ljordan Posted June 8, 2011 Posted June 8, 2011 (edited) Hi all, having quite a few issues with my vista pc, and an currently stumped as to how to solve them. I was unsure whether this is a hardware issue or a software issue, but since i am able to do most of the things in safe mode that I cant do in normal mode, i presumed that it was more likely to be a software issue. Not quite sure where to start so ill just provide a description of my pc and a list of the current problems. Thanks for all the help you might be able to give. PC description - Windows 64 bit operating system Intel quad processer Q6600 2.40 GHz Nvidia 8800 gt Problems - - About 75% of the time the computer will freeze at some point after start up. This usually occurs when i open firefox. It doesnt crash or stop working, the cursor just displays a wheel and I cant click anything in firefox. If i try to click the taskbar, then that freezes and also displays a wheel - I am unable to close any programmes and so have to switch the computer off at the mains. - Of the above 75% of the time, sometimes the computer will freeze completely. By this i mean nothing can be clicked, and the cursor simply displays an arrow. - Of the times when firefox doesnt crash it may work for several hours and simply stop working, making the cursor display a wheel and losing all functionality - Occasionally, no browser will open at all (yet oddly, other programmes seem to work fine) - I am unable to install or uninstall any programme update, or driver. - Upon startup I am notified that several programmes fail to start up, that they have stopped working, or that certain files are missing. These programmes are, apple synch notifier, commondo registry cleaner, occasionally logitech mouse and keyboard (although oddly, my keyboard and mouse still work when this happens). Once again, I assumed that this is something to do with the registry and so belongs in this forum. Note - when i experience none of the problems when i start the computer in safe mode, except for the fact that i cannot use windows installer or install/unistall anything. Ive ran various virus and spyware checks with multiple registry cleaners, spydoctor (full version) and spyware search and destroy - all have come up clean, except for the registry cleaners, which tell me I need to pay to buy a full version to remove all the entries. Ideally, I shouldnt want to reformat my computer unless absolutely necessary, and doing so would be currently impossible since the disk i need to do that is in a different location to where I am. Thats all I can think of at the moment, any help that anyone can give would be welcome as I'm quite a bit out of my depth here. Thanks- Luke. Edited June 8, 2011 by ljordan Quote
KenB Posted June 8, 2011 Posted June 8, 2011 Hi and welcome to ExTS Try "Last Known Good Configuration" from the Advanced Startup options ( where you selected Safe Mode fom ). If this doesn't solve it.... Boot up. Start > type in ....msconfig .....ENTER Click on the Startup tab. Uncheck everything EXCEPT the AntiVirus and Firewall entries, OK the changes. Reboot. Let us know the result. If this is recent you could tr System Restore to a date just prior to the start of your problem. Also ... Registry Cleaners - NOT a good idea. The Registry is far to complex to entrust to a piece of software. If it deletes the wrong keys your system can be rendered inoperable. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
ljordan Posted June 9, 2011 Author Posted June 9, 2011 Thanks for all your help, the majority of my problems seem to have been fixed using your second suggestion. I have been able to uninstall several programmes, aswell as install a few more. However, my computer still refuses to shut down (I forgot to mention this in the first post), and hangs on the blue shutting down screen. I'm also unable to uninstall or modify certain programmes such as itunes. I'm told that when I try to uninstall some of these programmes that "the windows installer service could not be accessed". Other than that though, all the crashes seem to have been resolved and I'm happy that I can finally install other programmes. If you know of any way to solve the remaining problems, that would be great. Quote
KenB Posted June 9, 2011 Posted June 9, 2011 Hi, Download MBAM from here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html Remember to let it update before you run it. If it finds any malware copy the log and post it here. A removal expert may need to advise further. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
ljordan Posted June 10, 2011 Author Posted June 10, 2011 I downloaded malwarebytes and ran the scan a couple of times, but it froze each time i tried it. The computer was fine though, and i could just end the task via the task manager. Ill run the scan again and see if it works. Quote
KenB Posted June 10, 2011 Posted June 10, 2011 This is a cause for concern as it should run with no problems. Try it in Safe Mode. Switch on - constantly tap F8 about once per second. Select Safe Mode from the list of options. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
ljordan Posted June 11, 2011 Author Posted June 11, 2011 Tried a few times, was unable to start in safe mode. The system hung on the black screen that loads when safe mode comes up. The computer is running better than it has ever done in normal mode though. Quote
KenB Posted June 11, 2011 Posted June 11, 2011 You can't run MBAM or access Safe Mode. I think I will ask Starbuck to have a look at this thread and see if it is worthwhile having a security expert advise you further. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
ljordan Posted June 11, 2011 Author Posted June 11, 2011 The best I was able to do was a quick scan which revealved that there were indeed two infections. Ive still been unable to start the computer in safe mode, but ill keep trying. Ill post the log below. Malwarebytes' Anti-Malware 1.51.0.1200 http://www.malwarebytes.org Database version: 6818 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19048 11/06/2011 20:47:42 mbam-log-2011-06-11 (20-47-42).txt Scan type: Quick scan Objects scanned: 177193 Time elapsed: 3 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\program files (x86)\registry helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully. Files Infected: c:\program files (x86)\registry helper\Starter.exe (Rogue.RegistryHelper) -> Quarantined and deleted successfully. Thanks again, Luke. Quote
ljordan Posted June 11, 2011 Author Posted June 11, 2011 Managed to get it to work in safe mode. Ran a scan, heres the log. Malwarebytes' Anti-Malware 1.51.0.1200 http://www.malwarebytes.org Database version: 6818 Windows 6.0.6001 Service Pack 1 (Safe Mode) Internet Explorer 8.0.6001.19048 11/06/2011 22:01:55 mbam-log-2011-06-11 (22-01-55).txt Scan type: Full scan (C:\|) Objects scanned: 399213 Time elapsed: 1 hour(s), 4 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Gill\Desktop\Games\stress reducers.exe (Joke.Stressreducer) -> Quarantined and deleted successfully. Quote
KenB Posted June 12, 2011 Posted June 12, 2011 I have sent a PM to Starbuck. He is usually away at weekends so please have a little patience until he gets to you :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
ExTS Admin Starbuck Posted June 12, 2011 ExTS Admin Posted June 12, 2011 Thanks for the message Ken. http://fc07.deviantart.net/images3/i/2004/146/9/1/Two_thumbs_up.gif Hi ljordan Let's see if this throws up anything: Download RogueKiller and save it to your desktop. Close all the running processes Double click RogueKiller icon to run the program Vista/Win7 users should right click the icon and select Run as Administrator. When prompted, type 1 (SCAN) and then press Enter A report will open, please copy and paste this report in your next reply. A copy of the RKreport.txt can be found on your desktop. Note: If RogueKiller is blocked, do not hesitate to try running it again. If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again. Please post the RKreport.txt in your next reply. Thanks Quote Member of:UNITE
ljordan Posted June 13, 2011 Author Posted June 13, 2011 Hi, ran that scan you suggested. Got the following report. RogueKiller V5.2.2 [06/05/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version Started in : Normal mode User: Gill [Admin rights] Mode: Scan -- Date : 06/13/2011 02:19:08 Bad processes: 0 Registry Entries: 2 [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND HOSTS File: 127.0.0.1 localhost ::1 localhost 127.0.0.1 007guard.com 127.0.0.1 http://www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 http://www.008k.com 127.0.0.1 00hq.com 127.0.0.1 http://www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 http://www.032439.com 127.0.0.1 1001-search.info 127.0.0.1 http://www.1001-search.info 127.0.0.1 100888290cs.com 127.0.0.1 http://www.100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 http://www.100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 http://www.10sek.com [...] Finished : << RKreport[1].txt >> RKreport[1].txt Thanks, Luke. Quote
ExTS Admin Starbuck Posted June 13, 2011 ExTS Admin Posted June 13, 2011 Hi ljordan The 2 registry entries found, are nothing to worry about. They are to do with shared folders on the system. The Hosts file looks ok. ( all bad links are being redirected to your own system, as it should be) There's nothing to suggest the problems you are experiencing. If you want us to take a closer look for you: Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Thanks Quote Member of:UNITE
