mackay55 Posted April 16, 2013 Posted April 16, 2013 when I click on the control panel and click on programs or anything else it just freezes. I have a Packard bell ipower g5800 any help would be appreciated Quote
KenB Posted April 16, 2013 Posted April 16, 2013 Hi and welcome to ExTS Try a System Restore. Click on Start ( bottom left ) > type in .....system restore .....ENTER Follow the screen prompts and select a date just prior to the start of your problem. Files / photos / data etc will be fine. You will need to re-install software and updates that were installed after the selected date. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
mackay55 Posted April 17, 2013 Author Posted April 17, 2013 I tried but it said no restore points have been created on your computer systems drive. Quote
seedy21 Posted April 17, 2013 Posted April 17, 2013 Hi Mackay55 Maybe it would be a good idea to run a quick Virus Scan to rule out malware. Please download Malwarebytes' AntiMalware. Double click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform Full Scan, then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to. Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Plastic Nev Posted April 17, 2013 Posted April 17, 2013 Edit:- Seedy got there while I was writing, please follow his suggestions first if possible, then look at this post and let us know. Hi, sorry but a few questions, firstly, how old is the computer or when did you get it? Secondly, when did the problem start? Thirdly do you have Windows updates set to automatic, or turned off altogether. The time the problem started and the Windows updates questions may be important as Microsoft in their wisdom issued a bad update recently which caused problems on some computers that have an unknown as yet, software installed. So if the problem is recent, and within the last two weeks, let us know as near as possible the date it happened. Nev. Quote Need help with your computer problems? Then why not join Free PC Help. Register here. If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. -------------------------------------------------------------------- I have installed Windows, now how do I install the curtains? 😄
mackay55 Posted April 17, 2013 Author Posted April 17, 2013 I have had my pc for 3-4 years now the problem started like 4-6 months ago.I all so have another problem when trying to open some programs or games it don't load up but it is in the task manger in processes.i done the scan it found two things. [ATTACH=CONFIG]1006.vB5-legacyid=1910[/ATTACH] [ATTACH=CONFIG]1005.vB5-legacyid=1909[/ATTACH] Quote
KenB Posted April 18, 2013 Posted April 18, 2013 Hi [ in MBAM ] Click on Logs > open the latest ( it will open in Notepad ) > Copy this and post it here please. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
mackay55 Posted April 18, 2013 Author Posted April 18, 2013 Malwarebytes Anti-Malware (Trial) 1.75.0.1300 http://www.malwarebytes.org Database version: v2013.04.17.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 david :: DAVID-PC [administrator] Protection: Enabled 17/04/2013 22:48:33 mbam-log-2013-04-17 (22-48-33).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 505062 Time elapsed: 1 hour(s), 16 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\david\Downloads\Skype_Setup.exe (PUP.IBryte) -> Quarantined and deleted successfully. (end) Quote
KenB Posted April 18, 2013 Posted April 18, 2013 There doesn't look too much to be concerned about - I will ask one of out security experts ......just in case :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted April 18, 2013 Posted April 18, 2013 Hi mackay55 Let's take a better look, just in case. Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Thanks Quote Member of:UNITE
mackay55 Posted April 18, 2013 Author Posted April 18, 2013 OTL logfile created on: 18/04/2013 21:30:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\david\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 7.99 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 73.06% Memory free 15.98 Gb Paging File | 13.75 Gb Available in Paging File | 86.05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 689.45 Gb Total Space | 476.10 Gb Free Space | 69.06% Space Free | Partition Type: NTFS Drive D: | 689.71 Gb Total Space | 689.60 Gb Free Space | 99.98% Space Free | Partition Type: NTFS Computer Name: DAVID-PC | User Name: david | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\david\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AVG\AVG PC TuneUp\TURatingSynch.exe (AVG) PRC - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUMessages.exe (AVG) PRC - C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClickStarter.exe (AVG) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe (Symantec Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Windows\SysWOW64\runonce.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe () PRC - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) PRC - C:\OEM\USBDECTION\USBS3S4Detection.exe () PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Packard Bell\Software Suite SE\SEDevDetect.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\Program Files\ASUS Xonar DS Audio\Customapp\AsusAudioCenter.exe (CMedia) PRC - C:\Windows\SysWOW64\HsMgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe () MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll () MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll () MOD - C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll () MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll () MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll () MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll () MOD - C:\Windows\SysWOW64\HsMgr.exe () MOD - C:\Program Files (x86)\Packard Bell\Software Suite SE\sqlite3.dll () ========== Services (SafeList) ========== SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation) SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( ) SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe () SRV:64bit: - (dlec_device) -- C:\Windows\SysNative\dleccoms.exe ( ) SRV:64bit: - (Updater Service) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe () SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( ) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (USBS3S4Detection) -- C:\OEM\USBDECTION\USBS3S4Detection.exe () SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer USA Ltd) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys (Symantec Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys (Symantec Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (SaiK0728) -- C:\Windows\SysNative\drivers\SaiK0728.sys (Saitek) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130412.