ljordan

Members

View Profile See their activity

Posts
13
Joined
June 8, 2011
Last visited
June 15, 2011

Tech Info

Experience
beginner
System: windows_xp_64_bit

ljordan's Achievements

Newbie (1/14)

Reputation

Series of (most probably) related issues on Vista PC.

ljordan replied to ljordan's topic in Tech Support & Discussions Forum

I think I typed in net start MSIServer and then possibly msexec /reserver. I just reseated everything too on the recommendation of a friend and no improvement has been made. It seems odd that the last known config option isn't available on the boot menu.
- June 15, 2011
- 21 replies
Series of (most probably) related issues on Vista PC.

ljordan replied to ljordan's topic in Tech Support & Discussions Forum

Oh I also typed some things into the run box on the recommendation of others. Not sure of everything I typed, but definitely MSIExec.exe and some other things like it. Quite a frustrating experience so far. Any help you can lend is appreciated.
- June 15, 2011
- 21 replies
Series of (most probably) related issues on Vista PC.

ljordan replied to ljordan's topic in Tech Support & Discussions Forum

My computer has taken a turn for the worse. Since my last post Ive been attempting to fix Windows installer by installing the 4.5 update, I don't know what I've done but now I'm unable to boot my computer at all. Doing so results in it loading a black screen in which I can only use the cursor and nothing else. Computer won't boot in safe mode and I'm unable to choose a last known config option. Sadly I won't be able to access the Vista disk until next week so I'm at a loss as what to do. I'm thus unable to attempt any of the suggestions above due to this problem.
- June 15, 2011
- 21 replies
Series of (most probably) related issues on Vista PC.