ljordan Posted June 14, 2011 Author Posted June 14, 2011 Ok thanks - the otl.txt file OTL logfile created on: 14/06/2011 12:41:02 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Gill\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 32.92% Memory free 6.20 Gb Paging File | 3.91 Gb Available in Paging File | 63.13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.88 Gb Total Space | 43.64 Gb Free Space | 18.74% Space Free | Partition Type: NTFS Drive E: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: LUKE-PC | User Name: Gill | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Gill\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) PRC - C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools) PRC - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools) PRC - C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) PRC - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools) PRC - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe () PRC - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe () PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\Gill\Downloads\OTL.scr (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\PC Tools Security\PCTGMhk.dll (PC Tools) ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe () SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (gpsvc) -- C:\Windows\SysNative\svchost.exe () SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (ASKUpgrade) -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe () SRV - (ASKService) -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe () SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe () SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (KService) -- C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) SRV - (Macromedia Licensing Service) -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) ========== Driver Services (SafeList) ========== DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\Drivers\RapportKE64.sys () DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys () DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys () DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys () DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys () DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys () DRV:64bit: - (pctgntdi) -- C:\Windows\SysNative\drivers\pctgntdi64.sys () DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys () DRV:64bit: - (pctplsg) -- C:\Windows\SysNative\drivers\pctplsg64.sys () DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys () DRV:64bit: - (iPodDrv) -- C:\Windows\SysNative\drivers\iPodDrv.sys () DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys () DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys () DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\DRIVERS\tap0901t.sys () DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys () DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys () DRV:64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys () DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys () DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys () DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys () DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys () DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys () DRV:64bit: - (ElbyDelay) -- C:\Windows\SysNative\Drivers\ElbyDelay.sys () DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\DRIVERS\RTL85n64.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.) DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.) DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys () DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.) DRV - (ElbyDelay) -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (Klmc) -- C:\Windows\SysWOW64\drivers\klmc.sys (Kaspersky Lab) DRV - (Klif) -- C:\Windows\SysWOW64\drivers\klif.sys (Kaspersky Labs) DRV - (Klin) -- C:\Windows\System32\drivers\klin.sys (Kaspersky Labs) DRV - (Klick) -- C:\Windows\System32\drivers\klick.sys (Kaspersky Labs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=antn&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=antn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=antn" FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6 FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cd576eb&v=6.010.006.004&i=29&tp=ab&iy=&ychte=uk&lng=en-GB&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\FireFox\ [2011/02/08 01:23:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/04 13:50:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/04 13:50:01 | 000,000,000 | ---D | M] [2008/06/17 21:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gill\AppData\Roaming\mozilla\Extensions [2011/06/06 16:00:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gill\AppData\Roaming\mozilla\Firefox\Profiles\e7082dhv.default\extensions [2009/09/03 15:28:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gill\AppData\Roaming\mozilla\Firefox\Profiles\e7082dhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/06/06 16:00:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Gill\AppData\Roaming\mozilla\Firefox\Profiles\e7082dhv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/05/04 14:59:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gill\AppData\Roaming\mozilla\Firefox\Profiles\e7082dhv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/08/15 20:43:44 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Gill\AppData\Roaming\mozilla\Firefox\Profiles\e7082dhv.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011/02/08 01:30:10 | 000,002,696 | ---- | M] () -- C:\Users\Gill\AppData\Roaming\Mozilla\Firefox\Profiles\e7082dhv.default\searchplugins\search-defender.xml [2011/05/04 13:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions File not found (No name found) -- () (No name found) -- C:\USERS\GILL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E7082DHV.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI [2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2011/02/28 20:53:04 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchantn.xml [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2008/02/04 22:55:49 | 000,224,358 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 http://www.007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 http://www.008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 http://www.00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 http://www.032439.com O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 http://www.1001-search.info O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 http://www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 http://www.10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 http://www.123topsearch.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 http://www.132.com O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 7874 more lines... O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [iSTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) O4 - HKLM..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O4 - Startup: C:\Users\Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Gill\Documents\hudf_150dpi.jpg O24 - Desktop BackupWallPaper: C:\Users\Gill\Documents\hudf_150dpi.jpg O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1996/11/07 18:19:30 | 000,450,560 | R--- | M] () - E:\automenu.exe -- [ CDFS ] O32 - AutoRun File - [1999/10/07 19:11:58 | 000,011,902 | R--- | M] () - E:\autorun.apm -- [ CDFS ] O32 - AutoRun File - [1999/02/03 03:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [1999/04/15 15:40:06 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{549fe2b5-9230-11e0-a913-0011f57695d8}\Shell - "" = AutoRun O33 - MountPoints2\{549fe2b5-9230-11e0-a913-0011f57695d8}\Shell\AutoRun\command - "" = E:\autorun.exe -- [1999/02/03 03:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - (Logitech Inc.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.) MsConfig:64bit - StartUpFolder: C:^Users^Gill^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: kdx - hkey= - key= - C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.) MsConfig:64bit - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.) MsConfig:64bit - StartUpReg: NvCplDaemon - hkey= - key= - C:\Windows\SysNative\rundll32.exe () MsConfig:64bit - StartUpReg: NVIDIA nTune - hkey= - key= - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) MsConfig:64bit - StartUpReg: NvMediaCenter - hkey= - key= - C:\Windows\SysNative\rundll32.exe () MsConfig:64bit - StartUpReg: NvSvc - hkey= - key= - C:\Windows\SysNative\rundll32.exe () MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/06/13 02:19:08 | 000,000,000 | ---D | C] -- C:\Users\Gill\Desktop\RK_Quarantine [2011/06/12 00:52:46 | 000,000,000 | ---D | C] -- C:\Users\Gill\Desktop\allied disk [2011/06/11 23:47:05 | 000,000,000 | ---D | C] -- C:\Users\Gill\Desktop\EA Games [2011/06/09 20:48:27 | 000,000,000 | ---D | C] -- C:\Users\Gill\Desktop\XP_Patch [2011/06/09 20:46:17 | 000,000,000 | ---D | C] -- C:\Games [2011/06/09 20:45:46 | 000,000,000 | ---D | C] -- C:\TBRASetup [2011/06/09 12:28:40 | 000,000,000 | ---D | C] -- C:\Users\Gill\AppData\Roaming\Malwarebytes [2011/06/09 12:28:27 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/06/09 12:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/06/09 12:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/06/09 12:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/06/09 05:22:00 | 000,000,000 | ---D | C] -- C:\Users\Gill\Documents\RedAlert1_AlliedDisc [2011/06/09 02:21:36 | 000,000,000 | ---D | C] -- C:\Users\Gill\AppData\Roaming\WinRAR [2011/06/09 02:21:36 | 000,000,000 | ---D | C] -- C:\Users\Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011/06/09 02:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011/06/09 02:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011/06/09 01:43:30 | 000,000,000 | ---D | C] -- C:\Users\Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc [2011/06/09 01:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc [2011/06/09 01:27:24 | 000,000,000 | ---D | C] -- C:\Users\Gill\{b82e5b3e-408d-4c0e-b756-9a781c14568b} [2011/06/09 01:08:38 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011/06/08 18:44:27 | 000,000,000 | ---D | C] -- C:\Users\Gill\{3fc1cb4a-f134-4f86-ae0f-64cdbd1f84a3} [2011/06/08 18:44:26 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys [2011/06/08 18:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc [2011/06/08 17:51:42 | 000,000,000 | ---D | C] -- C:\Users\Gill\{b6f5e937-d964-4e58-9668-db7a533453ff} [2011/06/08 17:51:37 | 000,000,000 | ---D | C] -- C:\Users\Gill\Documents\Tunngle [2011/06/08 17:51:37 | 000,000,000 | ---D | C] -- C:\Users\Gill\AppData\Roaming\Tunngle [2011/06/08 17:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle [2011/06/08 17:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle [2011/06/08 17:51:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle [2011/06/08 17:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle [2011/06/07 17:28:16 | 000,000,000 | ---D | C] -- C:\ad8f3568418353640f9dbfa9e559 [2011/05/28 19:12:27 | 000,000,000 | ---D | C] -- C:\a21489a318c8a4277ba932 [2011/05/23 12:53:44 | 000,000,000 | ---D | C] -- C:\8d6501e2b89a5600342a0b24a2c1 [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Gill\Documents\*.tmp files -> C:\Users\Gill\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/06/14 12:46:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{947F2976-1144-4A50-B1C3-84F7A01DC0E4}.job [2011/06/14 12:40:17 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/14 12:39:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011/06/14 12:33:58 | 000,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/06/14 12:33:58 | 