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130418.005\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130418.005\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130417.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ipower_g5800&r=17361210h806pe4c5v155y57n12793 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_enGB411GB411 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15528&l=dis IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\david\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\david\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\david\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\david\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/01/31 18:16:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2013/04/18 21:01:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013/02/20 18:51:42 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\david\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\david\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\david\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\david\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Update (Enabled) = C:\Users\david\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\david\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Game Face Plugin (Enabled) = C:\Users\david\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll CHR - Extension: YouTube = C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Users\david\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll () O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe () O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe () O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe () O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd) O4 - HKCU..\Run: [Desura] C:\Program Files (x86)\Desura\Desura.exe (Desura Pty Ltd) O4 - HKCU..\Run: [HP Photosmart 5520 series (NET)] C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [software Suite SE] C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe (Acer Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{637177D1-7FE5-47BB-AF90-AF3985E7F783}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\belarc - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\desura.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\desura_uninstaller.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\eprojmanager.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27:64bit: - HKLM IFEO\greg.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\desura.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\desura_uninstaller.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\eprojmanager.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\greg.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e9296d33-d2a0-11e1-a17c-4487fcab2060}\Shell - "" = AutoRun O33 - MountPoints2\{e9296d33-d2a0-11e1-a17c-4487fcab2060}\Shell\AutoRun\command - "" = F:\iLinker.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - State: "services" - Reg Error: Key error. ========== Files/Folders - Created Within 30 Days ========== [2013/04/17 22:44:37 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Roaming\Malwarebytes [2013/04/17 22:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/17 22:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/04/17 22:44:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/04/17 22:44:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/04/17 22:44:05 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\Programs [2013/04/16 00:56:48 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/04/16 00:56:48 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/04/16 00:56:48 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/04/16 00:56:48 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/04/16 00:56:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/04/16 00:56:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/04/16 00:56:48 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/04/16 00:56:48 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/04/16 00:56:48 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/04/16 00:56:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/04/16 00:56:47 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/04/16 00:56:47 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/16 00:56:47 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/04/16 00:56:47 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/04/16 00:56:47 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/04/16 00:56:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/04/16 00:56:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/04/16 00:56:47 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/04/16 00:56:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/04/16 00:56:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/04/16 00:56:47 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/04/16 00:56:46 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/04/16 00:56:46 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/04/16 00:56:46 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/04/16 00:56:46 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/04/16 00:56:46 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/04/16 00:56:46 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/04/16 00:56:46 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/04/16 00:56:46 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/16 00:56:46 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/04/16 00:56:46 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/04/16 00:56:46 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/04/16 00:56:46 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/04/16 00:56:46 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/04/16 00:56:46 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/04/16 00:56:46 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/04/16 00:56:46 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/04/16 00:56:46 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/04/16 00:56:46 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/04/16 00:56:46 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/04/16 00:56:46 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/04/16 