Starbuck Posted June 15, 2012 Posted June 15, 2012 It sure is taking it's sweet time. Yes a full scan does take quite a long time. From now on you should really only need to run a quick scan.... which a lot less time. But you were correct in running a full scan to start with. Post both OTL reports whenever you get them. Quote Member of:UNITE
Shvensk Posted June 15, 2012 Author Posted June 15, 2012 Good, finally done. The reports are too long to fit in one reply so here's the first. <=====OTL.Txt=====> OTL logfile created on: 6/15/2012 7:40:01 PM - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Henrik Lindholm\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 79.08% Memory free 15.96 Gb Paging File | 13.13 Gb Available in Paging File | 82.24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 227.23 Gb Total Space | 124.04 Gb Free Space | 54.59% Space Free | Partition Type: NTFS Computer Name: TORCHWOOD-PC | User Name: Henrik Lindholm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Henrik Lindholm\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) PRC - C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe () PRC - C:\Program Files (x86)\AlienRespawn\SftService.exe (SoftThinks SAS) PRC - C:\Program Files (x86)\AlienRespawn\Toaster.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Vuze\Azureus.exe (Vuze Inc.) PRC - C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe (Alienware) PRC - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation) PRC - C:\Program Files\Alienware\Command Center\AlienFusionController.exe () PRC - C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision ) PRC - C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe (Sensible Vision ) PRC - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe (Sensible Vision ) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Program Files (x86)\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll () MOD - C:\Program Files (x86)\Vuze\plugins\azitunes\libProcessAccess.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.53.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.53.0__bebb3c8816410241\AlienwareAlienFXTools.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.53.0__bebb3c8816410241\AlienLabsTools.dll () MOD - C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.53.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.53.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.53.0__bebb3c8816410241\AlienFX.Communication.XPS.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.53.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.53.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.53.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.53.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.53.0__bebb3c8816410241\AlienFX.Communication.Core.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.53.0__bebb3c8816410241\AlienFX.Communication.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Users\Henrik Lindholm\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll () MOD - C:\Program Files (x86)\Iminent\System.Data.SQLite.dll () MOD - C:\Program Files (x86)\Iminent\Iminent.Workflow.dll () MOD - C:\Program Files (x86)\Iminent\Iminent.Windows.dll () MOD - C:\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll () MOD - C:\Program Files (x86)\Iminent\Iminent.Services.dll () MOD - C:\Program Files (x86)\Iminent\Iminent.Booster.UI.dll () MOD - C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe () MOD - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () MOD - C:\Program Files (x86)\Vuze\aereg.dll () MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll () MOD - C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll () MOD - C:\Program Files\Alienware\Command Center\AlienFusionController.exe () MOD - C:\Windows\SysWOW64\FAIEExtension.dll () MOD - C:\Windows\SysWOW64\FAib.dll () MOD - C:\Windows\SysWOW64\FACrashRpt.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV:64bit: - (AlienFusionService) -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Alienware) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (FAService) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe (Sensible Vision ) SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (SftService) -- C:\Program Files (x86)\AlienRespawn\SftService.exe (SoftThinks SAS) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys () DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (EMSC) -- C:\Windows\SysNative\drivers\EMSC.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (FACAP) -- C:\Windows\SysNative\drivers\facap.sys (Sensible Vision ) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (EMSC) -- C:\Windows\SysWOW64\drivers\EMSC.sys (Windows ® Win 7 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [string data over 1000 bytes] IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms} IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 19:34:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 19:34:54 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Iminent (Enabled) = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\npIminent.