000,003,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/06/14 12:33:57 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/14 12:33:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/06/14 12:33:47 | 3219,709,952 | -HS- | M] () -- C:\hiberfil.sys [2011/06/12 00:19:07 | 000,001,090 | ---- | M] () -- C:\Users\Gill\Desktop\Game - Shortcut.lnk [2011/06/09 20:46:21 | 000,000,000 | ---- | M] () -- C:\MAIN.MIX [2011/06/09 18:41:24 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011/06/09 12:28:27 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/09 01:46:08 | 000,790,054 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/06/09 01:46:08 | 000,667,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/06/09 01:46:08 | 000,133,210 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/06/09 01:43:30 | 000,000,828 | ---- | M] () -- C:\Users\Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2011/06/09 01:43:30 | 000,000,792 | ---- | M] () -- C:\Users\Gill\Desktop\MagicDisc.lnk [2011/06/09 01:39:59 | 000,000,792 | ---- | M] () -- C:\Users\Gill\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk [2011/06/09 01:39:59 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk [2011/06/08 17:54:45 | 000,293,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/06/07 11:36:45 | 000,000,000 | ---- | M] () -- C:\Users\Gill\AppData\Local\{8D906D26-82F1-4618-960A-0B6BBCD6D0D6} [2011/06/06 21:43:32 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job [2011/06/03 23:09:34 | 000,000,000 | ---- | M] () -- C:\Users\Gill\AppData\Local\{854C6583-12DC-4602-92A6-A88B259211DB} [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/05/29 09:11:20 | 000,025,912 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Gill\Documents\*.tmp files -> C:\Users\Gill\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/06/12 00:19:07 | 000,001,090 | ---- | C] () -- C:\Users\Gill\Desktop\Game - Shortcut.lnk [2011/06/11 22:03:02 | 3219,709,952 | -HS- | C] () -- C:\hiberfil.sys [2011/06/09 20:46:21 | 000,000,000 | ---- | C] () -- C:\MAIN.MIX [2011/06/09 20:36:24 | 654,348,288 | ---- | C] () -- C:\Users\Gill\Desktop\CD1_ALLIED_DISC.ISO [2011/06/09 12:28:27 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/09 12:28:23 | 000,025,912 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011/06/09 01:43:30 | 000,000,828 | ---- | C] () -- C:\Users\Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2011/06/09 01:43:30 | 000,000,792 | ---- | C] () -- C:\Users\Gill\Desktop\MagicDisc.lnk [2011/06/08 18:44:26 | 000,255,552 | ---- | C] () -- C:\Windows\SysNative\drivers\mcdbus.sys [2011/06/08 17:51:29 | 000,031,232 | ---- | C] () -- C:\Windows\SysNative\drivers\tap0901t.sys [2011/06/08 17:51:29 | 000,000,792 | ---- | C] () -- C:\Users\Gill\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk [2011/06/08 17:51:29 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk [2011/06/07 11:36:45 | 000,000,000 | ---- | C] () -- C:\Users\Gill\AppData\Local\{8D906D26-82F1-4618-960A-0B6BBCD6D0D6} [2011/06/03 23:09:34 | 000,000,000 | ---- | C] () -- C:\Users\Gill\AppData\Local\{854C6583-12DC-4602-92A6-A88B259211DB} [2011/02/08 01:23:23 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010/11/12 20:37:43 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2009/09/15 15:57:26 | 000,001,356 | ---- | C] () -- C:\Users\Gill\AppData\Local\d3d9caps.dat [2008/07/22 12:49:04 | 000,000,092 | ---- | C] () -- C:\Users\Gill\AppData\Local\fusioncache.dat [2008/07/22 12:37:29 | 000,735,162 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008/06/06 16:39:15 | 000,000,976 | ---- | C] () -- C:\Windows\eReg.dat [2008/05/22 23:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008/05/22 23:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll [2008/04/13 12:08:26 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2008/02/24 20:26:17 | 003,049,984 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll [2008/02/24 20:26:17 | 000,404,480 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll [2008/02/24 20:26:17 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2008/02/24 20:26:17 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll [2008/02/02 00:29:16 | 000,052,224 | ---- | C] () -- C:\Users\Gill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/01/16 17:10:59 | 000,000,732 | ---- | C] () -- C:\Users\Gill\AppData\Local\d3d9caps64.dat [2007/12/24 19:49:52 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2007/12/12 18:45:25 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007/12/12 18:45:17 | 000,100,043 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2007/12/12 18:45:15 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007/03/12 13:01:30 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2007/03/10 12:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2007/02/06 01:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006/11/02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006/11/02 13:26:55 | 000,018,271 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2006/11/02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006/11/02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006/11/02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/02/25 19:09:38 | 000,774,144 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [1996/02/23 22:34:48 | 000,014,629 | ---- | C] () -- C:\Windows\SysWow64\Declw.dll [1996/02/22 20:09:20 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\Decln.dll ========== LOP Check ========== [2011/05/13 01:10:14 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\.minecraft [2008/07/22 12:38:14 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\2K Games [2011/02/28 21:24:24 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Azureus [2009/07/20 20:12:38 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\blinkx [2011/02/28 20:53:04 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\ChemTable Software [2008/06/12 11:35:03 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Command & Conquer 3 Kane's Wrath [2008/08/19 20:02:11 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011/02/21 16:40:15 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Dropbox [2011/01/17 21:57:40 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\eBookPro6 [2011/01/17 21:57:48 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\GetRightToGo [2011/06/09 01:57:10 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\GlarySoft [2011/05/04 13:36:02 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\PCTools [2009/03/27 18:22:14 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Red Alert 3 [2008/08/12 14:11:03 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Red Alert 3 Beta [2011/02/28 20:40:24 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Registry Mechanic [2008/09/06 13:32:59 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\SPORE [2008/09/05 22:37:25 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\SPORE Creature Creator [2010/08/03 13:05:22 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\SystemRequirementsLab [2011/01/20 22:23:10 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Trusteer [2011/05/04 14:15:16 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\TuneUpMedia [2011/06/12 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Gill\AppData\Roaming\Tunngle [2011/02/28 20:33:53 | 000,000,264 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job [2011/05/03 22:47:40 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/06/14 12:46:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{947F2976-1144-4A50-B1C3-84F7A01DC0E4}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2008/01/19 08:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2008/01/16 20:58:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2008/02/24 20:32:53 | 000,009,833 | ---- | M] () -- C:\Cucu_Video_log.txt [2011/06/14 12:33:47 | 3219,709,952 | -HS- | M] () -- C:\hiberfil.sys [2010/08/03 13:07:54 | 000,012,125 | ---- | M] () -- C:\hs_err_pid5460.log [2008/08/01 17:00:27 | 000,000,102 | ---- | M] () -- C:\LevelParTimes.csv [2011/06/09 20:46:21 | 000,000,000 | ---- | M] () -- C:\MAIN.MIX [2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2011/06/14 12:33:46 | 3533,447,168 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/12/23 13:43:08 | 000,171,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wintrust.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2008/06/07 02:42:39 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/06 06:28:58 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/06 06:28:58 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/06 06:28:58 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/06/06 06:28:58 | 001,011,768 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/02/22 05:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/02/22 05:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/02/22 05:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/02/22 06:15:33 | 000,070,656 | ---- | M] () 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/02/22 06:15:33 | 000,070,656 | ---- | M] () 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/02/22 06:15:33 | 000,070,656 | ---- | M] () 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/02/22 07:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Quote