ljordan replied to ljordan's topic in Tech Support & Discussions Forum

The extras.txt file. OTL Extras logfile created on: 14/06/2011 12:41:02 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Gill\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 32.92% Memory free 6.20 Gb Paging File | 3.91 Gb Available in Paging File | 63.13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.88 Gb Total Space | 43.64 Gb Free Space | 18.74% Space Free | Partition Type: NTFS Drive E: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: LUKE-PC | User Name: Gill | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe () [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" () InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l () InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" () piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 90 44 84 54 3F C8 C8 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04454B1B-CEB0-40B1-9EE8-1AD116A120EF}" = lport=2869 | protocol=6 | dir=in | app=system | "{05748618-F2B2-41C9-A392-1BDDF330CA6E}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{12D4D372-8BEC-4660-98A7-D25F08E61A5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2195F25B-4395-4BE1-AE34-9F97CC2CC487}" = rport=10244 | protocol=6 | dir=out | app=system | "{259CEDDB-9102-461C-A974-7A07648CFD1B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{293BC4DF-9451-4214-AAC6-61FFA8440FD8}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | "{2F21B8B2-09A0-4084-A16C-1F6D6985E7A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2FD989A7-25BF-4F23-A734-EE167BF75F23}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{30504BA7-11A1-4906-85DE-8257D7E8A2CC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{321413CF-056B-4A0E-B779-F62905051F8D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3D29000A-B3D0-42C4-A0B0-0E0A117990E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{42D45D0B-808C-427E-923E-AD7314601DF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{44648BE1-1992-42E1-8345-68E1263269D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{466182AA-A6CE-4165-9D2B-8BF54459CC1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4822EA0A-5098-4054-A56E-2441FF3D4843}" = rport=2178 | protocol=6 | dir=out | app=system | "{48AB99F2-05DF-4F50-BAA5-3218E604C34D}" = rport=10243 | protocol=6 | dir=out | app=system | "{49884EB7-BC94-4296-ACA1-75C43572D93E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{4D2382CD-7F25-4050-A4E5-34FC1D1B6735}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4EA1FD8C-0158-4473-81BE-402D4B53931C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52AC8FD8-22C1-438C-8D21-598AEE90C5F9}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{532F19C5-59C8-4BF4-80E1-ECB2B0021227}" = rport=2869 | protocol=6 | dir=out | app=system | "{5C5872DF-1FB9-4BA7-BC51-239DE3824DE2}" = lport=2869 | protocol=6 | dir=in | app=system | "{6503E575-0F1E-4320-9BAC-22EB3AA0D88F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{78162531-67EC-4E24-95B1-D8848CF2D059}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7B56CAB2-16C8-4DB9-9DF9-3DECF00F6446}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | "{7BD1431B-49A2-473C-905C-89A950A8AE57}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{86ABD41A-851F-4858-9234-2D0EB8D22F9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8A7A8FC1-074A-4A7E-8F6C-16B2DF43A200}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8B5002F0-257E-4880-944C-957EA583F2C8}" = rport=10244 | protocol=6 | dir=out | app=system | "{8D4018E7-F85F-4DFA-B638-E461764789D2}" = lport=2178 | protocol=6 | dir=in | app=system | "{922CC534-482D-432C-83F3-1F15B81FA8DE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9AFA6AB0-5EF9-414C-9F7C-8AFEC5DA1129}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{9C2DD3D8-26A4-4516-8B32-D09A54EDE3F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9EB94EED-C62E-42EA-A272-BD7EEF6413B6}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{A186686A-8659-45A4-A42A-6C71E9768685}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A23C5AC4-5DAE-48F4-93CC-D98CE92495B2}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{A444F0C9-AE74-4736-87E7-D8CC9EE2CABA}" = lport=10244 | protocol=6 | dir=in | app=system | "{AC05D5AB-F080-4DFF-AFD5-726CBC2AC7F2}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | "{B6263804-1AA3-444E-AD0A-07F6AC9EE6C2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B693F5B4-E0CD-43B5-A0C4-89EAE234B9D8}" = lport=2869 | protocol=6 | dir=in | app=system | "{B9DA3941-5B25-472D-A5EB-3FA50F70D9B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C735A5DE-9D30-47F3-A871-BA6D8ADEF495}" = lport=3390 | protocol=6 | dir=in | app=system | "{CBEFE5DA-EDDE-4CD3-B65E-B78EFF915931}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{CC5C7EB0-5D8B-4DF8-BC25-87F2B9948ED1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D3B594B4-842A-48B7-9F65-1BE4B7B5F5D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D6E5424D-DBBD-47C4-AE45-8F84CF12A466}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D7C79722-C539-4F3D-85D0-6D912F7D72C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DC45D307-0E3E-4EED-BE36-01935B89ED7B}" = lport=10244 | protocol=6 | dir=in | app=system | "{F0F9FF11-00A4-4169-949D-E24F71CC58F4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{F16159A3-BBA0-4A43-8663-97562524F0A2}" = lport=3390 | protocol=6 | dir=in | app=system | "{F735C835-3CFD-494B-B5CB-9120FEC4D888}" = lport=10243 | protocol=6 | dir=in | app=system | "{FBB76F75-E4CE-46F6-9255-9DD0038D6B77}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FCB92B01-D1EF-4FBF-9372-468BB4D6B882}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CBB940-F989-48F6-8C1E-A191EABDD8CB}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | "{021A4F6F-0038-4340-98FE-3653A5068023}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{02367ABD-2C9A-402C-BC67-96850EB944BB}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "{02E55F7F-49BD-47E8-B2DF-3B0C4B31051B}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | "{09575E6E-82A6-4A0A-A518-1DF873C6943D}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | "{0AB9DDB0-CB0E-4D68-9D4C-E535857E495D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{0C98B1C7-582F-4B18-8A01-04905B097DB7}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{0CBF385A-D6BF-4223-81C2-74C2AD00545E}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | "{0DEDB192-BFE4-4B4B-A5B3-92407BA7407F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{0E2F7BCF-3C2B-49FF-9AC1-D262359CC83D}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | "{13B853B6-22D5-45FA-B833-29EB914439B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1605CDC1-AED0-47BE-97E6-59B8E66F2E4B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{17041CF5-69EA-44A4-9361-55944F6C4302}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\dropbox\bin\dropbox.exe | "{17183E7B-A1B2-4A6A-B137-7E3D084C26C4}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | "{1B56699A-E44F-4E37-87B1-E490C7FC82CA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{1C97B409-87D1-4A16-AB80-B6F1412BC7F3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{22C330ED-2DCB-4AF2-BA44-8EE457C56B91}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2A400E37-CB3A-4A67-A4CB-C5C359B95609}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2A62E57B-3044-410B-B861-8D4BDF5FF0B9}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{2C9EC4CC-7C2E-4224-9309-519EBE460CF9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{37924BED-A411-46E7-B27B-31A18D57FBCF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{3BBCD54E-8031-47B5-8462-3AE17A9461AD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3D87CBD6-C735-4A04-8727-C7707EBD0448}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.1\cnc3ep1.dat | "{41FD1CCF-E44D-49C1-9748-F73704191D11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{466A5363-7D6F-4482-9F1B-5F2B8E6C8335}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A0CCD6F-6975-4C4A-BC5F-B49AB7E0753F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4A796959-0ABA-49A2-A59C-1E051DC593DC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4E18708B-476B-4B87-8738-E20D53D3FC6A}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\dropbox\bin\dropbox.exe | "{56E3D0A3-60FC-4CB3-A67E-A68F597CB3CB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{5935A222-2389-46BD-AFAC-70EC1A7FF906}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | "{5A21D8F7-93C0-47D9-A023-3136477E0D6D}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{5E6F57F0-B445-4305-A225-3FC7531E60C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6522F94F-8622-49B5-869A-5CBA57B17084}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6A0B1A39-9E12-4CBA-A057-9E91F6534D2C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6AFCD639-CDCE-4DF3-B590-B561618CA1A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6C1DDB6C-C780-4B5D-92F7-D98D3898E08D}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | "{6C56F9DB-E8FB-4750-A674-96DCDECEA72D}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{71BFABA4-FD76-4C82-91B3-A430DA49F3D8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{744E3F08-3DD6-4531-B48F-CAB7805A410E}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{753F21DA-F1D1-40C1-95EC-133222216855}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{766C9972-5B3B-4685-ACC0-4C586904DF52}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{775B6153-0213-402C-A064-12861702B545}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | "{77C5FBD1-8CAC-483C-9EB7-4B169BFFD080}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | "{785F7087-EC59-47FB-828C-3FCAFD1F169E}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{79DAB1B7-5092-4934-84B9-641EF94439F9}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | "{80E64483-E5F0-4752-99DC-9BFF4ECEECBD}" = protocol=6 | dir=in | app=c:\program files (x86)\kontiki\kservice.exe | "{86264DC4-1094-49A5-9CCB-EFCBBA197D38}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{86F8B203-B56A-4A76-9A52-9C1AC8A57AFE}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{8D5F1F83-EA38-447A-A393-B59DEC5EE232}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8DFE1B53-5D83-463F-A846-2898622BDD51}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{8EB17E3B-4A5B-4A31-B530-5D37434E6DC3}" = protocol=17 | dir=in | app=c:\program files (x86)\kontiki\kservice.exe | "{91DA049F-53FB-436F-98BC-4D6B1154F74D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{9CB6AE10-3562-4689-87C3-A9E5FB0E29F1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{9E6090BB-85C5-49E9-A531-6F9D9FF24F33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A618413A-2E9C-483F-BD35-3EBC93334CD7}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{ABDECB86-9828-4EE7-9B7B-8949FD735383}" = protocol=6 | dir=out | app=system | "{AD1D22D4-E344-4693-99BB-BA7C24663BC9}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{B1502BDB-F5B6-4C09-828E-BA0B505A49D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B3FA5519-501E-4877-9626-C80EC7E64C47}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{B6668E2D-598E-475A-87AE-4450447DDE94}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | "{B7794E01-DC57-476E-91E3-4DB35B1B908E}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B7BAC4D1-61F4-4C17-83D1-5948DEADC7D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BC1E252B-C23D-4692-BD71-00B75C6C7C2C}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{C3D6BFD6-85D9-413B-857C-C65D8F913F69}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{C8A7A273-B6D4-4142-96C2-F00B0FDFD44E}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | "{CFE4B0D4-BFB4-45F6-B515-80B756BC21F9}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | "{D1304231-91DE-4855-8BC8-E572A28DD1B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D4C51E4D-168E-4BFF-8484-6889508CCCF1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{D9AA7ED4-DCC6-4AD8-9B7B-46F235C56049}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DB0672F4-77F1-4957-A3E5-A0E42B6987FF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{DBCFBAD7-F3AC-43A5-8830-6D980FBB9B3C}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{DD4A01B8-60D6-43EF-B3BD-0556BC716B12}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | "{DF221444-F9F9-4B63-87E4-BD9B3222F587}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{E158BE96-489F-41A0-A33C-6CDEF9EF97BA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{E16895FE-1CF7-481D-85F5-B15A579BB0B7}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | "{E80B2C95-C017-4C42-9223-26969FDD7B75}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{EA082D3C-1E97-40F0-B804-4F3EC827481D}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | "{EA663305-1723-4FE0-8A58-C6EE136500C5}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{F5122D6B-A96E-4CD1-91AC-4E3810C73994}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | "{FB8C00EB-6CDF-4501-B148-3F69C8F999CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FCCA756F-86AA-4CE4-8B8D-2CAED30A90D6}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{FD4B5303-1E1F-4BBE-8507-BCE444A3631E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{00DF9888-CC65-4143-ADC2-3A65E77F5B1D}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{09156CEA-8B17-4251-A1F7-BAC7CE4F4052}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "TCP