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Java Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Privacy SafeGuard = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\ CHR - Extension: Iminent = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\ CHR - Extension: Gmail = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found. O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found. O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found. O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision ) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation) O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FAStartup] File not found O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision ) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [iminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [integrated Webcam Live! Central] C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF6957B-66E4-4A9C-AF41-7B491B64CBC9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF6957B-66E4-4A9C-AF41-7B491B64CBC9}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAF5E964-6261-4D67-A780-29E52408DAC9}: NameServer = 8.26.56.26,156.154.70.22 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/06/15 14:10:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Henrik Lindholm\Desktop\OTL.scr [2012/06/15 14:09:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012/06/15 14:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/06/15 14:09:11 | 000,000,000 | ---D | C] -- C:\171c49e6eadbdf09a90c97d76332f6ea [2012/06/15 01:29:48 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012/06/15 01:29:48 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012/06/15 01:29:48 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012/06/15 01:24:06 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/06/15 01:24:05 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/06/15 01:24:05 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/06/15 01:23:45 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012/06/15 01:22:33 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012/06/15 01:22:33 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012/06/15 01:19:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/06/15 01:19:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/06/15 01:19:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/06/15 01:19:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/06/15 01:19:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/06/15 01:19:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/06/15 01:19:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/06/15 01:19:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/06/15 01:19:40 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/06/15 01:19:40 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/06/15 01:19:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/06/15 01:19:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/06/15 01:19:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/06/15 00:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software [2012/06/13 22:00:36 | 000,000,000 | ---D | C] -- C:\FRST [2012/06/12 12:03:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/06/12 11:45:13 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Roaming\Malwarebytes [2012/06/12 11:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/08 16:20:44 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\LogMeIn Hamachi [2012/06/08 16:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012/06/08 16:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012/06/07 18:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/06/05 05:18:39 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\ElevatedDiagnostics [2012/06/04 22:55:49 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\LoL_Skin_Installer [2012/06/03 08:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2012/05/30 15:22:01 | 000,000,000 | ---D | C] -- C:\dell [2012/05/28 09:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012/05/27 09:26:20 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\Downloaded Installations [2012/05/27 09:26:16 | 054,359,456 | ---- | C] (Alienware Corp. ) -- C:\Users\Public\Desktop\setup.exe [2012/05/27 08:55:02 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\Desktop\Emulator Stuff [2012/05/23 16:45:28 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Roaming\LolClient2 [2012/05/23 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\Desktop\Morrowind Stuff [2012/05/18 17:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft 3 [2012/05/17 17:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/05/17 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime ========== Files - Modified Within 30 Days ========== [2012/06/15 19:46:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/15 14:10:22 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/06/15 14:10:04 | 000,662,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/15 14:10:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Henrik Lindholm\Desktop\OTL.scr [2012/06/15 14:10:04 | 000,122,242 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/15 14:10:03 | 000,796,420 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/06/15 14:07:03 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012/06/15 13:48:06 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/15 13:48:06 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/15 13:46:49 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/15 13:40:50 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/15 13:40:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/15 13:40:19 | 2133,188,607 | -HS- | M] () -- C:\hiberfil.sys [2012/06/15 03:19:10 | 000,461,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/15 01:26:11 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012/06/13 15:14:50 | 000,014,215 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Anime Stub.png [2012/06/11 14:47:31 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/06/08 16:20:27 