00:56:46 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/04/16 00:56:46 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/04/16 00:56:46 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/04/16 00:56:46 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/04/16 00:56:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/04/16 00:56:46 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013/04/16 00:56:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/04/16 00:56:46 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/04/16 00:56:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/04/16 00:56:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/04/16 00:56:46 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/04/16 00:56:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/04/16 00:56:45 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/04/16 00:56:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/04/16 00:56:45 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/16 00:56:45 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/04/16 00:56:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/04/16 00:56:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/04/16 00:56:45 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/04/16 00:56:45 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/04/16 00:56:45 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/04/16 00:56:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013/04/16 00:56:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/04/16 00:56:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/04/16 00:56:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/04/16 00:56:45 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/04/16 00:56:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013/04/15 21:52:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/04/15 19:38:15 | 000,000,000 | ---D | C] -- C:\Windows\en-gb [2013/04/15 19:38:07 | 000,000,000 | ---D | C] -- C:\Windows\en [2013/04/15 19:37:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys [2013/04/15 19:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013/04/15 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013/04/14 15:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Desura [2013/04/14 14:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura [2013/04/14 14:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desura [2013/04/13 01:13:59 | 000,035,792 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe [2013/04/13 01:13:58 | 000,027,088 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll [2013/04/13 01:13:58 | 000,022,480 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll [2013/04/13 01:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp [2013/04/13 01:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013/04/13 00:49:39 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Roaming\AVG [2013/04/13 00:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2013/04/13 00:48:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013/04/13 00:48:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013/04/12 20:26:30 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Roaming\Tific [2013/04/12 20:25:24 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\Symantec [2013/04/12 18:53:15 | 000,000,000 | ---D | C] -- C:\Users\david\AppData\Local\SWTORPerf [2013/04/10 20:03:09 | 000,000,000 | ---D | C] -- C:\Users\david\Documents\Mount&Blade Warband Savegames [2013/04/10 20:02:44 | 000,000,000 | ---D | C] -- C:\Users\david\Documents\Mount&Blade Warband [2013/04/09 18:46:48 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/04/09 18:46:47 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/04/09 18:46:46 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/04/09 18:46:45 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/04/09 18:46:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/04/09 18:46:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/03/26 18:01:04 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013/03/25 23:33:35 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2013/03/25 23:33:35 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2013/03/25 23:33:35 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2013/03/25 23:33:35 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2013/03/25 23:33:35 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2013/03/25 23:33:35 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2013/03/25 23:33:34 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2013/03/25 23:33:33 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2013/03/25 23:33:33 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2013/03/25 23:33:33 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2013/03/25 23:33:33 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2013/03/25 23:33:32 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2013/03/25 23:33:32 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2013/03/25 23:33:32 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2013/03/25 23:33:30 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2013/03/25 23:33:30 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2013/03/25 23:33:30 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2013/03/25 23:33:30 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2013/03/25 23:33:30 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2013/03/25 23:33:30 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2013/03/25 23:33:29 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2013/03/25 23:33:29 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\david\Documents\*.tmp files -> C:\Users\david\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/18 21:27:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/18 21:25:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2050934482-116919376-2043438584-1000UA.job [2013/04/18 21:17:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/04/18 21:09:20 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/18 21:09:20 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/18 21:02:07 | 000,001,942 | ---- | M] () -- C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk [2013/04/18 21:01:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/18 21:01:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/18 00:24:32 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/04/18 00:24:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/04/17 