Query User{0A801C87-8AE9-4769-B20E-904CA9AF2F24}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "TCP Query User{0F1B10C8-E5AB-47AD-B9A9-2BB68C0409CA}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "TCP Query User{137659F1-2767-4516-988F-947FFE69078F}C:\program files (x86)\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "TCP Query User{1BEF415A-7143-4BA5-B0D4-D98350028E95}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "TCP Query User{2034BD15-0664-499A-9575-6765100CE7CE}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game | "TCP Query User{271CCF05-4733-41B7-BDC0-F5AA57A9312B}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | "TCP Query User{31CD180E-887F-4964-ADBF-55AA347B779A}C:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat | "TCP Query User{39D921BD-DCEA-4115-990A-5A2A71126B73}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{4D7574CC-5056-4A7B-AFA2-2E64F41745F8}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{5D98EF6A-ED40-47D2-B9FF-25285E50D7CF}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "TCP Query User{64CBB57B-9E15-468C-847C-45AF2104C480}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{714CE16B-B105-4AB5-93A7-40ADBA499DE9}C:\westwood\ra2\gamemd.exe" = protocol=6 | dir=in | app=c:\westwood\ra2\gamemd.exe | "TCP Query User{770535FC-E973-4958-BDCA-A9D468E62237}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{83689605-B9D2-4648-B010-DAA834B054F5}C:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe | "TCP Query User{87BE12F1-E1DA-45D8-B9DB-6D3A87A939E1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{89ED09A5-3314-4736-BA17-F61502985CCA}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{9A8FAF4B-671E-47E0-B56C-4D892CD09A45}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "TCP Query User{AD310B80-9388-4403-930F-0C0DE57BE2F1}C:\program files (x86)\blinkx\blinkx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "TCP Query User{B1D545B6-DD48-4E91-81B3-79051BAB1AD2}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "TCP Query User{BB09174A-382C-42CA-9457-3AC942C8F81B}C:\program files (x86)\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "TCP Query User{C3855681-160F-454C-8083-203C9B1171E4}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "TCP Query User{C66C26EC-AC48-4373-B2C1-A41E22B5A7A7}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{CB077D4E-24BC-4E70-A4B0-F2A20BF731AA}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{D25583EC-C0D8-445C-82ED-7B2251E62524}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{D7FB63D1-60A8-4C8B-99F8-DF79590D2540}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "TCP Query User{DACBB89B-B888-4FD6-90A4-53706910BD59}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{DE5AC0FA-D4AA-4DCF-A1EA-BCE06F746CA9}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{E094EA4C-0713-4A39-BBBF-E047C570F7E0}C:\program files (x86)\blinkx\blinkx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "TCP Query User{E3EAD1F2-D4B0-4440-A041-F589DC95D6B7}C:\westwood\ra2\gamemd.exe" = protocol=6 | dir=in | app=c:\westwood\ra2\gamemd.exe | "UDP Query User{0D420FB6-B3A1-4E20-9BB3-EC28AC9AF817}C:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat | "UDP Query User{0FFD8987-389B-4663-B1E6-86139EDA9BD2}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "UDP Query User{103539B8-B0DD-45EC-9884-4298A83A9844}C:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe | "UDP Query User{293781E0-8590-4EB0-B658-D356A39208CD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{2C854E25-143E-438C-BA94-FCE2C6D6F52D}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{2F2C2AF5-D97E-4E5E-AE2B-4EACE25FF916}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{3612A75C-A7C3-4C0E-98D7-F15705539279}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{3BB4E487-89B2-4922-9D92-3B86BE02D79E}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "UDP Query User{3E424C5E-3948-44C1-8D8F-C350A140B4A1}C:\program files (x86)\blinkx\blinkx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "UDP Query User{49DE1576-DE2D-4C12-A5C6-F789258D06CA}C:\program files (x86)\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "UDP Query User{595AF5C6-3188-41F0-B5CC-E810B8C392ED}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "UDP Query User{63F52BB8-1160-49C1-8498-8673A9E4905E}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "UDP Query User{67BDF871-2EAD-4E80-9778-31F50437AC38}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | "UDP Query User{681485CD-3B49-48EE-A1FB-03EC53C5B447}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "UDP Query User{73ADB552-896D-4D66-B81A-014EA1430DB9}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{7AB100E3-3856-43C3-ADB2-46084E91B84E}C:\westwood\ra2\gamemd.exe" = protocol=17 | dir=in | app=c:\westwood\ra2\gamemd.exe | "UDP Query User{7B7E3C0C-69AE-45AB-8BF6-FE9CA5B55327}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{7BE9CBCD-F1E7-4523-9E07-2F24D774FAD1}C:\program files (x86)\blinkx\blinkx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "UDP Query User{7CBB746C-CD23-4950-A03C-EE72317D4981}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "UDP Query User{7F0088BB-454F-4E1D-9A49-139FED697626}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{86CD479A-7B58-4F6D-8DA4-8E0B66C033A5}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{8E681437-DAD8-4951-A032-F58CBE326628}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "UDP Query User{972DCCCE-8028-4898-A5AB-E20D54E4D356}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{975A4BD1-B937-4452-B744-0E2E41CACF94}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{9AB1262C-9663-4366-805A-A899B3EF22C4}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{9D609BA7-CEDE-4D83-9776-7045CFF8DB77}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{BCD084DF-4405-44E7-A890-353976069CF6}C:\program files (x86)\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "UDP Query User{E2E8A752-6511-47CC-B555-B36039E46860}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game | "UDP Query User{E55DF367-56B9-4898-BF74-AECAB77C32BB}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "UDP Query User{F02F62D1-4B97-4283-8B72-CAA4210F802F}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "UDP Query User{FC69E38D-F97C-4BDD-A111-9E42158C6068}C:\westwood\ra2\gamemd.exe" = protocol=17 | dir=in | app=c:\westwood\ra2\gamemd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{4174CFCC-49C1-478B-9D83-3F7BE61CBBDF}" = 64-bit MathLink Libraries (6.0.2.1009485) "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64) "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{389E2A0A-403D-4DDC-B2FA-269D26999395}" = Universe at War Earth Assault (DEMO) "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player "{5B38B88D-1A17-42A1-A8CB-E784C0E7D242}" = BT Voyager 1055 "{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar) "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo "{BB0EB7D5-D1C7-41D1-B974-32F6596A7164}" = Mathematica Player "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet "{C1F97FD4-1BD9-45BE-A580-0174BBA8B7F5}" = Command & Conquer™ Red Alert™ 3 Beta "{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari "{CA1AB30E-8B9F-4739-A0F7-5BC1226D2BA3}" = Starship Troopers "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 "{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Any FLV Player" = Any FLV Player 1.1.3 "Ask Toolbar_is1" = Vuze Toolbar "blinkx beat" = blinkx beat "Browser Defender_is1" = Browser Defender 3.0 "CinemaForge" = CinemaForge "CloneDVD2" = CloneDVD2 "Defcon_is1" = Defcon v1.43 "doubleTwist" = doubleTwist "Download Manager" = Download Manager 2.3.6 "EADM" = EA Download Manager "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "Galactic Civilizations II" = Galactic Civilizations II "GanttProject" = GanttProject "Google Chrome" = Google Chrome "Google Updater" = Google Updater "Hamachi" = Hamachi 1.0.3.0 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HotspotShield" = Hotspot Shield 1.12 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{389E2A0A-403D-4DDC-B2FA-269D26999395}" = Universe at War Earth Assault (DEMO) "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo "InstallShield_{BB0EB7D5-D1C7-41D1-B974-32F6596A7164}" = Mathematica Player "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "KeepV Flash Converter_is1" = KeepV Flash Converter "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB) "PFPortChecker" = PFPortChecker 1.0.30 "PokerStars" = PokerStars "Rapport_msi" = Rapport "Red Alert 2" = Command & Conquer Red Alert 2 "Registry Mechanic_is1" = Registry Mechanic 10.0 "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition "Spyware Doctor" = Spyware Doctor "StarCraft II" = StarCraft II "StuffPlug3" = StuffPlug 3 "SystemRequirementsLab" = System Requirements Lab "TuneUpMedia" = TuneUp Companion 1.5.9 "Tunngle beta_is1" = Tunngle beta "WinLiveSuite_Wave3" = Windows Live Essentials "WOLAPI" = Westwood Shared Internet Components "WonderWebWare Screen Ruler_is1" = WonderWebWare Screen Ruler 4.0 "Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete "3038469762.skyplayer.sky.com" = Sky Player Desktop "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/06/2011 15:36:27 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = [ Media Center Events ] Error - 16/04/2008 07:59:16 | Computer Name = Luke-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 17/04/2008 14:30:20 | Computer Name = Luke-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 25/05/2008 15:37:59 | Computer Name = Luke-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 21/06/2008 14:57:05 | Computer Name = Luke-PC | Source = Mcx2Dvcs | ID = 401 Description = Error - 26/06/2008 17:41:42 | Computer Name = Luke-PC | Source = McrMgr | ID = 109 Description = [ OSession Events ] Error - 21/04/2008 18:43:59 | Computer Name = Luke-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11336728 seconds with 4140 seconds of active time. This session ended with a crash. [ System Events ] Error - 13/06/2011 19:06:47 | Computer Name = Luke-PC | Source = bowser | ID = 8003 Description = Error - 14/06/2011 07:33:44 | Computer Name = Luke-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\drivers\klmc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 14/06/2011 07:33:44 | Computer Name = Luke-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\drivers\klif.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 14/06/2011 07:33:53 | Computer Name = Luke-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 00:52:55 on 14/06/2011 was unexpected. Error - 14/06/2011 07:33:55 | Computer Name = Luke-PC | Source = HTTP | ID = 15016 Description = Error - 14/06/2011 07:34:21 | Computer Name = Luke-PC | Source = Service Control Manager | ID = 7003 Description = Error - 14/06/2011 07:34:21 | Computer Name = Luke-PC | Source = Service Control Manager | ID = 7000 Description = Error - 14/06/2011 07:34:37 | Computer Name = Luke-PC | Source = Service Control Manager | ID = 7026 Description = Error - 14/06/2011 07:36:49 | Computer Name = Luke-PC | Source = ipnathlp | ID = 31004 Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. Error - 14/06/2011 07:41:57 | Computer Name = Luke-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = < End of report > Thanks again, Luke.
- June 14, 2011
- 21 replies
Series of (most probably) related issues on Vista PC.