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012/06/07 18:27:40 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\Alienware Command Center.lnk [2012/06/07 18:04:11 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/06/03 08:06:28 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012/06/03 08:06:28 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012/05/28 09:51:23 | 000,002,016 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Adobe Reader 9.lnk [2012/05/17 22:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/05/17 21:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/05/17 21:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/05/17 21:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/05/17 21:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/05/17 21:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/05/17 21:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/05/17 18:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/05/17 18:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/05/17 18:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/05/17 18:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/05/17 18:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/05/17 18:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/05/17 17:54:21 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk ========== Files Created - No Company Name ========== [2012/06/15 14:10:22 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2012/06/15 14:10:09 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/06/13 15:15:06 | 000,014,215 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Anime Stub.png [2012/06/08 16:20:27 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012/06/07 18:27:40 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\Alienware Command Center.lnk [2012/06/07 18:04:11 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/05/28 09:51:10 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012/05/28 09:51:10 | 000,002,016 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Adobe Reader 9.lnk [2012/05/27 09:26:17 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\setup.iss [2012/05/17 17:54:21 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/03/14 19:32:14 | 000,202,807 | ---- | C] () -- C:\Windows\hpoins18.dat [2012/03/14 19:32:14 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat [2012/03/11 00:30:25 | 000,005,120 | ---- | C] () -- C:\Users\Henrik Lindholm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/29 00:19:30 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012/02/09 17:22:08 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2012/02/09 17:22:08 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/02/10 12:10:51 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2012/06/11 19:22:02 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\.minecraft [2012/06/15 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Azureus [2012/02/09 22:20:27 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\IDT [2012/03/04 19:15:54 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Iminent [2012/05/09 15:14:15 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\JCreator [2012/05/02 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\LolClient [2012/05/23 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\LolClient2 [2012/02/25 21:13:55 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\MoreTerra [2012/02/18 15:04:28 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\PCDr [2012/02/24 01:26:58 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\RotMG.Production [2012/06/15 01:26:11 | 000,000,536 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012/05/23 16:39:23 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/06/15 14:07:03 | 000,000,478 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/06/03 08:05:33 | 000,050,989 | ---- | M] () -- C:\aaw7boot.log [2012/06/15 13:40:19 | 2133,188,607 | -HS- | M] () -- C:\hiberfil.sys [2012/02/02 22:04:20 | 000,028,219 | RH-- | M] () -- C:\mfg.sdr [2012/06/15 13:40:23 | 4275,908,607 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/02/02 21:54:07 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/02/02 21:54:07 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/02/02 21:54:07 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/02/02 21:54:07 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/02/02 21:54:07 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/02/02 21:54:07 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) < End of report > Quote
Shvensk Posted June 15, 2012 Author Posted June 15, 2012 And here's the second: <=====Extras.Txt=====> OTL Extras logfile created on: 6/15/2012 7:40:01 PM - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Henrik Lindholm\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 79.08% Memory free 15.96 Gb Paging File | 13.13 Gb Available in Paging File | 82.24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 227.23 Gb Total Space | 124.04 Gb Free Space | 54.59% Space Free | Partition Type: NTFS Computer Name: TORCHWOOD-PC | User Name: Henrik Lindholm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15CC83F6-CAFD-4D75-8B05-06EDB1CFC00F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{20C97085-B3D0-4BAD-B258-599B786FFC86}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{265B9590-A9EF-4C74-80B5-F81938FE5AB3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3ECB41DC-62B9-4649-B145-575FCE71CF19}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{42973869-3D7F-4CC9-90B3-BA75961CDAF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4DBC7EED-F2B4-4CB3-B3DC-6C813E8982B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6AB688DA-3F35-48C8-93D6-6E78887E1429}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{932504A9-1E45-4C99-9118-0F2798287171}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D9E4F625-0222-4476-9FC6-371E70718498}" = rport=10243 | protocol=6 | dir=out | app=system | "{E1448CBD-95EC-4D7D-B1D1-49CDA3F27BE3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{F13EB567-8936-4718-8DE8-ED29BE05FB88}" = lport=10243 | protocol=6 | dir=in | app=system | "{F972AE95-3A1A-4670-9B46-6592BBB3DC56}" = lport=2869 | protocol=6 | dir=in | app=system | "{FDC6EEDE-A289-46F7-BADF-EA764D8DBB28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00CDD15B-82AB-4EE3-9980-BB8969FA64CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{01D88D64-34F6-49C3-83E3-A4501B61B33A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{040A2E44-FAE0-4D5C-8468-5F17E2322149}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{07923936-885F-44D1-A605-B48D3843E2FB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{093842CC-77D0-40A4-BAA6-E7B881BCB863}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | "{0A807B8D-8A30-48A4-B140-A016E276D13C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\diprip warm up\hl2.exe | "{11942C3F-767E-40F8-B2C0-EEB242DA08BD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{13825BF4-B65F-4814-B0C4-F4BBD55D4826}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1870C9DA-2853-4957-B852-CE61EF181EFD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{1C2028F8-ECE2-4339-A793-F92B5261A841}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\dystopia\hl2.exe | "{1D2934EE-FF89-4720-8D3E-98C0A0DAF816}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{1DE0F840-04BE-4348-BCB7-9BA84ACE237E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{1F578454-2DCA-4F5A-B307-6D44E02D95F3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{244964DE-A524-4F5B-BD18-E46B20FC30F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | "{26DB5010-CAD8-46C5-B5EA-CA8CA7C0FD70}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{28E7639B-5B74-4F22-92D7-4E980EF26E48}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{2B6BAD67-3C2D-495B-B6A7-C62A045835BE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{2C317C1E-7C55-4626-909E-C829525C5213}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{34425503-1A4C-488E-AB3F-35298CCA8723}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{37C9A436-7344-40B3-AC58-FD60F2F69A52}" = protocol=58 | dir=in | app=system | "{3C71FA43-97DB-43AE-BFDF-A8804B119166}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{3CF16458-318B-489D-B773-51281F6C20CB}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{3E4B198A-863F-4A3C-B315-7F48853EF81E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{3FFFEF9B-45BB-4AB6-8545-BE9972A7B36E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{41C37824-FE10-4777-B2F8-8EB8839D9AE4}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | "{43EC1BC9-05E8-45C2-8A7E-07CD9F293FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\team fortress 2\hl2.exe | "{44C07C4D-0504-4947-A340-D63D7B7DE2DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\pirates, vikings, and knights ii\hl2.exe | "{494E5DC4-1ACE-4D94-A58B-A8AC4D40E700}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\diprip warm up\hl2.exe | "{4BB744BE-5817-4B28-89CE-7050F6EF452A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | "{4EC080C0-2B83-43A0-97F8-16B8738C9901}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\zombie panic! source\hl2.exe | "{5815C53F-63BD-4EAE-9213-843236357390}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | "{5ABF6EF8-409D-44EC-B8C8-ABF7C7276721}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{5D3F2B65-5B64-4048-8DD7-77338E4E5130}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{5DD0FBDB-A4A0-488C-974A-F2CDD2008115}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\age of chivalry\hl2.exe | "{5E7F2595-011D-4186-BBED-1BCA5519BA4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{633D8960-5AA6-47F4-BAD2-C67665E80D3B}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{687BFBC6-8DF6-46F2-B2A3-AD995DAB4B2D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{6C2A581E-D61F-4E60-9BE0-2B61B33883BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{76002D5A-8E6E-4AF8-B760-4D42DBD19513}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{770A9E19-8E2F-4707-999E-779CB141490F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{78A03AFA-3939-4D49-9F4E-78637922492C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{7BB2B578-36AE-44BD-9A51-4475DECADA38}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\team fortress 2\hl2.exe | "{81BBEACE-8E44-4A76-90DD-A88112D8F4C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\pirates, vikings, and knights ii\hl2.exe | "{82E553F2-EB93-46C2-A2B7-02C1099525AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{86BAC962-A3A0-439B-913C-61FA482DC288}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\garrysmod\hl2.exe | "{8D079758-9B3B-4397-B15D-C7D829F7C764}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\garrysmod\hl2.exe | "{927E9F75-E05D-4110-A056-9581DE3D1820}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{94A2A56F-5517-4BE2-8F4F-08003E9A35D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{9650E022-B612-44B5-961D-C8D2563CFABF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9EE555D3-E135-4D68-B40A-721B631B7764}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9EFACF55-F3BE-470F-BE17-FA9AC4382C60}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\dystopia\hl2.exe | "{A0156CBD-9980-485A-81AC-2098816A684E}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{A2223F4B-C88E-4F08-A353-58AE4F378917}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A50A9573-F961-478B-B4D2-2489D8768EAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | "{A54465C3-F559-430D-89DB-15B021F1A27E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{A84B1B94-5041-4970-A247-A37BDEF68BDA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{A9123940-4052-41A5-B56D-8B4DD16B19DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\age of chivalry\hl2.exe | "{ABAE2003-A4F1-4E07-A648-2BB969B43EAA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{B1D608B1-7F98-47D8-B9AF-253712AFFC10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B1F088B1-8CAD-41B7-A5D8-EFD13F4E11FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{B7145DC6-CA29-4C71-B349-23C9F02FDF5B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B9B78387-04B4-4850-9788-8FEEFDCA5CE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | "{BF39DBC3-78A1-4B3F-981A-6B57FC4A10D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | "{BF5A28D5-9B81-4F35-A1F3-D2E60F4E74CA}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{BF8644C2-0D26-47B9-8B6E-985DAA08D550}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{C084BBF9-355B-4496-9264-902909C56751}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{C252D74B-E669-4CBC-8BED-4F0623920E33}" = protocol=6 | dir=out | app=system | "{C29BF6D4-D337-4EF8-ACB2-A09654C38B9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\zombie panic! source\hl2.exe | "{C3A78452-A9ED-4F12-8EBD-2C2659447EE3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C861F421-672B-4812-8278-7A69302ECFF1}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{CD6069CD-5233-4D77-A0FE-011A0DB16209}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{D2017503-CF7A-41EA-A61B-7EDC922C4B2E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D30F1A7B-BF6C-4DC4-8838-97DD7C3F938F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{D4E6AE77-ECD9-4814-B64E-3EA7B9D2A24F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D6EDEBE4-97A2-4CE8-BBCA-DDCC2DE0BCE8}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{D9A97EFD-31E8-4946-B96C-A6E0B9F1D439}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{E46C65F4-FF03-4617-BEC4-555C59F9BA23}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E64CC383-2698-48B5-B89E-B184CC5DF4BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EA137BA3-A072-42AF-84FE-1052C1FF7B99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EBAE268A-B6A9-48E5-AE09-C6F1B2DE7F3A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EF816B80-C938-40D9-9FF3-F0F3E3EDFF7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EFB48089-69A0-4DD8-BB00-8297F1DF3C87}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F04B6394-B58F-4487-B6C8-E2051A1B106A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F269546D-B0F5-4EAA-BE82-36537930FF00}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{F38EAFB4-302F-4FC6-946E-8ECF03DD3A0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FADBC08D-5986-4A80-86A9-69F127F3063A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{FD6A3F2F-3211-4A01-A70F-844C6EAC7739}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "TCP Query User{5171A5F6-03A2-4A21-918B-DDE1B546B9AA}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | "TCP Query User{57A7868C-BE78-4153-99F2-2BB05A04D95A}C:\program files (x86)\steam\steamapps\shvensk\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\team fortress 2\hl2.exe | "TCP Query User{57FB8050-025A-4E52-B646-C8F253D35EC0}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | "TCP Query User{7283CA54-A430-48DB-A860-9E03629DDA6F}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{BA1C01EC-E5FB-40EF-A8C6-8A9DE6B2B215}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "TCP Query User{CE80B425-62E5-462E-9791-27D27D02A911}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | "TCP Query User{F14AE821-7871-4193-8ED0-54512B769C38}E:\warcraft 3\war3.exe" = protocol=6 | dir=in | app=e:\warcraft 3\war3.exe | "TCP Query User{F42D7E12-D2C3-4335-A69F-1F2AEEC74C33}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{19AABE17-15AF-4965-AF77-92E13969D2D2}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | "UDP Query User{3C1D98A8-1C40-4DB2-A907-DC763984F216}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | "UDP Query User{3E602357-7CAE-44CF-9F54-7991336B3A55}C:\program files (x86)\steam\steamapps\shvensk\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\shvensk\team fortress 2\hl2.exe | "UDP Query User{40204A2A-811D-4E8E-9653-108B615175F7}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{4B45409C-DC3A-4311-91B3-6BA121C99D26}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "UDP Query User{AADCD20F-F8D0-477D-8BBC-863297AA7F7C}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{BCCD35F6-1AA7-4503-9EBD-48A3EBE2A212}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | "UDP Query User{FC04DCC0-A6FB-424F-9892-E134806537DB}E:\warcraft 3\war3.exe" = protocol=17 | dir=in | app=e:\warcraft 3\war3.