E-99F3-4B99-B953-90C1C4CE373B}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
    "{A16A4A73-7F50-44CB-BA19-92D791097BF7}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    "{A365130B-EB78-4A2B-A99A-7EC34CB12C0F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A39122DE-88F5-4173-A04E-53061413330E}" = dir=out | name=hp registration |
    "{A4BF0116-65D3-476A-B223-4A223B54122E}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    "{A6E2510E-0DFD-4F08-BAB4-935B648A113F}" = dir=out | name=hp connected photo powered by snapfish |
    "{AACF0065-BB38-4574-8E63-8134765F4CF1}" = dir=out | name=@{microsoft.skypeapp_1.6.0.114_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
    "{AEBECC5A-CC80-4D91-BC4B-285087D93188}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AEC36E83-F672-4697-A831-AC34A9DF257A}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{B544D980-8487-45AF-9C15-63D52C74B959}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B83F03CA-4D8E-4F98-A16C-458A3FF8A14C}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
    "{B8FA6603-C53D-4C99-8710-82C8315240B0}" = dir=in | name=ebay |
    "{BB67E691-FC47-4BFB-8350-A728B80B67BD}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{BC7B920D-6F44-4390-BC25-49218BB7280F}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    "{BDBB2A1E-6CAA-4809-8B92-E81A0337E951}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    "{BDC8851E-6BEE-4A79-B8BB-56B6C85F1978}" = dir=out | name=@{microsoft.zunevideo_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
    "{C0A79C50-6FCA-449E-8A4B-472779FD9262}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    "{C1082317-8954-48F8-AEAA-781239FCDB99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CA2926EE-C073-466B-8DFE-26B35AFA32A8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
    "{CB51DD7A-4DA3-45D6-B4B5-692BE8025D51}" = dir=in | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
    "{D2832578-46B2-4973-849D-2AF5CEA21E24}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
    "{D28E528F-FA63-491F-9BE9-B9045A7B9FB4}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
    "{D49DA444-B612-4D8E-8EC9-3EC3E468DA2E}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
    "{E3BA90E8-AABA-40B8-B401-76E4430183E7}" = dir=out | name=bubble star |
    "{E608A600-8CFD-4D97-9F4A-0D9A801D766A}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{E9970A7F-1350-4418-A7CE-BF348B6F895E}" = protocol=17 | dir=in | app=c:\program files (x86)\canon\eos utility\eosupnpsv.exe |
    "{EAE2904B-AE28-44C0-902C-2D43C4AA2B95}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    "{EF918768-2F92-443D-A803-DB69FCA75FFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EFE6C5C8-DFD3-4776-A898-712E48B8DCC3}" = protocol=6 | dir=out | app=system |
    "{F25D8AC8-A552-43BB-B359-0B9C812235B1}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    "{F55FF0DD-6DB0-4701-8A49-7F9BDF6F5295}" = dir=out | name=getting started with windows 8 |
    "{F56FE87F-658F-4956-964A-279E2E6AAB0A}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{F70F33E2-1F09-490D-84FC-359FF5CF9679}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F864D8F7-781B-4BD5-9324-6315C022E1A5}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{FCB53384-0DEE-483D-9CB5-76B182D35ADE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{FD46BB67-CD55-449C-A071-74D1CD98438D}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{FDFF12E0-4DFE-4899-9751-53616040E162}" = dir=out | name=microsoft solitaire collection |
    "{FE9C207B-CD3E-4D79-9A12-9998AD240285}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}" = WinZip 17.5
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
    "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
    "McAfee Security Scan" = McAfee Security Scan Plus
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}" = HP Documentation
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1" = Connected Music powered by Universal Music Group version 1.0
    "{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
    "{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
    "{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59F8C5AA-91BD-423D-BF05-09A80F39898F}" = HP CoolSense
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8A9FC225-75F6-4B5D-911C-0ED230565643}" = HP Product Detection
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
    "{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
    "{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E5823036-6F09-4D0A-B05C-E2BAA129288A}" = HP Quick Launch
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "7-Zip" = 7-Zip 9.22beta
    "Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "DPP" = Canon Utilities Digital Photo Professional 3.10
    "EOS Sample Music" = Canon Utilities EOS Sample Music
    "EOS Utility 2" = Canon Utilities EOS Utility 2
    "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
    "InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
    "InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
    "InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
    "Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
    "NIS" = Norton Internet Security
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picture Style Editor" = Canon Utilities Picture Style Editor
    "Rapport_msi" = Trusteer Endpoint Protection
    "StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
    "Uploader for CANON iMAGE GATEWAY Plugin" = Canon Utilities Uploader for CANON iMAGE GATEWAY Plugin
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1600574198-2878953194-4214060220-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Amazon Cloud Player" = Amazon Cloud Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 03/08/2014 04:50:29 | Computer Name = my_pc | Source = System Restore | ID = 8210
    Description =

    Error - 03/08/2014 08:03:02 | Computer Name = my_pc | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
    Description = Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
    failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log
    for additional information.

    Error - 03/08/2014 08:03:10 | Computer Name = my_pc | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
    Description = Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
    failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log
    for additional information.