ljordan replied to ljordan's topic in Tech Support & Discussions Forum

The extras.txt file. OTL Extras logfile created on: 14/06/2011 12:41:02 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Gill\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 32.92% Memory free 6.20 Gb Paging File | 3.91 Gb Available in Paging File | 63.13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.88 Gb Total Space | 43.64 Gb Free Space | 18.74% Space Free | Partition Type: NTFS Drive E: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: LUKE-PC | User Name: Gill | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe () [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" () InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l () InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" () piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 90 44 84 54 3F C8 C8 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04454B1B-CEB0-40B1-9EE8-1AD116A120EF}" = lport=2869 | protocol=6 | dir=in | app=system | "{05748618-F2B2-41C9-A392-1BDDF330CA6E}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{12D4D372-8BEC-4660-98A7-D25F08E61A5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2195F25B-4395-4BE1-AE34-9F97CC2CC487}" = rport=10244 | protocol=6 | dir=out | app=system | "{259CEDDB-9102-461C-A974-7A07648CFD1B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{293BC4DF-9451-4214-AAC6-61FFA8440FD8}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | "{2F21B8B2-09A0-4084-A16C-1F6D6985E7A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2FD989A7-25BF-4F23-A734-EE167BF75F23}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{30504BA7-11A1-4906-85DE-8257D7E8A2CC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{321413CF-056B-4A0E-B779-F62905051F8D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3D29000A-B3D0-42C4-A0B0-0E0A117990E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{42D45D0B-808C-427E-923E-AD7314601DF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{44648BE1-1992-42E1-8345-68E1263269D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{466182AA-A6CE-4165-9D2B-8BF54459CC1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4822EA0A-5098-4054-A56E-2441FF3D4843}" = rport=2178 | protocol=6 | dir=out | app=system | "{48AB99F2-05DF-4F50-BAA5-3218E604C34D}" = rport=10243 | protocol=6 | dir=out | app=system | "{49884EB7-BC94-4296-ACA1-75C43572D93E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{4D2382CD-7F25-4050-A4E5-34FC1D1B6735}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4EA1FD8C-0158-4473-81BE-402D4B53931C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52AC8FD8-22C1-438C-8D21-598AEE90C5F9}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{532F19C5-59C8-4BF4-80E1-ECB2B0021227}" = rport=2869 | protocol=6 | dir=out | app=system | "{5C5872DF-1FB9-4BA7-BC51-239DE3824DE2}" = lport=2869 | protocol=6 | dir=in | app=system | "{6503E575-0F1E-4320-9BAC-22EB3AA0D88F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{78162531-67EC-4E24-95B1-D8848CF2D059}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7B56CAB2-16C8-4DB9-9DF9-3DECF00F6446}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | "{7BD1431B-49A2-473C-905C-89A950A8AE57}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{86ABD41A-851F-4858-9234-2D0EB8D22F9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8A7A8FC1-074A-4A7E-8F6C-16B2DF43A200}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8B5002F0-257E-4880-944C-957EA583F2C8}" = rport=10244 | protocol=6 | dir=out | app=system | "{8D4018E7-F85F-4DFA-B638-E461764789D2}" = lport=2178 | protocol=6 | dir=in | app=system | "{922CC534-482D-432C-83F3-1F15B81FA8DE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9AFA6AB0-5EF9-414C-9F7C-8AFEC5DA1129}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{9C2DD3D8-26A4-4516-8B32-D09A54EDE3F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9EB94EED-C62E-42EA-A272-BD7EEF6413B6}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{A186686A-8659-45A4-A42A-6C71E9768685}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A23C5AC4-5DAE-48F4-93CC-D98CE92495B2}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{A444F0C9-AE74-4736-87E7-D8CC9EE2CABA}" = lport=10244 | protocol=6 | dir=in | app=system | "{AC05D5AB-F080-4DFF-AFD5-726CBC2AC7F2}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | "{B6263804-1AA3-444E-AD0A-07F6AC9EE6C2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B693F5B4-E0CD-43B5-A0C4-89EAE234B9D8}" = lport=2869 | protocol=6 | dir=in | app=system | "{B9DA3941-5B25-472D-A5EB-3FA50F70D9B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C735A5DE-9D30-47F3-A871-BA6D8ADEF495}" = lport=3390 | protocol=6 | dir=in | app=system | "{CBEFE5DA-EDDE-4CD3-B65E-B78EFF915931}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{CC5C7EB0-5D8B-4DF8-BC25-87F2B9948ED1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D3B594B4-842A-48B7-9F65-1BE4B7B5F5D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D6E5424D-DBBD-47C4-AE45-8F84CF12A466}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D7C79722-C539-4F3D-85D0-6D912F7D72C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DC45D307-0E3E-4EED-BE36-01935B89ED7B}" = lport=10244 | protocol=6 | dir=in | app=system | "{F0F9FF11-00A4-4169-949D-E24F71CC58F4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{F16159A3-BBA0-4A43-8663-97562524F0A2}" = lport=3390 | protocol=6 | dir=in | app=system | "{F735C835-3CFD-494B-B5CB-9120FEC4D888}" = lport=10243 | protocol=6 | dir=in | app=system | "{FBB76F75-E4CE-46F6-9255-9DD0038D6B77}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FCB92B01-D1EF-4FBF-9372-468BB4D6B882}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CBB940-F989-48F6-8C1E-A191EABDD8CB}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | "{021A4F6F-0038-4340-98FE-3653A5068023}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{02367ABD-2C9A-402C-BC67-96850EB944BB}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "{02E55F7F-49BD-47E8-B2DF-3B0C4B31051B}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | "{09575E6E-82A6-4A0A-A518-1DF873C6943D}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | "{0AB9DDB0-CB0E-4D68-9D4C-E535857E495D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{0C98B1C7-582F-4B18-8A01-04905B097DB7}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{0CBF385A-D6BF-4223-81C2-74C2AD00545E}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | "{0DEDB192-BFE4-4B4B-A5B3-92407BA7407F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{0E2F7BCF-3C2B-49FF-9AC1-D262359CC83D}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | "{13B853B6-22D5-45FA-B833-29EB914439B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1605CDC1-AED0-47BE-97E6-59B8E66F2E4B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{17041CF5-69EA-44A4-9361-55944F6C4302}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\dropbox\bin\dropbox.exe | "{17183E7B-A1B2-4A6A-B137-7E3D084C26C4}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | "{1B56699A-E44F-4E37-87B1-E490C7FC82CA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{1C97B409-87D1-4A16-AB80-B6F1412BC7F3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{22C330ED-2DCB-4AF2-BA44-8EE457C56B91}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2A400E37-CB3A-4A67-A4CB-C5C359B95609}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2A62E57B-3044-410B-B861-8D4BDF5FF0B9}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{2C9EC4CC-7C2E-4224-9309-519EBE460CF9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{37924BED-A411-46E7-B27B-31A18D57FBCF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{3BBCD54E-8031-47B5-8462-3AE17A9461AD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3D87CBD6-C735-4A04-8727-C7707EBD0448}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.1\cnc3ep1.dat | "{41FD1CCF-E44D-49C1-9748-F73704191D11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{466A5363-7D6F-4482-9F1B-5F2B8E6C8335}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A0CCD6F-6975-4C4A-BC5F-B49AB7E0753F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4A796959-0ABA-49A2-A59C-1E051DC593DC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4E18708B-476B-4B87-8738-E20D53D3FC6A}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\dropbox\bin\dropbox.exe | "{56E3D0A3-60FC-4CB3-A67E-A68F597CB3CB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{5935A222-2389-46BD-AFAC-70EC1A7FF906}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | "{5A21D8F7-93C0-47D9-A023-3136477E0D6D}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{5E6F57F0-B445-4305-A225-3FC7531E60C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6522F94F-8622-49B5-869A-5CBA57B17084}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6A0B1A39-9E12-4CBA-A057-9E91F6534D2C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6AFCD639-CDCE-4DF3-B590-B561618CA1A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6C1DDB6C-C780-4B5D-92F7-D98D3898E08D}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | "{6C56F9DB-E8FB-4750-A674-96DCDECEA72D}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{71BFABA4-FD76-4C82-91B3-A430DA49F3D8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{744E3F08-3DD6-4531-B48F-CAB7805A410E}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{753F21DA-F1D1-40C1-95EC-133222216855}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{766C9972-5B3B-4685-ACC0-4C586904DF52}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{775B6153-0213-402C-A064-12861702B545}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | "{77C5FBD1-8CAC-483C-9EB7-4B169BFFD080}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | "{785F7087-EC59-47FB-828C-3FCAFD1F169E}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{79DAB1B7-5092-4934-84B9-641EF94439F9}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | "{80E64483-E5F0-4752-99DC-9BFF4ECEECBD}" = protocol=6 | dir=in | app=c:\program files (x86)\kontiki\kservice.exe | "{86264DC4-1094-49A5-9CCB-EFCBBA197D38}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{86F8B203-B56A-4A76-9A52-9C1AC8A57AFE}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{8D5F1F83-EA38-447A-A393-B59DEC5EE232}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8DFE1B53-5D83-463F-A846-2898622BDD51}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{8EB17E3B-4A5B-4A31-B530-5D37434E6DC3}" = protocol=17 | dir=in | app=c:\program files (x86)\kontiki\kservice.exe | "{91DA049F-53FB-436F-98BC-4D6B1154F74D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{9CB6AE10-3562-4689-87C3-A9E5FB0E29F1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{9E6090BB-85C5-49E9-A531-6F9D9FF24F33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A618413A-2E9C-483F-BD35-3EBC93334CD7}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{ABDECB86-9828-4EE7-9B7B-8949FD735383}" = protocol=6 | dir=out | app=system | "{AD1D22D4-E344-4693-99BB-BA7C24663BC9}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{B1502BDB-F5B6-4C09-828E-BA0B505A49D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B3FA5519-501E-4877-9626-C80EC7E64C47}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{B6668E2D-598E-475A-87AE-4450447DDE94}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | "{B7794E01-DC57-476E-91E3-4DB35B1B908E}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B7BAC4D1-61F4-4C17-83D1-5948DEADC7D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BC1E252B-C23D-4692-BD71-00B75C6C7C2C}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{C3D6BFD6-85D9-413B-857C-C65D8F913F69}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{C8A7A273-B6D4-4142-96C2-F00B0FDFD44E}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | "{CFE4B0D4-BFB4-45F6-B515-80B756BC21F9}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | "{D1304231-91DE-4855-8BC8-E572A28DD1B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D4C51E4D-168E-4BFF-8484-6889508CCCF1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{D9AA7ED4-DCC6-4AD8-9B7B-46F235C56049}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DB0672F4-77F1-4957-A3E5-A0E42B6987FF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{DBCFBAD7-F3AC-43A5-8830-6D980FBB9B3C}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{DD4A01B8-60D6-43EF-B3BD-0556BC716B12}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | "{DF221444-F9F9-4B63-87E4-BD9B3222F587}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{E158BE96-489F-41A0-A33C-6CDEF9EF97BA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{E16895FE-1CF7-481D-85F5-B15A579BB0B7}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | "{E80B2C95-C017-4C42-9223-26969FDD7B75}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{EA082D3C-1E97-40F0-B804-4F3EC827481D}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | "{EA663305-1723-4FE0-8A58-C6EE136500C5}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{F5122D6B-A96E-4CD1-91AC-4E3810C73994}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | "{FB8C00EB-6CDF-4501-B148-3F69C8F999CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FCCA756F-86AA-4CE4-8B8D-2CAED30A90D6}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{FD4B5303-1E1F-4BBE-8507-BCE444A3631E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{00DF9888-CC65-4143-ADC2-3A65E77F5B1D}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{09156CEA-8B17-4251-A1F7-BAC7CE4F4052}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "TCP