ljordan Posted June 14, 2011 Author Posted June 14, 2011 The extras.txt file. OTL Extras logfile created on: 14/06/2011 12:41:02 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Gill\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 32.92% Memory free 6.20 Gb Paging File | 3.91 Gb Available in Paging File | 63.13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.88 Gb Total Space | 43.64 Gb Free Space | 18.74% Space Free | Partition Type: NTFS Drive E: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: LUKE-PC | User Name: Gill | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe () [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" () InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l () InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" () piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 90 44 84 54 3F C8 C8 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04454B1B-CEB0-40B1-9EE8-1AD116A120EF}" = lport=2869 | protocol=6 | dir=in | app=system | "{05748618-F2B2-41C9-A392-1BDDF330CA6E}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{12D4D372-8BEC-4660-98A7-D25F08E61A5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2195F25B-4395-4BE1-AE34-9F97CC2CC487}" = rport=10244 | protocol=6 | dir=out | app=system | "{259CEDDB-9102-461C-A974-7A07648CFD1B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{293BC4DF-9451-4214-AAC6-61FFA8440FD8}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | "{2F21B8B2-09A0-4084-A16C-1F6D6985E7A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2FD989A7-25BF-4F23-A734-EE167BF75F23}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{30504BA7-11A1-4906-85DE-8257D7E8A2CC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{321413CF-056B-4A0E-B779-F62905051F8D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3D29000A-B3D0-42C4-A0B0-0E0A117990E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{42D45D0B-808C-427E-923E-AD7314601DF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{44648BE1-1992-42E1-8345-68E1263269D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{466182AA-A6CE-4165-9D2B-8BF54459CC1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4822EA0A-5098-4054-A56E-2441FF3D4843}" = rport=2178 | protocol=6 | dir=out | app=system | "{48AB99F2-05DF-4F50-BAA5-3218E604C34D}" = rport=10243 | protocol=6 | dir=out | app=system | "{49884EB7-BC94-4296-ACA1-75C43572D93E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{4D2382CD-7F25-4050-A4E5-34FC1D1B6735}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4EA1FD8C-0158-4473-81BE-402D4B53931C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52AC8FD8-22C1-438C-8D21-598AEE90C5F9}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{532F19C5-59C8-4BF4-80E1-ECB2B0021227}" = rport=2869 | protocol=6 | dir=out | app=system | "{5C5872DF-1FB9-4BA7-BC51-239DE3824DE2}" = lport=2869 | protocol=6 | dir=in | app=system | "{6503E575-0F1E-4320-9BAC-22EB3AA0D88F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{78162531-67EC-4E24-95B1-D8848CF2D059}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7B56CAB2-16C8-4DB9-9DF9-3DECF00F6446}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | "{7BD1431B-49A2-473C-905C-89A950A8AE57}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{86ABD41A-851F-4858-9234-2D0EB8D22F9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8A7A8FC1-074A-4A7E-8F6C-16B2DF43A200}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8B5002F0-257E-4880-944C-957EA583F2C8}" = rport=10244 | protocol=6 | dir=out | app=system | "{8D4018E7-F85F-4DFA-B638-E461764789D2}" = lport=2178 | protocol=6 | dir=in | app=system | "{922CC534-482D-432C-83F3-1F15B81FA8DE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9AFA6AB0-5EF9-414C-9F7C-8AFEC5DA1129}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{9C2DD3D8-26A4-4516-8B32-D09A54EDE3F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9EB94EED-C62E-42EA-A272-BD7EEF6413B6}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{A186686A-8659-45A4-A42A-6C71E9768685}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A23C5AC4-5DAE-48F4-93CC-D98CE92495B2}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{A444F0C9-AE74-4736-87E7-D8CC9EE2CABA}" = lport=10244 | protocol=6 | dir=in | app=system | "{AC05D5AB-F080-4DFF-AFD5-726CBC2AC7F2}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | "{B6263804-1AA3-444E-AD0A-07F6AC9EE6C2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B693F5B4-E0CD-43B5-A0C4-89EAE234B9D8}" = lport=2869 | protocol=6 | dir=in | app=system | "{B9DA3941-5B25-472D-A5EB-3FA50F70D9B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C735A5DE-9D30-47F3-A871-BA6D8ADEF495}" = lport=3390 | protocol=6 | dir=in | app=system | "{CBEFE5DA-EDDE-4CD3-B65E-B78EFF915931}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{CC5C7EB0-5D8B-4DF8-BC25-87F2B9948ED1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D3B594B4-842A-48B7-9F65-1BE4B7B5F5D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D6E5424D-DBBD-47C4-AE45-8F84CF12A466}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D7C79722-C539-4F3D-85D0-6D912F7D72C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DC45D307-0E3E-4EED-BE36-01935B89ED7B}" = lport=10244 | protocol=6 | dir=in | app=system | "{F0F9FF11-00A4-4169-949D-E24F71CC58F4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{F16159A3-BBA0-4A43-8663-97562524F0A2}" = lport=3390 | protocol=6 | dir=in | app=system | "{F735C835-3CFD-494B-B5CB-9120FEC4D888}" = lport=10243 | protocol=6 | dir=in | app=system | "{FBB76F75-E4CE-46F6-9255-9DD0038D6B77}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FCB92B01-D1EF-4FBF-9372-468BB4D6B882}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CBB940-F989-48F6-8C1E-A191EABDD8CB}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | "{021A4F6F-0038-4340-98FE-3653A5068023}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{02367ABD-2C9A-402C-BC67-96850EB944BB}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "{02E55F7F-49BD-47E8-B2DF-3B0C4B31051B}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | "{09575E6E-82A6-4A0A-A518-1DF873C6943D}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | "{0AB9DDB0-CB0E-4D68-9D4C-E535857E495D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{0C98B1C7-582F-4B18-8A01-04905B097DB7}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{0CBF385A-D6BF-4223-81C2-74C2AD00545E}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | "{0DEDB192-BFE4-4B4B-A5B3-92407BA7407F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{0E2F7BCF-3C2B-49FF-9AC1-D262359CC83D}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | "{13B853B6-22D5-45FA-B833-29EB914439B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1605CDC1-AED0-47BE-97E6-59B8E66F2E4B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{17041CF5-69EA-44A4-9361-55944F6C4302}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\dropbox\bin\dropbox.exe | "{17183E7B-A1B2-4A6A-B137-7E3D084C26C4}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | "{1B56699A-E44F-4E37-87B1-E490C7FC82CA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{1C97B409-87D1-4A16-AB80-B6F1412BC7F3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{22C330ED-2DCB-4AF2-BA44-8EE457C56B91}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2A400E37-CB3A-4A67-A4CB-C5C359B95609}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2A62E57B-3044-410B-B861-8D4BDF5FF0B9}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{2C9EC4CC-7C2E-4224-9309-519EBE460CF9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{37924BED-A411-46E7-B27B-31A18D57FBCF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{3BBCD54E-8031-47B5-8462-3AE17A9461AD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3D87CBD6-C735-4A04-8727-C7707EBD0448}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.1\cnc3ep1.dat | "{41FD1CCF-E44D-49C1-9748-F73704191D11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{466A5363-7D6F-4482-9F1B-5F2B8E6C8335}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A0CCD6F-6975-4C4A-BC5F-B49AB7E0753F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4A796959-0ABA-49A2-A59C-1E051DC593DC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4E18708B-476B-4B87-8738-E20D53D3FC6A}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\dropbox\bin\dropbox.exe | "{56E3D0A3-60FC-4CB3-A67E-A68F597CB3CB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{5935A222-2389-46BD-AFAC-70EC1A7FF906}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | "{5A21D8F7-93C0-47D9-A023-3136477E0D6D}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{5E6F57F0-B445-4305-A225-3FC7531E60C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6522F94F-8622-49B5-869A-5CBA57B17084}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6A0B1A39-9E12-4CBA-A057-9E91F6534D2C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6AFCD639-CDCE-4DF3-B590-B561618CA1A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6C1DDB6C-C780-4B5D-92F7-D98D3898E08D}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | "{6C56F9DB-E8FB-4750-A674-96DCDECEA72D}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{71BFABA4-FD76-4C82-91B3-A430DA49F3D8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{744E3F08-3DD6-4531-B48F-CAB7805A410E}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{753F21DA-F1D1-40C1-95EC-133222216855}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{766C9972-5B3B-4685-ACC0-4C586904DF52}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{775B6153-0213-402C-A064-12861702B545}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | "{77C5FBD1-8CAC-483C-9EB7-4B169BFFD080}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | "{785F7087-EC59-47FB-828C-3FCAFD1F169E}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{79DAB1B7-5092-4934-84B9-641EF94439F9}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | "{80E64483-E5F0-4752-99DC-9BFF4ECEECBD}" = protocol=6 | dir=in | app=c:\program files (x86)\kontiki\kservice.exe | "{86264DC4-1094-49A5-9CCB-EFCBBA197D38}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{86F8B203-B56A-4A76-9A52-9C1AC8A57AFE}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{8D5F1F83-EA38-447A-A393-B59DEC5EE232}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8DFE1B53-5D83-463F-A846-2898622BDD51}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{8EB17E3B-4A5B-4A31-B530-5D37434E6DC3}" = protocol=17 | dir=in | app=c:\program files (x86)\kontiki\kservice.exe | "{91DA049F-53FB-436F-98BC-4D6B1154F74D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{9CB6AE10-3562-4689-87C3-A9E5FB0E29F1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{9E6090BB-85C5-49E9-A531-6F9D9FF24F33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A618413A-2E9C-483F-BD35-3EBC93334CD7}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{ABDECB86-9828-4EE7-9B7B-8949FD735383}" = protocol=6 | dir=out | app=system | "{AD1D22D4-E344-4693-99BB-BA7C24663BC9}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{B1502BDB-F5B6-4C09-828E-BA0B505A49D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B3FA5519-501E-4877-9626-C80EC7E64C47}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{B6668E2D-598E-475A-87AE-4450447DDE94}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | "{B7794E01-DC57-476E-91E3-4DB35B1B908E}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B7BAC4D1-61F4-4C17-83D1-5948DEADC7D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BC1E252B-C23D-4692-BD71-00B75C6C7C2C}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{C3D6BFD6-85D9-413B-857C-C65D8F913F69}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{C8A7A273-B6D4-4142-96C2-F00B0FDFD44E}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | "{CFE4B0D4-BFB4-45F6-B515-80B756BC21F9}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | "{D1304231-91DE-4855-8BC8-E572A28DD1B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D4C51E4D-168E-4BFF-8484-6889508CCCF1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{D9AA7ED4-DCC6-4AD8-9B7B-46F235C56049}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DB0672F4-77F1-4957-A3E5-A0E42B6987FF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{DBCFBAD7-F3AC-43A5-8830-6D980FBB9B3C}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{DD4A01B8-60D6-43EF-B3BD-0556BC716B12}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | "{DF221444-F9F9-4B63-87E4-BD9B3222F587}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{E158BE96-489F-41A0-A33C-6CDEF9EF97BA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{E16895FE-1CF7-481D-85F5-B15A579BB0B7}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | "{E80B2C95-C017-4C42-9223-26969FDD7B75}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{EA082D3C-1E97-40F0-B804-4F3EC827481D}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | "{EA663305-1723-4FE0-8A58-C6EE136500C5}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{F5122D6B-A96E-4CD1-91AC-4E3810C73994}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | "{FB8C00EB-6CDF-4501-B148-3F69C8F999CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FCCA756F-86AA-4CE4-8B8D-2CAED30A90D6}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{FD4B5303-1E1F-4BBE-8507-BCE444A3631E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{00DF9888-CC65-4143-ADC2-3A65E77F5B1D}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{09156CEA-8B17-4251-A1F7-BAC7CE4F4052}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "TCP Query User{0A801C87-8AE9-4769-B20E-904CA9AF2F24}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "TCP Query User{0F1B10C8-E5AB-47AD-B9A9-2BB68C0409CA}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "TCP Query User{137659F1-2767-4516-988F-947FFE69078F}C:\program files (x86)\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "TCP Query User{1BEF415A-7143-4BA5-B0D4-D98350028E95}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "TCP Query User{2034BD15-0664-499A-9575-6765100CE7CE}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game | "TCP Query User{271CCF05-4733-41B7-BDC0-F5AA57A9312B}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | "TCP Query User{31CD180E-887F-4964-ADBF-55AA347B779A}C:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat | "TCP Query User{39D921BD-DCEA-4115-990A-5A2A71126B73}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{4D7574CC-5056-4A7B-AFA2-2E64F41745F8}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{5D98EF6A-ED40-47D2-B9FF-25285E50D7CF}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "TCP Query User{64CBB57B-9E15-468C-847C-45AF2104C480}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{714CE16B-B105-4AB5-93A7-40ADBA499DE9}C:\westwood\ra2\gamemd.exe" = protocol=6 | dir=in | app=c:\westwood\ra2\gamemd.exe | "TCP Query User{770535FC-E973-4958-BDCA-A9D468E62237}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{83689605-B9D2-4648-B010-DAA834B054F5}C:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe | "TCP Query User{87BE12F1-E1DA-45D8-B9DB-6D3A87A939E1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{89ED09A5-3314-4736-BA17-F61502985CCA}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{9A8FAF4B-671E-47E0-B56C-4D892CD09A45}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "TCP Query User{AD310B80-9388-4403-930F-0C0DE57BE2F1}C:\program files (x86)\blinkx\blinkx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "TCP Query User{B1D545B6-DD48-4E91-81B3-79051BAB1AD2}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "TCP Query User{BB09174A-382C-42CA-9457-3AC942C8F81B}C:\program files (x86)\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "TCP Query User{C3855681-160F-454C-8083-203C9B1171E4}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "TCP Query User{C66C26EC-AC48-4373-B2C1-A41E22B5A7A7}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{CB077D4E-24BC-4E70-A4B0-F2A20BF731AA}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{D25583EC-C0D8-445C-82ED-7B2251E62524}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{D7FB63D1-60A8-4C8B-99F8-DF79590D2540}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "TCP Query User{DACBB89B-B888-4FD6-90A4-53706910BD59}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{DE5AC0FA-D4AA-4DCF-A1EA-BCE06F746CA9}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{E094EA4C-0713-4A39-BBBF-E047C570F7E0}C:\program files (x86)\blinkx\blinkx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "TCP Query User{E3EAD1F2-D4B0-4440-A041-F589DC95D6B7}C:\westwood\ra2\gamemd.exe" = protocol=6 | dir=in | app=c:\westwood\ra2\gamemd.exe | "UDP Query User{0D420FB6-B3A1-4E20-9BB3-EC28AC9AF817}C:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat | "UDP Query User{0FFD8987-389B-4663-B1E6-86139EDA9BD2}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "UDP Query User{103539B8-B0DD-45EC-9884-4298A83A9844}C:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe | "UDP Query User{293781E0-8590-4EB0-B658-D356A39208CD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{2C854E25-143E-438C-BA94-FCE2C6D6F52D}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{2F2C2AF5-D97E-4E5E-AE2B-4EACE25FF916}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{3612A75C-A7C3-4C0E-98D7-F15705539279}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{3BB4E487-89B2-4922-9D92-3B86BE02D79E}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "UDP Query User{3E424C5E-3948-44C1-8D8F-C350A140B4A1}C:\program files (x86)\blinkx\blinkx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "UDP Query User{49DE1576-DE2D-4C12-A5C6-F789258D06CA}C:\program files (x86)\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "UDP Query User{595AF5C6-3188-41F0-B5CC-E810B8C392ED}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "UDP Query User{63F52BB8-1160-49C1-8498-8673A9E4905E}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "UDP Query User{67BDF871-2EAD-4E80-9778-31F50437AC38}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | "UDP Query User{681485CD-3B49-48EE-A1FB-03EC53C5B447}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "UDP Query User{73ADB552-896D-4D66-B81A-014EA1430DB9}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{7AB100E3-3856-43C3-ADB2-46084E91B84E}C:\westwood\ra2\gamemd.exe" = protocol=17 | dir=in | app=c:\westwood\ra2\gamemd.exe | "UDP Query User{7B7E3C0C-69AE-45AB-8BF6-FE9CA5B55327}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{7BE9CBCD-F1E7-4523-9E07-2F24D774FAD1}C:\program files (x86)\blinkx\blinkx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "UDP Query User{7CBB746C-CD23-4950-A03C-EE72317D4981}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "UDP Query User{7F0088BB-454F-4E1D-9A49-139FED697626}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{86CD479A-7B58-4F6D-8DA4-8E0B66C033A5}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{8E681437-DAD8-4951-A032-F58CBE326628}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "UDP Query User{972DCCCE-8028-4898-A5AB-E20D54E4D356}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{975A4BD1-B937-4452-B744-0E2E41CACF94}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{9AB1262C-9663-4366-805A-A899B3EF22C4}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{9D609BA7-CEDE-4D83-9776-7045CFF8DB77}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{BCD084DF-4405-44E7-A890-353976069CF6}C:\program files (x86)\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "UDP Query User{E2E8A752-6511-47CC-B555-B36039E46860}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game | "UDP Query User{E55DF367-56B9-4898-BF74-AECAB77C32BB}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "UDP Query User{F02F62D1-4B97-4283-8B72-CAA4210F802F}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "UDP Query User{FC69E38D-F97C-4BDD-A111-9E42158C6068}C:\westwood\ra2\gamemd.exe" = protocol=17 | dir=in | app=c:\westwood\ra2\gamemd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{4174CFCC-49C1-478B-9D83-3F7BE61CBBDF}" = 64-bit MathLink Libraries (6.0.2.1009485) "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64) "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{389E2A0A-403D-4DDC-B2FA-269D26999395}" = Universe at War Earth Assault (DEMO) "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player "{5B38B88D-1A17-42A1-A8CB-E784C0E7D242}" = BT Voyager 1055 "{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar) "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo "{BB0EB7D5-D1C7-41D1-B974-32F6596A7164}" = Mathematica Player "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet "{C1F97FD4-1BD9-45BE-A580-0174BBA8B7F5}" = Command & Conquer™ Red Alert™ 3 Beta "{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari "{CA1AB30E-8B9F-4739-A0F7-5BC1226D2BA3}" = Starship Troopers "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 "{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Any FLV Player" = Any FLV Player 1.1.3 "Ask Toolbar_is1" = Vuze Toolbar "blinkx beat" = blinkx beat "Browser Defender_is1" = Browser Defender 3.0 "CinemaForge" = CinemaForge "CloneDVD2" = CloneDVD2 "Defcon_is1" = Defcon v1.43 "doubleTwist" = doubleTwist "Download Manager" = Download Manager 2.3.6 "EADM" = EA Download Manager "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "Galactic Civilizations II" = Galactic Civilizations II "GanttProject" = GanttProject "Google Chrome" = Google Chrome "Google Updater" = Google Updater "Hamachi" = Hamachi 1.0.3.0 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HotspotShield" = Hotspot Shield 1.12 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{389E2A0A-403D-4DDC-B2FA-269D26999395}" = Universe at War Earth Assault (DEMO) "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo "InstallShield_{BB0EB7D5-D1C7-41D1-B974-32F6596A7164}" = Mathematica Player "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "KeepV Flash Converter_is1" = KeepV Flash Converter "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB) "PFPortChecker" = PFPortChecker 1.0.30 "PokerStars" = PokerStars "Rapport_msi" = Rapport "Red Alert 2" = Command & Conquer Red Alert 2 "Registry Mechanic_is1" = Registry Mechanic 10.0 "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition "Spyware Doctor" = Spyware Doctor "StarCraft II" = StarCraft II "StuffPlug3" = StuffPlug 3 "SystemRequirementsLab" = System Requirements Lab "TuneUpMedia" = TuneUp Companion 1.5.9 "Tunngle beta_is1" = Tunngle beta "WinLiveSuite_Wave3" = Windows Live Essentials "WOLAPI" = Westwood Shared Internet Components "WonderWebWare Screen Ruler_is1" = WonderWebWare Screen Ruler 4.0 "Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete "3038469762.skyplayer.sky.com" = Sky Player Desktop "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/06/2011 15:36:27 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = [ Media Center Events ] Error - 16/04/2008 07:59:16 | Computer Name = Luke-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 17/04/2008 14:30:20 | Computer Name = Luke-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 25/05/2008 15:37:59 | Computer Name = Luke-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 21/06/2008 14:57:05 | Computer Name = Luke-PC | Source = Mcx2Dvcs | ID = 401 Description = Error - 26/06/2008 17:41:42 | Computer Name = Luke-PC | Source = McrMgr | ID = 109 Description = [ OSession Events ] Error - 21/04/2008 18:43:59 | Computer Name = Luke-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11336728 seconds with 4140 seconds of active time. This session ended with a crash. [ System Events ] Error - 13/06/2011 19:06:47 | Computer Name = Luke-PC | Source = bowser | ID = 8003 Description = Error - 14/06/2011 07:33:44 | Computer Name = Luke-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\drivers\klmc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 14/06/2011 07:33:44 | Computer Name = Luke-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\drivers\klif.