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = AlienAutopsy "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A "{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel® PROSet/Wireless WiFi Software "{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java 7 Update 1 (64-bit) "{3159717A-8387-426C-96C4-D7B92EDA819A}" = Command Center "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{A140A094-942E-4F76-B8F4-850EC146170F}" = Alienware M17x Manual "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 269.03 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 269.03 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 269.03 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.0 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "AlienAutopsy" = AlienAutopsy "CCleaner" = CCleaner "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "ProInst" = Intel PROSet Wireless "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.11 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java 7 Update 3 "{26AFAD40-2FF3-4C75-8903-8D403822C289}" = NVIDIA PhysX "{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4037A2B9-A976-4538-8B08-A0D95B637F35}" = C5100 "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4BD8E034-E0F4-4509-A753-467A8E854CD8}" = Iminent "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0 "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help "{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}" = Banctec Service Agreement "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC "8461-7759-5462-8226" = Vuze "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Advanced Audio FX Engine" = Advanced Audio FX Engine "Google Chrome" = Google Chrome "Guild Wars" = Guild Wars "InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display "InstallShield_{3159717A-8387-426C-96C4-D7B92EDA819A}" = Command Center "InstallShield_{A140A094-942E-4F76-B8F4-850EC146170F}" = Alienware M17x Manual "Integrated Webcam Live! Central" = Integrated Webcam Live! Central "LogMeIn Hamachi" = LogMeIn Hamachi "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Student 2010 "StarCraft II" = StarCraft II "Steam App 105600" = Terraria "Steam App 200210" = Realm of the Mad God "Steam App 400" = Portal "Steam App 4000" = Garry's Mod "Steam App 440" = Team Fortress 2 "Steam App 630" = Alien Swarm "Steam App 99900" = Spiral Knights "Vuze_Remote Toolbar" = Vuze Remote Toolbar "WinRAR archiver" = WinRAR 4.11 (32-bit) "Yahoo! Companion" = Yahoo! Toolbar ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/8/2012 11:10:40 AM | Computer Name = Torchwood-PC | Source = WinMgmt | ID = 10 Description = Error - 6/8/2012 2:33:10 PM | Computer Name = Torchwood-PC | Source = WinMgmt | ID = 10 Description = Error - 6/9/2012 10:29:17 AM | Computer Name = Torchwood-PC | Source = WinMgmt | ID = 10 Description = Error - 6/9/2012 11:35:48 AM | Computer Name = Torchwood-PC | Source = WinMgmt | ID = 10 Description = Error - 6/9/2012 12:43:14 PM | Computer Name = Torchwood-PC | Source = WinMgmt | ID = 10 Description = Error - 6/9/2012 6:54:58 PM | Computer Name = Torchwood-PC | Source = WinMgmt | ID = 10 Description = Error - 6/9/2012 6:56:39 PM | Computer Name = Torchwood-PC | Source = WinMgmt | ID = 10 Description = Error - 6/10/2012 12:21:19 AM | Computer Name = Torchwood-PC | Source = WinMgmt | ID = 10 Description = Error - 6/10/2012 12:23:07 AM | Computer Name = Torchwood-PC | Source = WinMgmt | ID = 10 Description = Error - 6/10/2012 12:01:04 PM | Computer Name = Torchwood-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 5/20/2012 3:00:36 PM | Computer Name = Torchwood-PC | Source = bowser | ID = 8003 Description = Error - 5/21/2012 5:31:20 AM | Computer Name = Torchwood-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 5/21/2012 5:31:50 AM | Computer Name = Torchwood-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 5/21/2012 4:53:32 PM | Computer Name = Torchwood-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 5/21/2012 4:54:02 PM | Computer Name = Torchwood-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 5/22/2012 5:11:30 AM | Computer Name = Torchwood-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 5/22/2012 5:12:00 AM | Computer Name = Torchwood-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 5/22/2012 3:08:16 PM | Computer Name = Torchwood-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 5/23/2012 6:09:35 AM | Computer Name = Torchwood-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. Error - 5/23/2012 6:10:05 AM | Computer Name = Torchwood-PC | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. < End of report > Quote
Starbuck Posted June 16, 2012 Posted June 16, 2012 Hi Shvensk We'll do a general cleanup to start with, but there are startup entries that don't really need to be run at startup. If the general clean up doesn't sort the slowness, we may have to look at your startup entries. P2P Warning Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent, Vuze etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme. Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use. When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections. You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation. If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you. To be honest, this is very typical of 'Gamers'..... and is not good practise. Step 1 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found O2:64bit: - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found. O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found. O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [FAStartup] File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. [2012/06/03 08:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 7 Update 5 and save it to your desktop. Scroll down to where it says "Java SE 7 Update 5". Click the "Download JRE" button to the right. Accept the license agreement. select ''Windows x64' from the Platform down arrow. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-7u5-windows-i586-p.exe to install the newest version. Step 3 I'd like you to do an ESET OnlineScan 64Bit users, please see note at the bottom. You may find it beneficial to close your resident AV program before running the scan. It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: As you are running a 64bit system: The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu. In your next reply, please submit: Otl fix report Eset scan report Thanks Quote Member of:UNITE