Query User{0A801C87-8AE9-4769-B20E-904CA9AF2F24}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "TCP Query User{0F1B10C8-E5AB-47AD-B9A9-2BB68C0409CA}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "TCP Query User{137659F1-2767-4516-988F-947FFE69078F}C:\program files (x86)\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "TCP Query User{1BEF415A-7143-4BA5-B0D4-D98350028E95}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "TCP Query User{2034BD15-0664-499A-9575-6765100CE7CE}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game | "TCP Query User{271CCF05-4733-41B7-BDC0-F5AA57A9312B}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | "TCP Query User{31CD180E-887F-4964-ADBF-55AA347B779A}C:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat | "TCP Query User{39D921BD-DCEA-4115-990A-5A2A71126B73}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{4D7574CC-5056-4A7B-AFA2-2E64F41745F8}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{5D98EF6A-ED40-47D2-B9FF-25285E50D7CF}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "TCP Query User{64CBB57B-9E15-468C-847C-45AF2104C480}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{714CE16B-B105-4AB5-93A7-40ADBA499DE9}C:\westwood\ra2\gamemd.exe" = protocol=6 | dir=in | app=c:\westwood\ra2\gamemd.exe | "TCP Query User{770535FC-E973-4958-BDCA-A9D468E62237}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{83689605-B9D2-4648-B010-DAA834B054F5}C:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe | "TCP Query User{87BE12F1-E1DA-45D8-B9DB-6D3A87A939E1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{89ED09A5-3314-4736-BA17-F61502985CCA}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{9A8FAF4B-671E-47E0-B56C-4D892CD09A45}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "TCP Query User{AD310B80-9388-4403-930F-0C0DE57BE2F1}C:\program files (x86)\blinkx\blinkx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "TCP Query User{B1D545B6-DD48-4E91-81B3-79051BAB1AD2}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "TCP Query User{BB09174A-382C-42CA-9457-3AC942C8F81B}C:\program files (x86)\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "TCP Query User{C3855681-160F-454C-8083-203C9B1171E4}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "TCP Query User{C66C26EC-AC48-4373-B2C1-A41E22B5A7A7}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{CB077D4E-24BC-4E70-A4B0-F2A20BF731AA}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{D25583EC-C0D8-445C-82ED-7B2251E62524}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{D7FB63D1-60A8-4C8B-99F8-DF79590D2540}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "TCP Query User{DACBB89B-B888-4FD6-90A4-53706910BD59}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{DE5AC0FA-D4AA-4DCF-A1EA-BCE06F746CA9}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{E094EA4C-0713-4A39-BBBF-E047C570F7E0}C:\program files (x86)\blinkx\blinkx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "TCP Query User{E3EAD1F2-D4B0-4440-A041-F589DC95D6B7}C:\westwood\ra2\gamemd.exe" = protocol=6 | dir=in | app=c:\westwood\ra2\gamemd.exe | "UDP Query User{0D420FB6-B3A1-4E20-9BB3-EC28AC9AF817}C:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat | "UDP Query User{0FFD8987-389B-4663-B1E6-86139EDA9BD2}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "UDP Query User{103539B8-B0DD-45EC-9884-4298A83A9844}C:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe | "UDP Query User{293781E0-8590-4EB0-B658-D356A39208CD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{2C854E25-143E-438C-BA94-FCE2C6D6F52D}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{2F2C2AF5-D97E-4E5E-AE2B-4EACE25FF916}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{3612A75C-A7C3-4C0E-98D7-F15705539279}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{3BB4E487-89B2-4922-9D92-3B86BE02D79E}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "UDP Query User{3E424C5E-3948-44C1-8D8F-C350A140B4A1}C:\program files (x86)\blinkx\blinkx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "UDP Query User{49DE1576-DE2D-4C12-A5C6-F789258D06CA}C:\program files (x86)\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "UDP Query User{595AF5C6-3188-41F0-B5CC-E810B8C392ED}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "UDP Query User{63F52BB8-1160-49C1-8498-8673A9E4905E}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "UDP Query User{67BDF871-2EAD-4E80-9778-31F50437AC38}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | "UDP Query User{681485CD-3B49-48EE-A1FB-03EC53C5B447}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "UDP Query User{73ADB552-896D-4D66-B81A-014EA1430DB9}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{7AB100E3-3856-43C3-ADB2-46084E91B84E}C:\westwood\ra2\gamemd.exe" = protocol=17 | dir=in | app=c:\westwood\ra2\gamemd.exe | "UDP Query User{7B7E3C0C-69AE-45AB-8BF6-FE9CA5B55327}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{7BE9CBCD-F1E7-4523-9E07-2F24D774FAD1}C:\program files (x86)\blinkx\blinkx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "UDP Query User{7CBB746C-CD23-4950-A03C-EE72317D4981}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "UDP Query User{7F0088BB-454F-4E1D-9A49-139FED697626}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{86CD479A-7B58-4F6D-8DA4-8E0B66C033A5}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{8E681437-DAD8-4951-A032-F58CBE326628}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "UDP Query User{972DCCCE-8028-4898-A5AB-E20D54E4D356}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{975A4BD1-B937-4452-B744-0E2E41CACF94}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{9AB1262C-9663-4366-805A-A899B3EF22C4}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{9D609BA7-CEDE-4D83-9776-7045CFF8DB77}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{BCD084DF-4405-44E7-A890-353976069CF6}C:\program files (x86)\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "UDP Query User{E2E8A752-6511-47CC-B555-B36039E46860}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game | "UDP Query User{E55DF367-56B9-4898-BF74-AECAB77C32BB}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "UDP Query User{F02F62D1-4B97-4283-8B72-CAA4210F802F}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "UDP Query User{FC69E38D-F97C-4BDD-A111-9E42158C6068}C:\westwood\ra2\gamemd.exe" = protocol=17 | dir=in | app=c:\westwood\ra2\gamemd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{4174CFCC-49C1-478B-9D83-3F7BE61CBBDF}" = 64-bit MathLink Libraries (6.0.2.1009485) "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64) "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{389E2A0A-403D-4DDC-B2FA-269D26999395}" = Universe at War Earth Assault (DEMO) "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player "{5B38B88D-1A17-42A1-A8CB-E784C0E7D242}" = BT Voyager 1055 "{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar) "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo "{BB0EB7D5-D1C7-41D1-B974-32F6596A7164}" = Mathematica Player "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet "{C1F97FD4-1BD9-45BE-A580-0174BBA8B7F5}" = Command & Conquer™ Red Alert™ 3 Beta "{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari "{CA1AB30E-8B9F-4739-A0F7-5BC1226D2BA3}" = Starship Troopers "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 "{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Any FLV Player" = Any FLV Player 1.1.3 "Ask Toolbar_is1" = Vuze Toolbar "blinkx beat" = blinkx beat "Browser Defender_is1" = Browser Defender 3.0 "CinemaForge" = CinemaForge "CloneDVD2" = CloneDVD2 "Defcon_is1" = Defcon v1.43 "doubleTwist" = doubleTwist "Download Manager" = Download Manager 2.3.6 "EADM" = EA Download Manager "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "Galactic Civilizations II" = Galactic Civilizations II "GanttProject" = GanttProject "Google Chrome" = Google Chrome "Google Updater" = Google Updater "Hamachi" = Hamachi 1.0.3.0 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HotspotShield" = Hotspot Shield 1.12 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{389E2A0A-403D-4DDC-B2FA-269D26999395}" = Universe at War Earth Assault (DEMO) "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo "InstallShield_{BB0EB7D5-D1C7-41D1-B974-32F6596A7164}" = Mathematica Player "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "KeepV Flash Converter_is1" = KeepV Flash Converter "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB) "PFPortChecker" = PFPortChecker 1.0.30 "PokerStars" = PokerStars "Rapport_msi" = Rapport "Red Alert 2" = Command & Conquer Red Alert 2 "Registry Mechanic_is1" = Registry Mechanic 10.0 "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition "Spyware Doctor" = Spyware Doctor "StarCraft II" = StarCraft II "StuffPlug3" = StuffPlug 3 "SystemRequirementsLab" = System Requirements Lab "TuneUpMedia" = TuneUp Companion 1.5.9 "Tunngle beta_is1" = Tunngle beta "WinLiveSuite_Wave3" = Windows Live Essentials "WOLAPI" = Westwood Shared Internet Components "WonderWebWare Screen Ruler_is1" = WonderWebWare Screen Ruler 4.0 "Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete "3038469762.skyplayer.sky.com" = Sky Player Desktop "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/06/2011 15:36:27 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = [ Media Center Events ] Error - 16/04/2008 07:59:16 | Computer Name = Luke-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 17/04/2008 14:30:20 | Computer Name = Luke-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 25/05/2008 15:37:59 | Computer Name = Luke-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 21/06/2008 14:57:05 | Computer Name = Luke-PC | Source = Mcx2Dvcs | ID = 401 Description = Error - 26/06/2008 17:41:42 | Computer Name = Luke-PC | Source = McrMgr | ID = 109 Description = [ OSession Events ] Error - 21/04/2008 18:43:59 | Computer Name = Luke-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11336728 seconds with 4140 seconds of active time. This session ended with a crash. [ System Events ] Error - 13/06/2011 19:06:47 | Computer Name = Luke-PC | Source = bowser | ID = 8003 Description = Error - 14/06/2011 07:33:44 | Computer Name = Luke-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\drivers\klmc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 14/06/2011 07:33:44 | Computer Name = Luke-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\drivers\klif.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 14/06/2011 07:33:53 | Computer Name = Luke-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 00:52:55 on 14/06/2011 was unexpected. Error - 14/06/2011 07:33:55 | Computer Name = Luke-PC | Source = HTTP | ID = 15016 Description = Error - 14/06/2011 07:34:21 | Computer Name = Luke-PC | Source = Service Control Manager | ID = 7003 Description = Error - 14/06/2011 07:34:21 | Computer Name = Luke-PC | Source = Service Control Manager | ID = 7000 Description = Error - 14/06/2011 07:34:37 | Computer Name = Luke-PC | Source = Service Control Manager | ID = 7026 Description = Error - 14/06/2011 07:36:49 | Computer Name = Luke-PC | Source = ipnathlp | ID = 31004 Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. Error - 14/06/2011 07:41:57 | Computer Name = Luke-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = < End of report > Thanks again, Luke.
- June 14, 2011
- 21 replies
Series of (most probably) related issues on Vista PC.