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 14/06/2011 07:33:53 | Computer Name = Luke-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 00:52:55 on 14/06/2011 was unexpected. Error - 14/06/2011 07:33:55 | Computer Name = Luke-PC | Source = HTTP | ID = 15016 Description = Error - 14/06/2011 07:34:21 | Computer Name = Luke-PC | Source = Service Control Manager | ID = 7003 Description = Error - 14/06/2011 07:34:21 | Computer Name = Luke-PC | Source = Service Control Manager | ID = 7000 Description = Error - 14/06/2011 07:34:37 | Computer Name = Luke-PC | Source = Service Control Manager | ID = 7026 Description = Error - 14/06/2011 07:36:49 | Computer Name = Luke-PC | Source = ipnathlp | ID = 31004 Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. Error - 14/06/2011 07:41:57 | Computer Name = Luke-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = < End of report > Thanks again, Luke. Quote
ljordan Posted June 14, 2011 Author Posted June 14, 2011 The extras.txt file. OTL Extras logfile created on: 14/06/2011 12:41:02 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Gill\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 32.92% Memory free 6.20 Gb Paging File | 3.91 Gb Available in Paging File | 63.13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232.88 Gb Total Space | 43.64 Gb Free Space | 18.74% Space Free | Partition Type: NTFS Drive E: | 623.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: LUKE-PC | User Name: Gill | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe () [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" () InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l () InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" () piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 90 44 84 54 3F C8 C8 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04454B1B-CEB0-40B1-9EE8-1AD116A120EF}" = lport=2869 | protocol=6 | dir=in | app=system | "{05748618-F2B2-41C9-A392-1BDDF330CA6E}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{12D4D372-8BEC-4660-98A7-D25F08E61A5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2195F25B-4395-4BE1-AE34-9F97CC2CC487}" = rport=10244 | protocol=6 | dir=out | app=system | "{259CEDDB-9102-461C-A974-7A07648CFD1B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{293BC4DF-9451-4214-AAC6-61FFA8440FD8}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | "{2F21B8B2-09A0-4084-A16C-1F6D6985E7A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2FD989A7-25BF-4F23-A734-EE167BF75F23}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{30504BA7-11A1-4906-85DE-8257D7E8A2CC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{321413CF-056B-4A0E-B779-F62905051F8D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3D29000A-B3D0-42C4-A0B0-0E0A117990E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{42D45D0B-808C-427E-923E-AD7314601DF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{44648BE1-1992-42E1-8345-68E1263269D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{466182AA-A6CE-4165-9D2B-8BF54459CC1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4822EA0A-5098-4054-A56E-2441FF3D4843}" = rport=2178 | protocol=6 | dir=out | app=system | "{48AB99F2-05DF-4F50-BAA5-3218E604C34D}" = rport=10243 | protocol=6 | dir=out | app=system | "{49884EB7-BC94-4296-ACA1-75C43572D93E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{4D2382CD-7F25-4050-A4E5-34FC1D1B6735}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4EA1FD8C-0158-4473-81BE-402D4B53931C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52AC8FD8-22C1-438C-8D21-598AEE90C5F9}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{532F19C5-59C8-4BF4-80E1-ECB2B0021227}" = rport=2869 | protocol=6 | dir=out | app=system | "{5C5872DF-1FB9-4BA7-BC51-239DE3824DE2}" = lport=2869 | protocol=6 | dir=in | app=system | "{6503E575-0F1E-4320-9BAC-22EB3AA0D88F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{78162531-67EC-4E24-95B1-D8848CF2D059}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7B56CAB2-16C8-4DB9-9DF9-3DECF00F6446}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | "{7BD1431B-49A2-473C-905C-89A950A8AE57}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{86ABD41A-851F-4858-9234-2D0EB8D22F9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8A7A8FC1-074A-4A7E-8F6C-16B2DF43A200}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8B5002F0-257E-4880-944C-957EA583F2C8}" = rport=10244 | protocol=6 | dir=out | app=system | "{8D4018E7-F85F-4DFA-B638-E461764789D2}" = lport=2178 | protocol=6 | dir=in | app=system | "{922CC534-482D-432C-83F3-1F15B81FA8DE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9AFA6AB0-5EF9-414C-9F7C-8AFEC5DA1129}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{9C2DD3D8-26A4-4516-8B32-D09A54EDE3F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9EB94EED-C62E-42EA-A272-BD7EEF6413B6}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{A186686A-8659-45A4-A42A-6C71E9768685}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A23C5AC4-5DAE-48F4-93CC-D98CE92495B2}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{A444F0C9-AE74-4736-87E7-D8CC9EE2CABA}" = lport=10244 | protocol=6 | dir=in | app=system | "{AC05D5AB-F080-4DFF-AFD5-726CBC2AC7F2}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | "{B6263804-1AA3-444E-AD0A-07F6AC9EE6C2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B693F5B4-E0CD-43B5-A0C4-89EAE234B9D8}" = lport=2869 | protocol=6 | dir=in | app=system | "{B9DA3941-5B25-472D-A5EB-3FA50F70D9B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C735A5DE-9D30-47F3-A871-BA6D8ADEF495}" = lport=3390 | protocol=6 | dir=in | app=system | "{CBEFE5DA-EDDE-4CD3-B65E-B78EFF915931}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{CC5C7EB0-5D8B-4DF8-BC25-87F2B9948ED1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D3B594B4-842A-48B7-9F65-1BE4B7B5F5D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D6E5424D-DBBD-47C4-AE45-8F84CF12A466}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D7C79722-C539-4F3D-85D0-6D912F7D72C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DC45D307-0E3E-4EED-BE36-01935B89ED7B}" = lport=10244 | protocol=6 | dir=in | app=system | "{F0F9FF11-00A4-4169-949D-E24F71CC58F4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{F16159A3-BBA0-4A43-8663-97562524F0A2}" = lport=3390 | protocol=6 | dir=in | app=system | "{F735C835-3CFD-494B-B5CB-9120FEC4D888}" = lport=10243 | protocol=6 | dir=in | app=system | "{FBB76F75-E4CE-46F6-9255-9DD0038D6B77}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{FCB92B01-D1EF-4FBF-9372-468BB4D6B882}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CBB940-F989-48F6-8C1E-A191EABDD8CB}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | "{021A4F6F-0038-4340-98FE-3653A5068023}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{02367ABD-2C9A-402C-BC67-96850EB944BB}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "{02E55F7F-49BD-47E8-B2DF-3B0C4B31051B}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | "{09575E6E-82A6-4A0A-A518-1DF873C6943D}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe | "{0AB9DDB0-CB0E-4D68-9D4C-E535857E495D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{0C98B1C7-582F-4B18-8A01-04905B097DB7}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{0CBF385A-D6BF-4223-81C2-74C2AD00545E}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | "{0DEDB192-BFE4-4B4B-A5B3-92407BA7407F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{0E2F7BCF-3C2B-49FF-9AC1-D262359CC83D}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | "{13B853B6-22D5-45FA-B833-29EB914439B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1605CDC1-AED0-47BE-97E6-59B8E66F2E4B}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{17041CF5-69EA-44A4-9361-55944F6C4302}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\dropbox\bin\dropbox.exe | "{17183E7B-A1B2-4A6A-B137-7E3D084C26C4}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | "{1B56699A-E44F-4E37-87B1-E490C7FC82CA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{1C97B409-87D1-4A16-AB80-B6F1412BC7F3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{22C330ED-2DCB-4AF2-BA44-8EE457C56B91}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2A400E37-CB3A-4A67-A4CB-C5C359B95609}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2A62E57B-3044-410B-B861-8D4BDF5FF0B9}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{2C9EC4CC-7C2E-4224-9309-519EBE460CF9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{37924BED-A411-46E7-B27B-31A18D57FBCF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{3BBCD54E-8031-47B5-8462-3AE17A9461AD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3D87CBD6-C735-4A04-8727-C7707EBD0448}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kane's wrath\retailexe\1.1\cnc3ep1.dat | "{41FD1CCF-E44D-49C1-9748-F73704191D11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{466A5363-7D6F-4482-9F1B-5F2B8E6C8335}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A0CCD6F-6975-4C4A-BC5F-B49AB7E0753F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4A796959-0ABA-49A2-A59C-1E051DC593DC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4E18708B-476B-4B87-8738-E20D53D3FC6A}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\dropbox\bin\dropbox.exe | "{56E3D0A3-60FC-4CB3-A67E-A68F597CB3CB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{5935A222-2389-46BD-AFAC-70EC1A7FF906}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | "{5A21D8F7-93C0-47D9-A023-3136477E0D6D}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{5E6F57F0-B445-4305-A225-3FC7531E60C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6522F94F-8622-49B5-869A-5CBA57B17084}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6A0B1A39-9E12-4CBA-A057-9E91F6534D2C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6AFCD639-CDCE-4DF3-B590-B561618CA1A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6C1DDB6C-C780-4B5D-92F7-D98D3898E08D}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe | "{6C56F9DB-E8FB-4750-A674-96DCDECEA72D}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{71BFABA4-FD76-4C82-91B3-A430DA49F3D8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{744E3F08-3DD6-4531-B48F-CAB7805A410E}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{753F21DA-F1D1-40C1-95EC-133222216855}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{766C9972-5B3B-4685-ACC0-4C586904DF52}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{775B6153-0213-402C-A064-12861702B545}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | "{77C5FBD1-8CAC-483C-9EB7-4B169BFFD080}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | "{785F7087-EC59-47FB-828C-3FCAFD1F169E}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{79DAB1B7-5092-4934-84B9-641EF94439F9}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | "{80E64483-E5F0-4752-99DC-9BFF4ECEECBD}" = protocol=6 | dir=in | app=c:\program files (x86)\kontiki\kservice.exe | "{86264DC4-1094-49A5-9CCB-EFCBBA197D38}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{86F8B203-B56A-4A76-9A52-9C1AC8A57AFE}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{8D5F1F83-EA38-447A-A393-B59DEC5EE232}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8DFE1B53-5D83-463F-A846-2898622BDD51}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{8EB17E3B-4A5B-4A31-B530-5D37434E6DC3}" = protocol=17 | dir=in | app=c:\program files (x86)\kontiki\kservice.exe | "{91DA049F-53FB-436F-98BC-4D6B1154F74D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{9CB6AE10-3562-4689-87C3-A9E5FB0E29F1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{9E6090BB-85C5-49E9-A531-6F9D9FF24F33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A618413A-2E9C-483F-BD35-3EBC93334CD7}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{ABDECB86-9828-4EE7-9B7B-8949FD735383}" = protocol=6 | dir=out | app=system | "{AD1D22D4-E344-4693-99BB-BA7C24663BC9}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{B1502BDB-F5B6-4C09-828E-BA0B505A49D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B3FA5519-501E-4877-9626-C80EC7E64C47}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{B6668E2D-598E-475A-87AE-4450447DDE94}" = protocol=17 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | "{B7794E01-DC57-476E-91E3-4DB35B1B908E}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B7BAC4D1-61F4-4C17-83D1-5948DEADC7D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BC1E252B-C23D-4692-BD71-00B75C6C7C2C}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{C3D6BFD6-85D9-413B-857C-C65D8F913F69}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{C8A7A273-B6D4-4142-96C2-F00B0FDFD44E}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | "{CFE4B0D4-BFB4-45F6-B515-80B756BC21F9}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | "{D1304231-91DE-4855-8BC8-E572A28DD1B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D4C51E4D-168E-4BFF-8484-6889508CCCF1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{D9AA7ED4-DCC6-4AD8-9B7B-46F235C56049}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DB0672F4-77F1-4957-A3E5-A0E42B6987FF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{DBCFBAD7-F3AC-43A5-8830-6D980FBB9B3C}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{DD4A01B8-60D6-43EF-B3BD-0556BC716B12}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | "{DF221444-F9F9-4B63-87E4-BD9B3222F587}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{E158BE96-489F-41A0-A33C-6CDEF9EF97BA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{E16895FE-1CF7-481D-85F5-B15A579BB0B7}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | "{E80B2C95-C017-4C42-9223-26969FDD7B75}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{EA082D3C-1E97-40F0-B804-4F3EC827481D}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe | "{EA663305-1723-4FE0-8A58-C6EE136500C5}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{F5122D6B-A96E-4CD1-91AC-4E3810C73994}" = protocol=6 | dir=in | app=c:\users\gill\appdata\roaming\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | "{FB8C00EB-6CDF-4501-B148-3F69C8F999CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FCCA756F-86AA-4CE4-8B8D-2CAED30A90D6}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{FD4B5303-1E1F-4BBE-8507-BCE444A3631E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{00DF9888-CC65-4143-ADC2-3A65E77F5B1D}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{09156CEA-8B17-4251-A1F7-BAC7CE4F4052}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "TCP Query User{0A801C87-8AE9-4769-B20E-904CA9AF2F24}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "TCP Query User{0F1B10C8-E5AB-47AD-B9A9-2BB68C0409CA}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "TCP Query User{137659F1-2767-4516-988F-947FFE69078F}C:\program files (x86)\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "TCP Query User{1BEF415A-7143-4BA5-B0D4-D98350028E95}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "TCP Query User{2034BD15-0664-499A-9575-6765100CE7CE}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game | "TCP Query User{271CCF05-4733-41B7-BDC0-F5AA57A9312B}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | "TCP Query User{31CD180E-887F-4964-ADBF-55AA347B779A}C:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat | "TCP Query User{39D921BD-DCEA-4115-990A-5A2A71126B73}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{4D7574CC-5056-4A7B-AFA2-2E64F41745F8}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{5D98EF6A-ED40-47D2-B9FF-25285E50D7CF}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "TCP Query User{64CBB57B-9E15-468C-847C-45AF2104C480}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{714CE16B-B105-4AB5-93A7-40ADBA499DE9}C:\westwood\ra2\gamemd.exe" = protocol=6 | dir=in | app=c:\westwood\ra2\gamemd.exe | "TCP Query User{770535FC-E973-4958-BDCA-A9D468E62237}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{83689605-B9D2-4648-B010-DAA834B054F5}C:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe | "TCP Query User{87BE12F1-E1DA-45D8-B9DB-6D3A87A939E1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{89ED09A5-3314-4736-BA17-F61502985CCA}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{9A8FAF4B-671E-47E0-B56C-4D892CD09A45}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "TCP Query User{AD310B80-9388-4403-930F-0C0DE57BE2F1}C:\program files (x86)\blinkx\blinkx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "TCP Query User{B1D545B6-DD48-4E91-81B3-79051BAB1AD2}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "TCP Query User{BB09174A-382C-42CA-9457-3AC942C8F81B}C:\program files (x86)\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "TCP Query User{C3855681-160F-454C-8083-203C9B1171E4}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "TCP Query User{C66C26EC-AC48-4373-B2C1-A41E22B5A7A7}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{CB077D4E-24BC-4E70-A4B0-F2A20BF731AA}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{D25583EC-C0D8-445C-82ED-7B2251E62524}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{D7FB63D1-60A8-4C8B-99F8-DF79590D2540}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "TCP Query User{DACBB89B-B888-4FD6-90A4-53706910BD59}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{DE5AC0FA-D4AA-4DCF-A1EA-BCE06F746CA9}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{E094EA4C-0713-4A39-BBBF-E047C570F7E0}C:\program files (x86)\blinkx\blinkx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "TCP Query User{E3EAD1F2-D4B0-4440-A041-F589DC95D6B7}C:\westwood\ra2\gamemd.exe" = protocol=6 | dir=in | app=c:\westwood\ra2\gamemd.exe | "UDP Query User{0D420FB6-B3A1-4E20-9BB3-EC28AC9AF817}C:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat | "UDP Query User{0FFD8987-389B-4663-B1E6-86139EDA9BD2}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "UDP Query User{103539B8-B0DD-45EC-9884-4298A83A9844}C:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sega\universe at war earth assault (demo)\uawea.exe | "UDP Query User{293781E0-8590-4EB0-B658-D356A39208CD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{2C854E25-143E-438C-BA94-FCE2C6D6F52D}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{2F2C2AF5-D97E-4E5E-AE2B-4EACE25FF916}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{3612A75C-A7C3-4C0E-98D7-F15705539279}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{3BB4E487-89B2-4922-9D92-3B86BE02D79E}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "UDP Query User{3E424C5E-3948-44C1-8D8F-C350A140B4A1}C:\program files (x86)\blinkx\blinkx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "UDP Query User{49DE1576-DE2D-4C12-A5C6-F789258D06CA}C:\program files (x86)\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "UDP Query User{595AF5C6-3188-41F0-B5CC-E810B8C392ED}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "UDP Query User{63F52BB8-1160-49C1-8498-8673A9E4905E}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "UDP Query User{67BDF871-2EAD-4E80-9778-31F50437AC38}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | "UDP Query User{681485CD-3B49-48EE-A1FB-03EC53C5B447}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game | "UDP Query User{73ADB552-896D-4D66-B81A-014EA1430DB9}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{7AB100E3-3856-43C3-ADB2-46084E91B84E}C:\westwood\ra2\gamemd.exe" = protocol=17 | dir=in | app=c:\westwood\ra2\gamemd.exe | "UDP Query User{7B7E3C0C-69AE-45AB-8BF6-FE9CA5B55327}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{7BE9CBCD-F1E7-4523-9E07-2F24D774FAD1}C:\program files (x86)\blinkx\blinkx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\blinkx\blinkx.exe | "UDP Query User{7CBB746C-CD23-4950-A03C-EE72317D4981}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.9.game | "UDP Query User{7F0088BB-454F-4E1D-9A49-139FED697626}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{86CD479A-7B58-4F6D-8DA4-8E0B66C033A5}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{8E681437-DAD8-4951-A032-F58CBE326628}C:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | "UDP Query User{972DCCCE-8028-4898-A5AB-E20D54E4D356}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{975A4BD1-B937-4452-B744-0E2E41CACF94}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{9AB1262C-9663-4366-805A-A899B3EF22C4}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{9D609BA7-CEDE-4D83-9776-7045CFF8DB77}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{BCD084DF-4405-44E7-A890-353976069CF6}C:\program