Shvensk Posted June 16, 2012 Author Posted June 16, 2012 (edited) Step 1 Complete: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FAStartup deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully! 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\WDBF folder moved successfully. C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\Staging folder moved successfully. C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\LKGD folder moved successfully. C:\Program Files (x86)\Ad-Aware Antivirus\Definitions folder moved successfully. C:\Program Files (x86)\Ad-Aware Antivirus folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Henrik Lindholm\Desktop\OTL Stuff\cmd.bat deleted successfully. C:\Users\Henrik Lindholm\Desktop\OTL Stuff\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Henrik Lindholm ->Temp folder emptied: 582793 bytes ->Temporary Internet Files folder emptied: 5101791 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 102216526 bytes ->Flash cache emptied: 812 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 47813894 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 183711 bytes RecycleBin emptied: 18990 bytes Total Files Cleaned = 149.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.48.0 log created on 06162012_174432 Files\Folders moved on Reboot... C:\Users\Henrik Lindholm\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Regarding Step #2: Would JavaFX 2.0.3 be uninstalled? Edited June 16, 2012 by Shvensk Quote
Starbuck Posted June 17, 2012 Posted June 17, 2012 Would JavaFX 2.0.3 be uninstalled? You can leave that entry if you actually use it. Most people won't need it though. So entirely up to you. Quote Member of:UNITE
Shvensk Posted June 17, 2012 Author Posted June 17, 2012 And here's the log.txt for the ESET Scan: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=ef12257446f30244acbfe30496ea778d # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-17 11:50:49 # local_time=2012-06-17 05:50:49 (-0700, Mountain Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 0 91442658 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=179692 # found=1 # cleaned=1 # scan_time=34641 C:\Users\Henrik Lindholm\Downloads\movie_player_1280.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Quote
Starbuck Posted June 17, 2012 Posted June 17, 2012 How is the system running now? Any faster? Quote Member of:UNITE
Shvensk Posted June 17, 2012 Author Posted June 17, 2012 (edited) Possibly, but it still isn't going as fast as it was before all the problems arose. EDIT: I just changed to Full Performance (forgot about that), and it seems close to as fast as it used to be. I'll report back once I test it out a little. Edited June 17, 2012 by Shvensk Quote
Starbuck Posted June 17, 2012 Posted June 17, 2012 Ok, thanks for the update. Let me know once you've had time to test everything. Quote Member of:UNITE
Shvensk Posted June 18, 2012 Author Posted June 18, 2012 Ok, I think I've got a general idea of how it's running now. I'd say that it's running at about 70%+ speed, which is still really good. However, if I were to watch a video on Youtube, I notice that at some points the video would slow down. Unlike normal (when it needs to buffer), the actual video starts playing at around half speed. It gets really annoying if it pops up in music videos or the like. So yeah, while it's quite good, there are still some hiccups. Quote
KenB Posted June 18, 2012 Posted June 18, 2012 What speed are you getting from your connection? http://www.zdnet.co.uk/broadband-speedtest/ Take an average of 3 checks Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Shvensk Posted June 18, 2012 Author Posted June 18, 2012 Check 1: 16435 Check 2:18617 Check 3:18024 Quote
Starbuck Posted June 18, 2012 Posted June 18, 2012 The entries below aren't really needed to run at startup. They can be started manually if needed. O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () O4 - HKLM..\Run: [iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [iminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) Try this: Click Start >> Run and type in msconfig Then click OK. On the next screen click the Startup tab. Untick those entries above, then click Apply...Ok You will need to reboot the system for the changes to be made. Now see if there's any improvement in the system. If the system does run a lot better, go back and tick the entries one by one ( with a reboot between each) and see which ones make a difference to the running of your system. This will help to identify any startup program that may be causing a lag on your system. If there is no difference, you can just tick all the entries again and continue as you were. Quote Member of:UNITE
Shvensk Posted June 18, 2012 Author Posted June 18, 2012 Darn, I unticked all the entries that you suggested to untick, but I don't see any difference (I did reboot). Quote
Starbuck Posted June 19, 2012 Posted June 19, 2012 Your internet speed seems ok to me. There's no malware showing in the reports. We've stopped the unnecessary startup items. ????? I'll have to go back through the reports to see if there's any possible software conflict anywhere. At least we've got you up and running again while we look into this. Quote Member of:UNITE