ljordan replied to ljordan's topic in Tech Support & Discussions Forum

Ok thanks - the otl.txt file OTL logfile created on: 14/06/2011 12:41:02 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Gill\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 32.92% Memory free 6.20 Gb Paging File | 3.91 Gb Available in Paging File | 63.13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.88 Gb Total Space | 43.64 Gb Free Space | 18.74% Space Free | Partition Type: NTFS Drive E: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: LUKE-PC | User Name: Gill | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Gill\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) PRC - C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools) PRC - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools) PRC - C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) PRC - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools) PRC - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe () PRC - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe () PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\Gill\Downloads\OTL.scr (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\PC Tools Security\PCTGMhk.dll (PC Tools) ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe () SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (gpsvc) -- C:\Windows\SysNative\svchost.exe () SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (ASKUpgrade) -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe () SRV - (ASKService) -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe () SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe () SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (KService) -- C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) SRV - (Macromedia Licensing Service) -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) ========== Driver Services (SafeList) ========== DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\Drivers\RapportKE64.sys () DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys () DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys () DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys () DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys () DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys () DRV:64bit: - (pctgntdi) -- C:\Windows\SysNative\drivers\pctgntdi64.sys () DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys () DRV:64bit: - (pctplsg) -- C:\Windows\SysNative\drivers\pctplsg64.sys () DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys () DRV:64bit: - (iPodDrv) -- C:\Windows\SysNative\drivers\iPodDrv.sys () DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys () DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys () DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\DRIVERS\tap0901t.sys () DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys () DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys () DRV:64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys () DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys () DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys () DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys () DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys () DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys () DRV:64bit: - (ElbyDelay) -- C:\Windows\SysNative\Drivers\ElbyDelay.sys () DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\DRIVERS\RTL85n64.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.) DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.) DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys () DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.) DRV - (ElbyDelay) -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (Klmc) -- C:\Windows\SysWOW64\drivers\klmc.sys (Kaspersky Lab) DRV - (Klif) -- C:\Windows\SysWOW64\drivers\klif.sys (Kaspersky Labs) DRV - (Klin) -- C:\Windows\System32\drivers\klin.sys (Kaspersky Labs) DRV - (Klick) -- C:\Windows\System32\drivers\klick.sys (Kaspersky Labs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=antn&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=antn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=antn" FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6 FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cd576eb&v=6.010.006.004&i=29&tp=ab&iy=&ychte=uk&lng=en-GB&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\FireFox\ [2011/02/08 01:23:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/04 13:50:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/04 13:50:01 | 000,000,000 | ---D | M] [2008/06/17 21:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gill\AppData\Roaming\mozilla\Extensions [2011/06/06 16:00:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gill\AppData\Roaming\mozilla\Firefox\Profiles\e7082dhv.default\extensions [2009/09/03 15:28:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gill\AppData\Roaming\mozilla\Firefox\Profiles\e7082dhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/06/06 16:00:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Gill\AppData\Roaming\mozilla\Firefox\Profiles\e7082dhv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/05/04 14:59:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gill\AppData\Roaming\mozilla\Firefox\Profiles\e7082dhv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/08/15 20:43:44 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Gill\AppData\Roaming\mozilla\Firefox\Profiles\e7082dhv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011/02/08 01:30:10 | 000,002,696 | ---- | M] () -- C:\Users\Gill\AppData\Roaming\Mozilla\Firefox\Profiles\e7082dhv.default\searchplugins\search-defender.xml [2011/05/04 13:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions File not found (No name found) -- () (No name found) -- C:\USERS\GILL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E7082DHV.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI [2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2011/02/28 20:53:04 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchantn.xml [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2008/02/04 22:55:49 | 000,224,358 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 http://www.007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 http://www.008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 http://www.00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 http://www.032439.com O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 http://www.1001-search.info O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 http://www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 http://www.10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 http://www.123topsearch.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 http://www.132.com O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 7874 more lines... O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [iSTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) O4 - HKLM..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O4 - Startup: C:\Users\Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Gill\Documents\hudf_150dpi.jpg O24 - Desktop BackupWallPaper: C:\Users\Gill\Documents\hudf_150dpi.jpg O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1996/11/07 18:19:30 | 000,450,560 | R--- | M] () - E:\automenu.exe -- [ CDFS ] O32 - AutoRun File - [1999/10/07 19:11:58 | 000,011,902 | R--- | M] () - E:\autorun.apm -- [ CDFS ] O32 - AutoRun File - [1999/02/03 03:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [1999/04/15 15:40:06 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{549fe2b5-9230-11e0-a913-0011f57695d8}\Shell - "" = AutoRun O33 - MountPoints2\{549fe2b5-9230-11e0-a913-0011f57695d8}\Shell\AutoRun\command - "" = E:\autorun.exe -- [1999/02/03 03:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - (Logitech Inc.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.) MsConfig:64bit - StartUpFolder: C:^Users^Gill^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: kdx - hkey= - key= - C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.) MsConfig:64bit - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.) MsConfig:64bit - StartUpReg: NvCplDaemon - hkey= - key= - C:\Windows\SysNative\rundll32.exe () MsConfig:64bit - StartUpReg: NVIDIA nTune - hkey= - key= - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) MsConfig:64bit - StartUpReg: NvMediaCenter - hkey= - key= - C:\Windows\SysNative\rundll32.exe () MsConfig:64bit - StartUpReg: NvSvc - hkey= - key= - C:\Windows\SysNative\rundll32.exe () MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/06/13 02:19:08 | 000,000,000 | ---D | C] -- C:\Users\Gill\Desktop\RK_Quarantine [2011/06/12 00:52:46 | 000,000,000 | ---D | C] -- C:\Users\Gill\Desktop\allied disk [2011/06/11 23:47:05 | 000,000,000 | ---D | C] -- C:\Users\Gill\Desktop\EA Games [2011/06/09 20:48:27 | 000,000,000 | ---D | C] -- C:\Users\Gill\Desktop\XP_Patch [2011/06/09 20:46:17 | 000,000,000 | ---D | C] -- C:\Games [2011/06/09 20:45:46 | 000,000,000 | ---D | C] -- C:\TBRASetup [2011/06/09 12:28:40 | 000,000,000 | ---D | C] -- C:\Users\Gill\AppData\Roaming\Malwarebytes [2011/06/09 12:28:27 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/06/09 12:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/06/09 12:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/06/09 12:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/06/09 05:22:00 | 000,000,000 | ---D | C] -- C:\Users\Gill\Documents\RedAlert1_AlliedDisc [2011/06/09 02:21:36 | 000,000,000 | ---D | C] -- C:\Users\Gill\AppData\Roaming\WinRAR [2011/06/09 02:21:36 | 000,000,000 | ---D | C] -- C:\Users\Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011/06/09 02:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011/06/09 02:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011/06/09 01:43:30 | 000,000,000 | ---D | C] -- C:\Users\Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc [2011/06/09 01:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc [2011/06/09 01:27:24 | 000,000,000 | ---D | C] -- C:\Users\Gill\{b82e5b3e-408d-4c0e-b756-9a781c14568b} [2011/06/09 01:08:38 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011/06/08 18:44:27 | 000,000,000 | ---D | C] -- C:\Users\Gill\{3fc1cb4a-f134-4f86-ae0f-64cdbd1f84a3} [2011/06/08 18:44:26 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys [2011/06/08 18:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc [2011/06/08 17:51:42 | 000,000,000 | ---D | C] -- C:\Users\Gill\{b6f5e937-d964-4e58-9668-db7a533453ff} [2011/06/08 17:51:37 | 000,000,000 | ---D | C] -- C:\Users\Gill\Documents\Tunngle [2011/06/08 17:51:37 | 000,000,000 | ---D | C] -- C:\Users\Gill\AppData\Roaming\Tunngle [2011/06/08 17:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle [2011/06/08 17:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle [2011/06/08 17:51:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle [2011/06/08 17:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle [2011/06/07 17:28:16 | 000,000,000 | ---D | C] -- C:\ad8f3568418353640f9dbfa9e559 [2011/05/28 19:12:27 | 000,000,000 | ---D | C] -- C:\a21489a318c8a4277ba932 [2011/05/23 12:53:44 | 000,000,000 | ---D | C] -- C:\8d6501e2b89a5600342a0b24a2c1 [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Gill\Documents\*.tmp files -> C:\Users\Gill\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/06/14 12:46:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{947F2976-1144-4A50-B1C3-84F7A01DC0E4}.job [2011/06/14 12:40:17 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/14 12:39:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011/06/14 12:33:58 | 000,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/06/14 12:33:58 | 000,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/06/14 12:33:57 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/14 12:33:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/06/14 12:33:47 | 3219,709,952 | -HS- | M] () -- C:\hiberfil.sys [2011/06/12 00:19:07 | 000,001,090 | ---- | M] () -- C:\Users\Gill\Desktop\Game - Shortcut.lnk [2011/06/09 20:46:21 | 000,000,000 | ---- | M] () -- C:\MAIN.MIX [2011/06/09 18:41:24 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011/06/09 12:28:27 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/09 01:46:08 | 000,790,054 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/06/09 01:46:08 | 000,667,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/06/09 01:46:08 | 000,133,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/06/09 01:43:30 | 000,000,828 | ---- | M] () -- C:\Users\Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2011/06/09 01:43:30 | 000,000,792 | ---- | M] () -- C:\Users\Gill\Desktop\MagicDisc.lnk [2011/06/09 01:39:59 | 000,000,792 | ---- | M] () -- C:\Users\Gill\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk [2011/06/09 01:39:59 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk [2011/06/08 17:54:45 | 000,293,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/06/07 11:36:45 | 000,000,000 | ---- | M] () -- C:\Users\Gill\AppData\Local\{8D906D26-82F1-4618-960A-0B6BBCD6D0D6} [2011/06/06 21:43:32 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job [2011/06/03 23:09:34 | 000,000,000 | ---- | M] () -- C:\Users\Gill\AppData\Local\{854C6583-12DC-4602-92A6-A88B259211DB} [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/05/29 09:11:20 | 000,025,912 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Gill\Documents\*.tmp files -> C:\Users\Gill\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/06/12 00:19:07 | 000,001,090 | ---- | C] () -- C:\Users\Gill\Desktop\Game - Shortcut.lnk [2011/06/11 22:03:02 | 3219,709,952 | -HS- | C] () -- C:\hiberfil.sys [2011/06/09 20:46:21 | 000,000,000 | ---- | C] () -- C:\MAIN.MIX [2011/06/09 20:36:24 | 654,348,288 | ---- | C] () -- C:\Users\Gill\Desktop\CD1_ALLIED_DISC.ISO [2011/06/09 12:28:27 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/09 12:28:23 | 000,025,912 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011/06/09 01:43:30 | 000,000,828 | ---- | C] () -- C:\Users\Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2011/06/09 01:43:30 | 000,000,792 | ---- | C] () -- C:\Users\Gill\Desktop\MagicDisc.lnk [2011/06/08 18:44:26 | 000,255,552 | ---- | C] () -- C:\Windows\SysNative\drivers\mcdbus.sys [2011/06/08 17:51:29 | 000,031,232 | ---- | C] () -- C:\Windows\SysNative\drivers\tap0901t.sys [2011/06/08 17:51:29 | 000,000,792 | ---- | C] () -- C:\Users\Gill\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk [2011/06/08 17:51:29 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk [2011/06/07 11:36:45 | 000,000,000 | ---- | C] () -- C:\Users\Gill\AppData\Local\{8D906D26-82F1-4618-960A-0B6BBCD6D0D6} [2011/06/03 23:09:34 | 000,000,000 | ---- | C] () -- C:\Users\Gill\AppData\Local\{854C6583-12DC-4602-92A6-A88B259211DB} [2011/02/08 01:23:23 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010/11/12 20:37:43 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2009/09/15 15:57:26 | 000,001,356 | ---- | C] () -- C:\Users\Gill\AppData\Local\d3d9caps.dat [2008/07/22 12:49:04 | 000,000,092 | ---- | C] () -- C:\Users\Gill\AppData\Local\fusioncache.dat [2008/07/22 12:37:29 | 000,735,162 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008/06/06 16:39:15 | 000,000,976 | ---- | C] () -- C:\Windows\eReg.dat [2008/05/22 23:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008/05/22 23:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll [2008/04/13 12:08:26 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2008/02/24 20:26:17 | 003,049,984 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll [2008/02/24 20:26:17 | 000,404,480 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll [2008/02/24 20:26:17 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2008/02/24 20:26:17 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll [2008/02/02 00:29:16 | 000,052,224 | ---- | C] () -- C:\Users\Gill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/01/16 17:10:59 | 000,000,732 | ---- | C] () -- C:\Users\Gill\AppData\Local\d3d9caps64.dat [2007/12/24 19:49:52 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2007/12/12 18:45:25 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007/12/12 18:45:17 | 000,100,043 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2007/12/12 18:45:15 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007/03/12 13:01:30 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2007/03/10 12:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2007/02/06 01:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006/11/02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006/11/02 13:26:55 | 000,018,271 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2006/11/02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006/11/02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006/11/02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/02/25 19:09:38 | 000,774,144 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [1996/02/23 22:34:48 | 000,014,629 | ---- | C] () -- C:\Windows\SysWow64\Declw.dll [1996/02/22 20:09:20 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\Decln.dll ========== LOP Check ========== [2011/05/13 01:10:14 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\.minecraft [2008/07/22 12:38:14 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\2K Games [2011/02/28 21:24:24 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Azureus [2009/07/20 20:12:38 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\blinkx [2011/02/28 20:53:04 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\ChemTable Software [2008/06/12 11:35:03 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Command & Conquer 3 Kane's Wrath [2008/08/19 20:02:11 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011/02/21 16:40:15 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Dropbox [2011/01/17 21:57:40 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\eBookPro6 [2011/01/17 21:57:48 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\GetRightToGo [2011/06/09 01:57:10 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\GlarySoft [2011/05/04 13:36:02 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\PCTools [2009/03/27 18:22:14 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Red Alert 3 [2008/08/12 14:11:03 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Red Alert 3 Beta [2011/02/28 20:40:24 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Registry Mechanic [2008/09/06 13:32:59 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\SPORE [2008/09/05 22:37:25 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\SPORE Creature Creator [2010/08/03 13:05:22 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\SystemRequirementsLab [2011/01/20 22:23:10 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Trusteer [2011/05/04 14:15:16 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\TuneUpMedia [2011/06/12 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Tunngle [2011/02/28 20:33:53 | 000,000,264 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job [2011/05/03 22:47:40 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/06/14 12:46:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{947F2976-1144-4A50-B1C3-84F7A01DC0E4}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2008/01/19 08:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2008/01/16 20:58:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2008/02/24 20:32:53 | 000,009,833 | ---- | M] () -- C:\Cucu_Video_log.txt [2011/06/14 12:33:47 | 3219,709,952 | -HS- | M] () -- C:\hiberfil.sys [2010/08/03 13:07:54 | 000,012,125 | ---- | M] () -- C:\hs_err_pid5460.log [2008/08/01 17:00:27 | 000,000,102 | ---- | M] () -- C:\LevelParTimes.csv [2011/06/09 20:46:21 | 000,000,000 | ---- | M] () -- C:\MAIN.MIX [2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2011/06/14 12:33:46 | 3533,447,168 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/12/23 13:43:08 | 000,171,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wintrust.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2008/06/07 02:42:39 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/06 06:28:58 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/06 06:28:58 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/06 06:28:58 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/06/06 06:28:58 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/02/22 05:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/02/22 05:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/02/22 05:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/02/22 06:15:33 | 000,070,656 | ---- | M] () 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/02/22 06:15:33 | 000,070,656 | ---- | M] () 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/02/22 06:15:33 | 000,070,656 | ---- | M] () 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report >
- June 14, 2011
- 21 replies
Series of (most probably) related issues on Vista PC.