files (x86)\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\defcon\defcon.exe | "UDP Query User{E2E8A752-6511-47CC-B555-B36039E46860}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.0.game | "UDP Query User{E55DF367-56B9-4898-BF74-AECAB77C32BB}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | "UDP Query User{F02F62D1-4B97-4283-8B72-CAA4210F802F}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "UDP Query User{FC69E38D-F97C-4BDD-A111-9E42158C6068}C:\westwood\ra2\gamemd.exe" = protocol=17 | dir=in | app=c:\westwood\ra2\gamemd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{4174CFCC-49C1-478B-9D83-3F7BE61CBBDF}" = 64-bit MathLink Libraries (6.0.2.1009485) "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64) "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14 "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{389E2A0A-403D-4DDC-B2FA-269D26999395}" = Universe at War Earth Assault (DEMO) "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player "{5B38B88D-1A17-42A1-A8CB-E784C0E7D242}" = BT Voyager 1055 "{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar) "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo "{BB0EB7D5-D1C7-41D1-B974-32F6596A7164}" = Mathematica Player "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet "{C1F97FD4-1BD9-45BE-A580-0174BBA8B7F5}" = Command & Conquer™ Red Alert™ 3 Beta "{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari "{CA1AB30E-8B9F-4739-A0F7-5BC1226D2BA3}" = Starship Troopers "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 "{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Any FLV Player" = Any FLV Player 1.1.3 "Ask Toolbar_is1" = Vuze Toolbar "blinkx beat" = blinkx beat "Browser Defender_is1" = Browser Defender 3.0 "CinemaForge" = CinemaForge "CloneDVD2" = CloneDVD2 "Defcon_is1" = Defcon v1.43 "doubleTwist" = doubleTwist "Download Manager" = Download Manager 2.3.6 "EADM" = EA Download Manager "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "Galactic Civilizations II" = Galactic Civilizations II "GanttProject" = GanttProject "Google Chrome" = Google Chrome "Google Updater" = Google Updater "Hamachi" = Hamachi 1.0.3.0 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HotspotShield" = Hotspot Shield 1.12 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{389E2A0A-403D-4DDC-B2FA-269D26999395}" = Universe at War Earth Assault (DEMO) "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo "InstallShield_{BB0EB7D5-D1C7-41D1-B974-32F6596A7164}" = Mathematica Player "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour "KeepV Flash Converter_is1" = KeepV Flash Converter "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB) "PFPortChecker" = PFPortChecker 1.0.30 "PokerStars" = PokerStars "Rapport_msi" = Rapport "Red Alert 2" = Command & Conquer Red Alert 2 "Registry Mechanic_is1" = Registry Mechanic 10.0 "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition "Spyware Doctor" = Spyware Doctor "StarCraft II" = StarCraft II "StuffPlug3" = StuffPlug 3 "SystemRequirementsLab" = System Requirements Lab "TuneUpMedia" = TuneUp Companion 1.5.9 "Tunngle beta_is1" = Tunngle beta "WinLiveSuite_Wave3" = Windows Live Essentials "WOLAPI" = Westwood Shared Internet Components "WonderWebWare Screen Ruler_is1" = WonderWebWare Screen Ruler 4.0 "Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete "3038469762.skyplayer.sky.com" = Sky Player Desktop "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/06/2011 15:36:27 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = Error - 12/06/2011 15:36:56 | Computer Name = Luke-PC | Source = TnglCtrl.exe | ID = 0 Description = [ Media Center Events ] Error - 16/04/2008 07:59:16 | Computer Name = Luke-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 17/04/2008 14:30:20 | Computer Name = Luke-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 25/05/2008 15:37:59 | Computer Name = Luke-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 21/06/2008 14:57:05 | Computer Name = Luke-PC | Source = Mcx2Dvcs | ID = 401 Description = Error - 26/06/2008 17:41:42 | Computer Name = Luke-PC | Source = McrMgr | ID = 109 Description = [ OSession Events ] Error - 21/04/2008 18:43:59 | Computer Name = Luke-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11336728 seconds with 4140 seconds of active time. This session ended with a crash. [ System Events ] Error - 13/06/2011 19:06:47 | Computer Name = Luke-PC | Source = bowser | ID = 8003 Description = Error - 14/06/2011 07:33:44 | Computer Name = Luke-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\drivers\klmc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 14/06/2011 07:33:44 | Computer Name = Luke-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\drivers\klif.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 14/06/2011 07:33:53 | Computer Name = Luke-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 00:52:55 on 14/06/2011 was unexpected. Error - 14/06/2011 07:33:55 | Computer Name = Luke-PC | Source = HTTP | ID = 15016 Description = Error - 14/06/2011 07:34:21 | Computer Name = Luke-PC | Source = Service Control Manager | ID = 7003 Description = Error - 14/06/2011 07:34:21 | Computer Name = Luke-PC | Source = Service Control Manager | ID = 7000 Description = Error - 14/06/2011 07:34:37 | Computer Name = Luke-PC | Source = Service Control Manager | ID = 7026 Description = Error - 14/06/2011 07:36:49 | Computer Name = Luke-PC | Source = ipnathlp | ID = 31004 Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. Error - 14/06/2011 07:41:57 | Computer Name = Luke-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = < End of report > Thanks again, Luke. Quote
ExTS Admin Starbuck Posted June 14, 2011 ExTS Admin Posted June 14, 2011 Hi ljordan Thanks for the OTL reports, they do suggest a little work. P2P Warning Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Vuze, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme. Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use. When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections. You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation. If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you. I see there is still traces of Kaspersky security on the system. The error reports also show problems with this, we'll remove the leftover items along with a few other registry entries. Step 1 Recommendation. As you have Pc Tools security, Rapport and Windows Defender.... Spybot Search & Destroy is not needed. ( it may even conflict) Most 'Helpers' don't even recommend it any more. I suggest you uninstall it. You have the Ask toolbar installed: (installed under the name of Vuze Toolbar) Please read this and decide if you want to uninstall it. http://www.benedelman.org/spyware/ask-toolbars/ Step 2 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl DRV - (Klmc) -- C:\Windows\SysWOW64\drivers\klmc.sys (Kaspersky Lab) DRV - (Klif) -- C:\Windows\SysWOW64\drivers\klif.sys (Kaspersky Labs) DRV - (Klin) -- C:\Windows\System32\drivers\klin.sys (Kaspersky Labs) DRV - (Klick) -- C:\Windows\System32\drivers\klick.sys (Kaspersky Labs) [2011/05/04 13:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions File not found (No name found) -- O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/Driver...aSmartScan.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (Reg Error: Key error.) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Reg Error: Key error.) O33 - MountPoints2\{549fe2b5-9230-11e0-a913-0011f57695d8}\Shell - "" = AutoRun O33 - MountPoints2\{549fe2b5-9230-11e0-a913-0011f57695d8}\Shell\AutoRun\command - "" = E:\autorun.exe -- [1999/02/03 03:02:00 | 000,167,936 | R--- | M] (Indigo Rose Corporation) [2011/06/07 11:36:45 | 000,000,000 | ---- | C] () -- C:\Users\Gill\AppData\Local\{8D906D26-82F1-4618-960A-0B6BBCD6D0D6} [2011/06/03 23:09:34 | 000,000,000 | ---- | C] () -- C:\Users\Gill\AppData\Local\{854C6583-12DC-4602-92A6-A88B259211DB} @Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D1B5B4F1 :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 3 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 6 Update 26 and save it to your desktop. Scroll down to where it says "Java SE 6 Update 26". Click the "Download JRE" button to the right. Accept the license agreement. select 'Windows x64'offline (for a 64 bit system) from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. . Java 6 Update 14 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 . Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u26-windows-i586-p.exe to install the newest version. In your next reply, please submit: Otl fix report and let me know if there's been any improvement in the system. Thanks. Quote Member of:UNITE
ljordan Posted June 15, 2011 Author Posted June 15, 2011 My computer has taken a turn for the worse. Since my last post Ive been attempting to fix Windows installer by installing the 4.5 update, I don't know what I've done but now I'm unable to boot my computer at all. Doing so results in it loading a black screen in which I can only use the cursor and nothing else. Computer won't boot in safe mode and I'm unable to choose a last known config option. Sadly I won't be able to access the Vista disk until next week so I'm at a loss as what to do. I'm thus unable to attempt any of the suggestions above due to this problem. Quote
ljordan Posted June 15, 2011 Author Posted June 15, 2011 Oh I also typed some things into the run box on the recommendation of others. Not sure of everything I typed, but definitely MSIExec.exe and some other things like it. Quite a frustrating experience so far. Any help you can lend is appreciated. Quote
ExTS Admin Starbuck Posted June 15, 2011 ExTS Admin Posted June 15, 2011 Hi ljordan I also typed some things into the run box on the recommendation of others. Not sure of everything I typed, but definitely MSIExec.exe and some other things like it. MsiExec.exe is the executable program of the Windows Installer. What were others recommending that made you type something in to the run box? if you just typed MsiExec.exe, it would have just tried to run the installer... it wouldn't have caused any problem. Unless you added something else in as well as that? Quote Member of:UNITE
ljordan Posted June 15, 2011 Author Posted June 15, 2011 I think I typed in net start MSIServer and then possibly msexec /reserver. I just reseated everything too on the recommendation of a friend and no improvement has been made. It seems odd that the last known config option isn't available on the boot menu. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.