    Error - 03/08/2014 08:30:07 | Computer Name = my_pc | Source = Application Error | ID = 1000
    Description = Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp:
    0x50079e34 Faulting module name: d2d1.dll, version: 6.2.9200.16765, time stamp:
    0x528bf8d9 Exception code: 0xc0000005 Fault offset: 0x0015948b Faulting process ID:
    0x176c Faulting application start time: 0x01cfaf1560e65d0b Faulting application path:
    C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exe Faulting module
    path: C:\Windows\SYSTEM32\d2d1.dll Report ID: e6a9ef74-1b09-11e4-bea2-28924a478ded
    Faulting
    package full name: Faulting package-relative application ID:

    Error - 05/08/2014 13:05:51 | Computer Name = my_pc | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
    Description = Activation of application SymantecCorporation.NortonStudio_v68kp9n051hdp!App
    failed with error: -2147467263 See the Microsoft-Windows-TWinUI/Operational log
    for additional information.

    Error - 06/08/2014 09:31:38 | Computer Name = my_pc | Source = Application Hang | ID = 1002
    Description = The program WWAHost.exe version 6.2.9200.16420 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 35c Start
    Time: 01cfb17aab714e1a Termination Time: 4294967295 Application Path: C:\Windows\System32\WWAHost.exe

    Report
    Id: fd741bdf-1d6d-11e4-bea2-28924a478ded Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

    Faulting
    package-relative application ID: Windows.Store

    Error - 06/08/2014 09:31:37 | Computer Name = my_pc | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
    Description = Package winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy was terminated
    because it took too long to suspend.

    Error - 06/08/2014 09:32:52 | Computer Name = my_pc | Source = Application Hang | ID = 1002
    Description = The program WWAHost.exe version 6.2.9200.16420 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 17d0 Start
    Time: 01cfb17ac3ed63cd Termination Time: 4294967295 Application Path: C:\Windows\System32\WWAHost.exe

    Report
    Id: 29da2601-1d6e-11e4-bea2-28924a478ded Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

    Faulting
    package-relative application ID: Windows.Store

    Error - 06/08/2014 09:32:52 | Computer Name = my_pc | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
    Description = Package winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy was terminated
    because it took too long to suspend.

    Error - 08/08/2014 03:09:27 | Computer Name = my_pc | Source = VSS | ID = 8194
    Description =

    [ System Events ]
    Error - 25/07/2014 02:45:08 | Computer Name = my_pc | Source = Ntfs | ID = 55
    Description = A corruption was discovered in the file system structure on volume
    ??. A corruption was found in a file system index structure. The file reference
    number is 0x1000000006de0. The name of the file is "\Windows\System32". The corrupted
    index attribute is ":$I30:$INDEX_ALLOCATION".

    Error - 01/08/2014 14:19:58 | Computer Name = my_pc | Source = DCOM | ID = 10010
    Description =

    Error - 03/08/2014 04:46:47 | Computer Name = my_pc | Source = DCOM | ID = 10010
    Description =

    Error - 03/08/2014 04:48:11 | Computer Name = my_pc | Source = Service Control Manager | ID = 7043
    Description = The Windows Update service did not shut down properly after receiving
    a pre-shutdown control.

    Error - 03/08/2014 04:48:16 | Computer Name = my_pc | Source = Ntfs | ID = 55
    Description = A corruption was discovered in the file system structure on volume
    ??. A corruption was found in a file system index structure. The file reference
    number is 0x1000000006de0. The name of the file is "\Windows\System32". The corrupted
    index attribute is ":$I30:$INDEX_ALLOCATION".

    Error - 03/08/2014 05:15:09 | Computer Name = my_pc | Source = Ntfs | ID = 55
    Description = A corruption was discovered in the file system structure on volume
    ??. A corruption was found in a file system index structure. The file reference
    number is 0x1000000006de0. The name of the file is "\Windows\System32". The corrupted
    index attribute is ":$I30:$INDEX_ALLOCATION".

    Error - 03/08/2014 08:03:02 | Computer Name = my_pc | Source = DCOM | ID = 10010
    Description =

    Error - 03/08/2014 08:03:10 | Computer Name = my_pc | Source = DCOM | ID = 10010
    Description =

    Error - 03/08/2014 16:24:31 | Computer Name = my_pc | Source = DCOM | ID = 10010
    Description =

    Error - 03/08/2014 16:24:31 | Computer Name = my_pc | Source = DCOM | ID = 10010
    Description =


    < End of report >

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    I'm not seeing any malware on this machine. When you say the modem stops working, what kind of error if any are you getting and is the machine unable to connect to the internet at that time ? If is unable to connect are you rebooting / restarting the computer and then it works for a while ?

    What is the make and model # of your computer?


    Joe

  9. #9
    Member
    Join Date
    Mar 2009
    Posts
    22
    Points
    0

    Default

    The problem I get is that it freezes for several minutes. I can either reboot the modem or just wait and it comes back again.

    I have an HP pavillion G6 runnimg windows 8.

    I believe the problem to be some software on the laptop which freezes the modem, as the modem works fine when the laptop is not being used. It is definately the modem which gets hit as using any other device at the same time the internet connection is also frozen.

    I do not reboot the laptop, it is the modem which needs to be rebooted to get the connection back again, or if I leave it long enough it starts to work again without doing anything more.

    Hope this helps explain what is happening a bit better.

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    I know you got a new one, But what is the brand name of the modem / router you're using ?

Page 1 of 3 123 LastLast