Plastic Nev Posted June 22, 2012 Posted June 22, 2012 Hi, until Starbuck gets chance to look through again, I notice in one report there is some removable memory connected? I assume that is either a flash card or pen drive, and is the drive you used to run the first recovery program, is it still connected? if so remove it for now and check if doing so improves things. (Don't forget to use the safely remove hardware system, right click on the drive and select "Eject") Also, once Starbuck has reported back, and only after that, I now think there may be a memory problem in the main RAM, again that shows in the reports as being 8GB, how is that arranged, is it four modules of 2GB or some other arrangement? To rule out if there is a problem, it will mean taking all modules or sticks out, clean all contacts with a pencil eraser, then just put one stick back and run the machine. It will be slow, but if no instability, take that one back out, then try another until all sticks have been tried one at a time, hopefully, if a damaged one is present it will show up straight away. Please wait till Starbuck gives us an answer though before proceeding with that. Nev. Quote Need help with your computer problems? Then why not join Free PC Help. Register here. If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. -------------------------------------------------------------------- I have installed Windows, now how do I install the curtains? 😄
Starbuck Posted June 22, 2012 Posted June 22, 2012 After looking back through the reports i can't see any possible conflicts. There is another program we can run, but let's try Nev's theory out first. At least we'll know if it is a Ram problem then before continuing. Quote Member of:UNITE
Shvensk Posted June 22, 2012 Author Posted June 22, 2012 Just wondering. Is it possible to do that with a laptop? Quote
Plastic Nev Posted June 24, 2012 Posted June 24, 2012 Hi, till now I hadn't realised this was a laptop machine, my bad and should have looked a bit closer at the logs, there are clues there I missed. OK so there should be a small plate underneath, quite often with a chip logo either stamped or moulded into the cover surface, if the RAM is of the removable type it usually slides out. (Power off and battery removed for safety) can you tell us what make and model the laptop is and we can research into how or what needs to be done to access the RAM. Nev. Quote Need help with your computer problems? Then why not join Free PC Help. Register here. If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. -------------------------------------------------------------------- I have installed Windows, now how do I install the curtains? 😄
Shvensk Posted June 24, 2012 Author Posted June 24, 2012 My computer is an Dell Alienware M17x. Quote
Plastic Nev Posted June 24, 2012 Posted June 24, 2012 Hi and thanks for that, yours having 8GB of RAM it looks like there are two 4GB sticks, there is a description of how to access them in this downloadable manual here= [url=http://support.dell.com/support/edocs/systems/M17x/en/mm/mm_en.pdf][/url]http://support.dell.com/support/edocs/systems/M17x/en/mm/mm_en.pdf Give it time to download all of the manual as some other parts of it may be useful to you at some other time, just click the up down keys to change pages. The link goes to page 32, the start of the removal and upgrade sections. Scroll down each page till you get to the one titled "Upgrading/Replacing Memory" you will see from that where the cover is, that it is held on with two small screws and instructions how to remove the two sticks. I suggest removing one, then swapping with the other and run up with just one in at a time. There may be some slowness with one stick in but if there is a fault on one it will possibly be even slower or refuse to run at all. Do please take note of the safety instructions at the start of the section before removing the cover, and disconnect the mains powered supply and the battery, plus any other connections such as ethernet cables or other connections. Nev. Quote Need help with your computer problems? Then why not join Free PC Help. Register here. If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. -------------------------------------------------------------------- I have installed Windows, now how do I install the curtains? 😄
Shvensk Posted June 24, 2012 Author Posted June 24, 2012 Ok, thank you. I will try this later today and see if I can find a fault with one of the RAM sticks. Quote
Plastic Nev Posted June 24, 2012 Posted June 24, 2012 Let us know how that goes please, and if still no change we will go back to Starbuck and see if his other option can work for you. I will let him know if that is the case. Nev. Quote Need help with your computer problems? Then why not join Free PC Help. Register here. If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. -------------------------------------------------------------------- I have installed Windows, now how do I install the curtains? 😄
Shvensk Posted July 8, 2012 Author Posted July 8, 2012 I was on vacation so I didn't have much time, but I finally got down to checking the RAM. I tried using only one RAM stick, first one, then the other, and both of them let me get on and do stuff. I don't think there's a problem with the RAM. Also, I read that RAM usually goes bad over time, and I've had this PC for less than half a year. So yeah, no problem with the RAM. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.