22:44:32 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/17 18:40:56 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2050934482-116919376-2043438584-1000Core.job [2013/04/16 00:56:48 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013/04/16 00:56:48 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013/04/16 00:56:48 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013/04/16 00:56:48 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013/04/16 00:56:48 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013/04/16 00:56:48 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013/04/16 00:56:48 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013/04/16 00:56:48 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013/04/16 00:56:48 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/04/16 00:56:48 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/04/16 00:56:47 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/04/16 00:56:47 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/16 00:56:47 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/04/16 00:56:47 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013/04/16 00:56:47 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013/04/16 00:56:47 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013/04/16 00:56:47 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/04/16 00:56:47 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013/04/16 00:56:47 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013/04/16 00:56:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013/04/16 00:56:47 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013/04/16 00:56:46 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/04/16 00:56:46 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/04/16 00:56:46 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013/04/16 00:56:46 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013/04/16 00:56:46 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013/04/16 00:56:46 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013/04/16 00:56:46 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013/04/16 00:56:46 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/16 00:56:46 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/04/16 00:56:46 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013/04/16 00:56:46 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013/04/16 00:56:46 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013/04/16 00:56:46 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013/04/16 00:56:46 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/04/16 00:56:46 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/04/16 00:56:46 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013/04/16 00:56:46 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013/04/16 00:56:46 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013/04/16 00:56:46 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013/04/16 00:56:46 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013/04/16 00:56:46 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/04/16 00:56:46 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/04/16 00:56:46 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013/04/16 00:56:46 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013/04/16 00:56:46 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/04/16 00:56:46 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013/04/16 00:56:46 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/04/16 00:56:46 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/04/16 00:56:46 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/04/16 00:56:46 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/04/16 00:56:46 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013/04/16 00:56:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013/04/16 00:56:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013/04/16 00:56:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013/04/16 00:56:45 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/04/16 00:56:45 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/04/16 00:56:45 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/16 00:56:45 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/04/16 00:56:45 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013/04/16 00:56:45 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/04/16 00:56:45 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013/04/16 00:56:45 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013/04/16 00:56:45 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013/04/16 00:56:45 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013/04/16 00:56:45 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013/04/16 00:56:45 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013/04/16 00:56:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013/04/16 00:56:45 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013/04/16 00:56:45 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013/04/15 21:52:43 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/04/15 21:50:00 | 000,001,349 | ---- | M] () -- C:\Users\david\Desktop\PAYSLIP_BALGB0027D201301001 - Shortcut.lnk [2013/04/15 21:24:07 | 000,792,590 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/04/15 21:24:07 | 000,673,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/04/15 21:24:07 | 000,129,310 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/04/15 20:17:12 | 000,007,601 | ---- | M] () -- C:\Users\david\AppData\Local\Resmon.ResmonCfg [2013/04/14 13:41:51 | 000,000,024 | ---- | M] () -- C:\Users\david\random.dat [2013/04/14 13:32:51 | 000,000,040 | ---- | M] () -- C:\Users\david\jagex_cl_runescape_LIVE.dat [2013/04/13 10:47:50 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\Crysis Wars® Updates.job [2013/04/13 01:13:58 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk [2013/04/13 01:13:58 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2013/04/11 20:40:42 | 000,000,220 | ---- | M] () -- C:\Users\david\Desktop\Rome Total War.url [2013/04/10 19:25:38 | 000,000,221 | ---- | M] () -- C:\Users\david\Desktop\Mount & Blade Warband.url [2013/04/10 17:04:37 | 000,449,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Users\david\Documents\*.tmp files -> C:\Users\david\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/17 22:44:32 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/16 