ljordan replied to ljordan's topic in Tech Support & Discussions Forum

Hi, ran that scan you suggested. Got the following report. RogueKiller V5.2.2 [06/05/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version Started in : Normal mode User: Gill [Admin rights] Mode: Scan -- Date : 06/13/2011 02:19:08 Bad processes: 0 Registry Entries: 2 [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND HOSTS File: 127.0.0.1 localhost ::1 localhost 127.0.0.1 007guard.com 127.0.0.1 http://www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 http://www.008k.com 127.0.0.1 00hq.com 127.0.0.1 http://www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 http://www.032439.com 127.0.0.1 1001-search.info 127.0.0.1 http://www.1001-search.info 127.0.0.1 100888290cs.com 127.0.0.1 http://www.100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 http://www.100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 http://www.10sek.com [...] Finished : << RKreport[1].txt >> RKreport[1].txt Thanks, Luke.
- June 13, 2011
- 21 replies
Series of (most probably) related issues on Vista PC.

ljordan replied to ljordan's topic in Tech Support & Discussions Forum

Managed to get it to work in safe mode. Ran a scan, heres the log. Malwarebytes' Anti-Malware 1.51.0.1200 http://www.malwarebytes.org Database version: 6818 Windows 6.0.6001 Service Pack 1 (Safe Mode) Internet Explorer 8.0.6001.19048 11/06/2011 22:01:55 mbam-log-2011-06-11 (22-01-55).txt Scan type: Full scan (C:\|) Objects scanned: 399213 Time elapsed: 1 hour(s), 4 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Gill\Desktop\Games\stress reducers.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
- June 11, 2011
- 21 replies
Series of (most probably) related issues on Vista PC.

ljordan replied to ljordan's topic in Tech Support & Discussions Forum

The best I was able to do was a quick scan which revealved that there were indeed two infections. Ive still been unable to start the computer in safe mode, but ill keep trying. Ill post the log below. Malwarebytes' Anti-Malware 1.51.0.1200 http://www.malwarebytes.org Database version: 6818 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19048 11/06/2011 20:47:42 mbam-log-2011-06-11 (20-47-42).txt Scan type: Quick scan Objects scanned: 177193 Time elapsed: 3 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\program files (x86)\registry helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully. Files Infected: c:\program files (x86)\registry helper\Starter.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully. Thanks again, Luke.
- June 11, 2011
- 21 replies
Series of (most probably) related issues on Vista PC.

ljordan replied to ljordan's topic in Tech Support & Discussions Forum

Tried a few times, was unable to start in safe mode. The system hung on the black screen that loads when safe mode comes up. The computer is running better than it has ever done in normal mode though.
- June 11, 2011
- 21 replies
Series of (most probably) related issues on Vista PC.

ljordan replied to ljordan's topic in Tech Support & Discussions Forum

I downloaded malwarebytes and ran the scan a couple of times, but it froze each time i tried it. The computer was fine though, and i could just end the task via the task manager. Ill run the scan again and see if it works.
- June 10, 2011
- 21 replies
Series of (most probably) related issues on Vista PC.

ljordan replied to ljordan's topic in Tech Support & Discussions Forum

Thanks for all your help, the majority of my problems seem to have been fixed using your second suggestion. I have been able to uninstall several programmes, aswell as install a few more. However, my computer still refuses to shut down (I forgot to mention this in the first post), and hangs on the blue shutting down screen. I'm also unable to uninstall or modify certain programmes such as itunes. I'm told that when I try to uninstall some of these programmes that "the windows installer service could not be accessed". Other than that though, all the crashes seem to have been resolved and I'm happy that I can finally install other programmes. If you know of any way to solve the remaining problems, that would be great.
- June 9, 2011
- 21 replies
Series of (most probably) related issues on Vista PC.

ljordan posted a topic in Tech Support & Discussions Forum

Hi all, having quite a few issues with my vista pc, and an currently stumped as to how to solve them. I was unsure whether this is a hardware issue or a software issue, but since i am able to do most of the things in safe mode that I cant do in normal mode, i presumed that it was more likely to be a software issue. Not quite sure where to start so ill just provide a description of my pc and a list of the current problems. Thanks for all the help you might be able to give. PC description - Windows 64 bit operating system Intel quad processer Q6600 2.40 GHz Nvidia 8800 gt Problems - - About 75% of the time the computer will freeze at some point after start up. This usually occurs when i open firefox. It doesnt crash or stop working, the cursor just displays a wheel and I cant click anything in firefox. If i try to click the taskbar, then that freezes and also displays a wheel - I am unable to close any programmes and so have to switch the computer off at the mains. - Of the above 75% of the time, sometimes the computer will freeze completely. By this i mean nothing can be clicked, and the cursor simply displays an arrow. - Of the times when firefox doesnt crash it may work for several hours and simply stop working, making the cursor display a wheel and losing all functionality - Occasionally, no browser will open at all (yet oddly, other programmes seem to work fine) - I am unable to install or uninstall any programme update, or driver. - Upon startup I am notified that several programmes fail to start up, that they have stopped working, or that certain files are missing. These programmes are, apple synch notifier, commondo registry cleaner, occasionally logitech mouse and keyboard (although oddly, my keyboard and mouse still work when this happens). Once again, I assumed that this is something to do with the registry and so belongs in this forum. Note - when i experience none of the problems when i start the computer in safe mode, except for the fact that i cannot use windows installer or install/unistall anything. Ive ran various virus and spyware checks with multiple registry cleaners, spydoctor (full version) and spyware search and destroy - all have come up clean, except for the registry cleaners, which tell me I need to pay to buy a full version to remove all the entries. Ideally, I shouldnt want to reformat my computer unless absolutely necessary, and doing so would be currently impossible since the disk i need to do that is in a different location to where I am. Thats all I can think of at the moment, any help that anyone can give would be welcome as I'm quite a bit out of my depth here. Thanks- Luke.
- June 8, 2011
- 21 replies

Sign In

ljordan

Posts

Joined

Last visited

Tech Info

ljordan's Achievements

Newbie (1/14)

Reputation

Series of (most probably) related issues on Vista PC.

Series of (most probably) related issues on Vista PC.

Series of (most probably) related issues on Vista PC.

Series of (most probably) related issues on Vista PC.

Series of (most probably) related issues on Vista PC.

Series of (most probably) related issues on Vista PC.

Series of (most probably) related issues on Vista PC.

Series of (most probably) related issues on Vista PC.

Series of (most probably) related issues on Vista PC.

Series of (most probably) related issues on Vista PC.

Series of (most probably) related issues on Vista PC.

Series of (most probably) related issues on Vista PC.

Series of (most probably) related issues on Vista PC.

Browse

Activity

Site Info