00:56:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013/04/16 00:56:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013/04/15 21:52:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/04/15 21:52:43 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/04/15 21:50:00 | 000,001,349 | ---- | C] () -- C:\Users\david\Desktop\PAYSLIP_BALGB0027D201301001 - Shortcut.lnk [2013/04/15 20:17:12 | 000,007,601 | ---- | C] () -- C:\Users\david\AppData\Local\Resmon.ResmonCfg [2013/04/15 19:38:05 | 000,001,277 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2013/04/15 19:37:57 | 000,001,346 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2013/04/15 19:37:34 | 000,002,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2013/04/13 01:13:58 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk [2013/04/13 01:13:58 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2013/04/13 01:13:41 | 000,002,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk [2013/04/11 20:40:42 | 000,000,220 | ---- | C] () -- C:\Users\david\Desktop\Rome Total War.url [2013/04/10 19:25:38 | 000,000,221 | ---- | C] () -- C:\Users\david\Desktop\Mount & Blade Warband.url [2013/02/22 20:08:49 | 000,200,704 | R--- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2013/02/22 20:08:49 | 000,000,053 | R--- | C] () -- C:\Windows\SysWow64\cmasiop.ini [2013/02/22 20:08:45 | 000,139,264 | R--- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2013/02/22 20:08:28 | 000,041,410 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2013/02/22 20:06:58 | 000,000,862 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2013/02/22 20:06:56 | 000,004,967 | R--- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2013/02/20 18:49:22 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013/02/18 20:41:24 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2012/09/07 22:32:53 | 000,000,046 | ---- | C] () -- C:\Users\david\jagex_cl_loginapplet_LIVE.dat [2012/07/12 22:15:15 | 000,000,498 | ---- | C] () -- C:\Users\david\AppData\Roaming\XP500UserMetrics.osl [2012/06/29 13:13:52 | 000,000,049 | ---- | C] () -- C:\Users\david\jagex_cl_runescape_LIVE_BETA.dat [2012/06/29 13:13:52 | 000,000,024 | ---- | C] () -- C:\Users\david\random.dat [2012/02/28 16:11:08 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLECsm.dll [2012/02/28 16:11:08 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLECsmr.dll [2011/10/26 18:09:01 | 000,000,045 | ---- | C] () -- C:\Users\david\jagex_cl_runescape_LIVE1.dat [2011/10/25 16:30:28 | 000,000,040 | ---- | C] () -- C:\Users\david\jagex_cl_runescape_LIVE.dat [2011/08/27 17:30:32 | 000,001,194 | ---- | C] () -- C:\Windows\disney.ini [2011/05/19 14:41:52 | 000,001,940 | ---- | C] () -- C:\Users\david\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/05/16 17:31:46 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll [2011/05/16 17:31:45 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll [2011/05/16 17:31:45 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll [2011/05/16 17:31:45 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll [2011/05/16 17:31:45 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll [2011/05/16 17:31:45 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll [2011/05/16 17:31:44 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll [2011/05/16 17:31:44 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll [2011/05/16 17:31:44 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll [2011/05/16 17:31:44 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll [2011/05/16 17:31:44 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll [2011/05/16 17:31:44 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll [2011/05/16 17:31:44 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll [2011/05/16 17:31:43 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll [2011/05/16 17:31:43 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll [2011/05/16 17:31:43 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe [2011/05/16 17:31:42 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll [2011/05/16 17:31:42 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll [2011/05/16 17:31:42 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe [2011/05/16 17:31:42 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe [2011/05/16 17:31:42 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll [2011/05/16 17:31:41 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll [2011/05/16 17:30:24 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\DLEAsm.dll [2011/05/16 17:30:24 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\DLEAsmr.dll [2011/04/11 15:18:27 | 000,000,024 | ---- | C] () -- C:\Users\david\jagexappletviewer.preferences [2011/03/26 20:22:49 | 000,000,093 | ---- | C] () -- C:\Users\david\AppData\Local\fusioncache.dat [2010/12/25 15:49:05 | 000,000,129 | ---- | C] () -- C:\Users\david\jagex_runescape_preferences2.dat [2010/12/25 15:48:27 | 000,000,035 | ---- | C] () -- C:\Users\david\jagex_runescape_preferences.dat ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/02/22 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\ASUS [2013/04/13 00:49:39 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\AVG [2011/05/29 21:25:16 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Electronic Arts [2013/02/18 20:09:46 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Epson [2011/08/28 19:08:26 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Gamelab [2012/02/19 00:05:21 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Mount&Blade [2012/02/26 15:29:52 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Mount&Blade Warband [2011/05/18 14:51:57 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Mount&Blade With Fire and Sword [2012/01/20 23:39:22 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\NationRed [2010/12/04 16:33:44 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\OEM [2011/12/11 14:54:56 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\RIFT [2012/11/27 20:33:47 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Sports Interactive [2012/12/09 17:07:19 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\SystemRequirementsLab [2011/08/22 12:42:44 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\The Creative Assembly [2013/04/12 20:26:30 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Tific [2011/08/26 00:27:05 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Tropico 4 Demo [2011/03/01 17:43:32 | 000,000,000 | ---D | M] -- C:\Users\david\AppData\Roaming\Unity ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010/05/11 02:14:09 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2013/04/18 21:01:35 | 4285,644,799 | -HS- | M] () -- C:\pagefile.sys [2010/12/04 16:15:58 | 000,002,246 | ---- | M] () -- C:\RHDSetup.log < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\david\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\david\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\david\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\david\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/01/26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/04/16 00:56:46 | 000,775,216 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/04/16 00:56:46 | 000,775,216 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/01/26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/01/26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/01/26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\DAVID\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/01/26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/04/16 00:56:46 | 000,051,712 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/04/16 00:56:46 | 000,051,712 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/04/16 00:56:46 | 000,051,712 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/04/16 00:56:46 | 000,775,216 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/04/16 00:56:46 | 000,775,216 | ---- | M] (Microsoft Corporation) < CREATERESTOREPOIN > [2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009/07/14 06:08:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/12/25 16:14:17 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010/12/25 16:14:17 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2010/12/26 14:27:41 | 000,000,856 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2050934482-116919376-2043438584-1000Core.job [2010/12/26 14:27:41 | 000,000,908 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2050934482-116919376-2043438584-1000UA.job [2011/03/27 02:35:08 | 000,000,294 | ---- | C] () -- C:\Windows\Tasks\Crysis Wars® Updates.job [2012/11/19 00:19:51 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < End of report > Quote
mackay55 Posted April 18, 2013 Author Posted April 18, 2013 OTL Extras logfile created on: 18/04/2013 21:50:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\david\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 7.99 Gb Total Physical Memory | 5.23 Gb Available Physical Memory | 65.40% Memory free 15.98 Gb Paging File | 12.96 Gb Available in Paging File | 81.09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 689.45 Gb Total Space | 476.10 Gb Free Space | 69.06% Space Free | Partition Type: NTFS Drive D: | 689.71 Gb Total Space | 689.60 Gb Free Space | 99.98% Space Free | Partition Type: NTFS Computer Name: DAVID-PC | User Name: david | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CF9BB0B-8DDF-4F28-AA3E-AA1C3AC7BEBF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{17C46AE2-8F4B-42E6-B852-F4CBF66B9AD4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1D3BD22D-582A-49E0-BFEB-163E893BE8D0}" = rport=10243 | protocol=6 | dir=out | app=system | "{20A1C624-E746-45BA-8B7B-E7800B1D6319}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{284F042A-A9D6-4A4C-BB4E-218D5E3E93E9}" = rport=138 | protocol=17 | dir=out | app=system | "{39D5FFC2-740F-4230-84A2-A34E7A7D1C8E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{3D0D4F59-61F5-4B13-AA2C-D52DB42E35E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3D925F0A-C436-4ABC-ABCD-9D415BE77538}" = rport=139 | protocol=6 | dir=out | app=system | "{3F12C074-6A3E-4E63-95FF-DB401F8FDA29}" = rport=137 | protocol=17 | dir=out | app=system | "{42CF5768-DE9E-4E38-AEAB-5A1F870586DB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{45E01FA8-F6D7-4509-AA3C-2F281DF64A09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{47912D4C-C4BC-4DAE-AF84-D3F520E7918F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{48EC3EF1-0846-4200-950E-8387A3EB5463}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4FAE3645-84DE-47FC-ABC8-64D866CF5F78}" = lport=10243 | protocol=6 | dir=in | app=system | "{72782090-4ED5-4241-A519-F75CE62448F8}" = lport=2869 | protocol=6 | dir=in | app=system | "{7586BBEE-DBDA-44E3-994A-A5FD42EA294C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{7A95F239-0214-4674-8404-2F690468E8F6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7CF9231E-F9CB-4730-97CB-4B9D16BFE582}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A05371AE-3A3A-4722-8083-79A82B080E08}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A2AF1380-AAF1-4123-9FD0-790E595DB4DF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AB3C8222-FE8B-4E2F-ACD2-3D2FC3D56BB9}" = lport=2869 | protocol=6 | dir=in | app=system | "{B5630E59-BC8F-4506-86FE-CF950BC82002}" = rport=445 | protocol=6 | dir=out | app=system | "{B587AD65-C1FA-4D18-8C9B-3DFEF2EF8205}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 | "{B96628EF-8E73-478A-8B45-EB762F41B5FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{C064BAA5-9F02-4A00-ADAB-227C18A812F0}" = lport=138 | protocol=17 | dir=in | app=system | "{D0068FB8-A615-4B25-9A2D-66A2B7CC9FA5}" = lport=139 | protocol=6 | dir=in | app=system | "{DCCE95A4-0121-4ED7-866D-68E5F1E91D87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DF53B8F9-E5EA-49F7-B13A-C8741152875C}" = lport=137 | protocol=17 | dir=in | app=system | "{F5F31AB3-CCBB-4FB5-9689-5EF098FF8092}" = lport=445 | protocol=6 | dir=in | app=system | "{FDCA5B82-1CFD-4ECE-BD50-CC0123A4D1D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{006C9816-3E0A-48A5-88CC-80A3BFC858FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{01D8EE86-9F54-47F3-AF16-F9D131947888}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe | "{03C7E76C-5E9F-44DB-8E19-1B770D5D5BC3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{0661C2C8-4D43-44CD-BC41-FD79BB2CF2C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0B19AF71-C105-4723-94BF-4B3F17F9523F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{0C6AF723-1BC8-4A21-9D4E-C663127DC2D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\farming simulator 2011\game.exe | "{0E9C0819-B485-40C3-BF70-99E94D5BB2FD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1235C078-F018-4E1E-A923-09E7603EA96C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | "{14CD0631-1A57-4AE0-9946-C0C5E2E03AE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\farming simulator 2011\game.exe | "{19059BE9-6737-44AB-BC91-1FF5278CE462}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{1911FE1F-CFCC-41A9-998A-36BFD6274208}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{1B8C5219-C630-44F0-BD8B-62E2D21D5A67}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1BC3FD49-4086-4387-9181-652CC39F910A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{1D91D24C-291D-4EEA-96A7-8EAB13C372F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1DD9AB00-A16F-4FB5-A2C3-3932739655BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{1DDD90C5-51ED-4CEB-8543-0550FA591BE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{1E66B353-BC01-4017-B2A2-8F0797CC4E7E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1F442343-7980-402F-A723-4B67EE4D6317}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | "{2ACD47C1-6B52-4E32-A003-9ADAE6AE88C3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{303B00FB-3FF5-4180-91EB-7D2ABE81C269}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{3757151D-1881-4AC7-83DB-4EF10EF45977}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{375D8333-8EA1-4742-AC66-ECEEC2CA28A0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{3B389FFF-0A89-4F42-ADA3-A5A77DA9D96F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | "{3FCF5FEB-685B-4BEA-BD0D-5367F94B8FC0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{465C8793-91B4-4208-9D7E-44A48B448C9A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{4B658A3D-9B83-4491-AE78-DB82362FC9BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4DEE212B-4843-486F-975C-B737094E35D1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4E7623F5-8EC3-43DC-90BB-650341208C13}" = dir=in | app=c:\windows\system32\dleacoms.exe | "{4F4A64CA-BA43-4FC0-B664-C2F4FF5B960C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{50EFE597-C629-4CF0-B996-0315F08CEEC5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{51279157-1A79-4F9C-91B2-5DAE2D818C3D}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{5C87627A-E739-4E6F-887B-8E3997394CF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{66207C27-03B8-4FDF-997C-88CE41996C68}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicator.exe | "{673900AE-1BC9-4C00-AA6D-36A89DDD035D}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{67B032B6-0CAA-4EBE-BA02-B947AD7A6825}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{7236557C-691D-40D4-9AEB-4B2218F774A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{73E5325A-5A01-421B-B335-35A0BE15A6C3}" = dir=in | app=c:\windows\system32\dleacoms.exe | "{7A1E5582-5ADC-488E-91F0-AA1B066FAE3A}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{7C297DB3-EBBA-445C-936A-D8C4FD4F4FAE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{7D5FCA79-4D9A-4FA0-9E66-3ACB97AD8221}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7DC9AB7C-F667-4200-8B68-7F012B857ED9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe | "{7ECFCDC0-D78A-4650-8FD5-F5F06FBA4FB8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{86BB593D-DB98-45A7-8780-AEEBBF7557CF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{89DC8880-7C59-48F2-A153-CBE40929758F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe | "{8DC0B4CE-2E0B-4AB1-B7DD-A472F8C6E9F7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{8FEBAF9A-9546-4828-BA07-4E680F6A3E85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe | "{8FF8C378-3162-43DE-A22E-2044E9B486F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{910E2E13-38A6-4711-B383-63A33956EBAE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{91818CD0-B5E7-49CA-8F20-1F9EC0795099}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | "{945476F7-98C5-4BDC-9450-307F3BD9FC67}" = protocol=6 | dir=out | app=system | "{97778CC8-C5E8-4CE0-92AA-CD287F1663C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe | "{9966A24C-57D0-48BB-9E94-5D66A517D26E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9B851596-E1BE-4F6B-87C3-91BA5C2AEFCC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{9D59FA21-4C4A-44DC-B8A2-BCC43737187E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{9D6373D6-432A-48DA-8767-E38BA4D741EA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{9E84AD66-FBA5-41C1-9B36-88F10078EF97}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A3044422-1E2A-4A75-BCFE-25890782561A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A36D9D10-7654-4626-B983-C7E1D54E9238}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe | "{A76C8F37-6C87-4892-8275-E2A59EFCA878}" = dir=in | app=c:\windows\system32\dleacoms.exe | "{A909DD98-BA8E-47BC-9146-EE0D0FA4DF2C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A95ECFD2-FA8F-41DC-9C17-C0E550B9AD5F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{AB14EFF1-D95B-4B7F-AEF1-E718778C6051}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{AD4C882D-9199-47F1-94B4-66A0C5BC2DC3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{B236ED9D-3AED-4C23-B547-6567045D0046}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B37266A5-0039-4F7A-8E0D-D7D66973E185}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{B4984838-8010-43EE-B546-BBBEE9E43534}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B54DD27B-927A-4691-81D7-ECEF31AC8662}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "{B6F86DF7-27D9-4C96-8CE1-75A4E9D5862E}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\devicesetup.exe | "{BA34EEB5-A163-4ACA-BD05-1F65F2D0D266}" = dir=in | app=c:\windows\system32\dleccoms.exe | "{BBA0E1E5-CD63-4C25-A34F-839941FB1A96}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{BD6C6B21-2447-4AF5-B72E-9E4070286399}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{C1368566-4433-43B8-A829-929D540C751C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{C243972F-14EE-4FAB-9897-8606B2783D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C3EEA344-E6FA-4424-9F84-C4A52D871678}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C4C50EF4-8A33-4910-87A6-54233C9CD003}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C53CB493-9C1F-46D2-8673-18E5CFFA3D44}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | "{D0D3ED28-8908-404E-B321-72114B8C8B00}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | "{D3F92FB4-F7C2-4308-93B9-C4C5A4A0DE4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{D843788D-052D-4DE4-8200-DBACE92094A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | "{DB3AF94D-4047-4465-9077-43A9C164793F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{DE599CC7-3B34-4F59-814D-E1D2BD4B932D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{DEB626DD-8BD1-436C-AE53-66BA18DE66A0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{DFD93CE6-3291-4A11-82AB-CA4BC7765445}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{DFDD87BE-B66B-462D-BBD1-7A879DE61453}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{DFE752C8-738A-4F6D-B977-82FB9428E4CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe | "{E11E4899-C49D-4A70-BB37-4C68358FAF37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E702D403-5712-442D-9634-263863025814}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe | "{EAD62FAC-0653-482A-BC7D-6EDB92382BCA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe | "{EDFADE52-EF7B-4413-962E-5F0943405149}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe | "{EF7DF460-09B8-4C5C-BF0C-B045243B3014}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | "{F0EF3341-480D-4573-BAC4-B5E9F8094A6B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{F8012FF4-5ABE-42FF-9CC0-826DCE564176}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{FA19D101-C365-4F50-B0D3-192C12707366}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{FD52E3A2-BF6E-437C-A0DE-1C16ED7CBCB1}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "{FE1DC584-49E7-430E-AC1C-9C03C57DF0E6}" = dir=in | app=c:\windows\system32\dleacoms.exe | "TCP Query User{42281FDA-194E-4777-B68D-0B7B96B27E13}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{A4AE0705-D35D-463C-B46B-5CAFD44B503F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{12E063F4-FC2E-412D-8EF2-345B85C5B8D8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{8660B3FA-6076-479C-BC2C-BA778921826B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{235FC8A2-FFDF-4F74-A829-BA20EC015EC7}" = HP Photosmart 5520 series Product Improvement Study "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{53469789-996F-4193-9FBD-A053EE298C6F}" = HP Photosmart 5520 series Basic Device Software "{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "C-Media Oxygen HD Audio Driver" = ASUS Xonar DS Audio Driver "Dell V310-V510 Series" = Dell V310-V510 Series "EPSON XP-102 103 Series" = EPSON XP-102 103 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis® "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar "{0C3B3058-F1DB-4E51-8115-AD06825EE1C5}" = Razer Naga Epic Firmware Updater "{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{294A2E0E-3A0B-4D1F-8282-11DEF2040227}" = InstallIQ Updater "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{3607FA40-1D0F-4294-B034-6054349E1613}" = Windows Live Messenger "{37F79672-76E1-11D6-B2FB-0002A5E32BEF}" = BVHE-Beauty and the Beast Magical Ballroom "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars® "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night "{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{5BF6D4DE-C915-44C4-9176-AF6D3B27052F}" = XP500 Advanced Sound Editor "{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery "{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials "{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games) "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7137E26A-10F7-4B1C-9980-0893579E92DA}" = HP Photosmart 5520 series Help "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{733C5FC0-F0C4-405B-A983-61C24CC60E39}_is1" = Photo Frame "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD® "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{88F84936-8445-438D-A5E5-E3DA61A22A30}" = Windows Live Family Safety "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8af0a855-8811-42b5-8f56-a9f856b2bf75}" = Nero 9 Essentials "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker "{8F4D359D-99E3-4158-8BD4-7F9512E67391}" = Windows Live Writer Resources "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{9971EC43-AB05-48B9-9BA2-5DBE0A42191B}" = Windows Live Writer "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F64A0D3-B0D2-4EE1-9A9D-452BD4459D09}" = Razer Naga "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F2409431-8B8C-4256-A97E-9138EBA34DC9}" = Windows Live Mail "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US) "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "ArtMoney SE_is1" = ArtMoney SE v7.38 "AVG PC TuneUp" = AVG PC TuneUp "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVSRegistryCleaner_is1" = AVS Registry Cleaner version 2.2 "Belarc Advisor" = Belarc Advisor 8.3 "Company of Heroes" = Company of Heroes "Crysis WARHEAD®" = Crysis WARHEAD® "Crysis Wars®" = Crysis Wars® "Desura" = Desura "Diablo III" = Diablo III "EADM" = EA Download Manager "EPSON Scanner" = EPSON Scan "EPSON XP-102 103 Series Useg" = User's Guide EPSON XP-102 103 Series "GoToAssist" = GoToAssist Corporate "Hotkey Utility" = Hotkey Utility "HP Photo Creations" = HP Photo Creations "Identity Card" = Identity Card "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "Intelli-studio" = SAMSUNG Intelli-studio "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "N360" = Norton 360 "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Student 2010 "OpenAL" = OpenAL "Packard Bell InfoCentre" = Packard Bell InfoCentre "Packard Bell Registration" = Packard Bell Registration "Packard Bell Screensaver" = Packard Bell ScreenSaver "Packard Bell Software Suite SE" = Packard Bell Software Suite SE "Packard Bell Welcome Center" = Welcome Center "PunkBusterSvc" = PunkBuster Services "Steam App 10500" = Empire: Total War "Steam App 20570" = Warhammer® 40,000â„¢: Dawn of War® II – Chaos Risingâ„¢ "Steam App 207890" = Football Manager 2013 "Steam App 219640" = Chivalry: Medieval Warfare "Steam App 34030" = Napoleon: Total War "Steam App 47400" = Stronghold 3 "Steam App 4760" = Rome: Total War "Steam App 48700" = Mount & Blade: Warband "Steam App 48720" = Mount & Blade: With Fire and Sword "Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™ "Steam App 8930" = Sid Meier's Civilization V "Steam App 90200" = Farming Simulator 2011 "WildTangent packardbell Master Uninstall" = Packard Bell Games "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-bit) "WT078791" = Bejeweled 2 Deluxe "WT078806" = Insaniquarium Deluxe "WT078833" = Zuma Deluxe "WT078960" = Blasterball 3 "WT078964" = Bob the Builder Can-Do-Zoo "WT079020" = Faerie Solitaire "WT079024" = FATE - The Traitor Soul "WT079064" = Jewel Quest "WT079068" = Jewel Quest Solitaire 3 "WT079108" = Penguins! "WT079116" = Polar Bowler "WT079120" = Polar Golfer "WT079124" = Polar Pool "WT079177" = Virtual Villagers - A New Home "WT079184" = Yahtzee "WT079363" = Build-a-lot 2 "WT079366" = Chicken Invaders 3 - Revenge of the Yolk "WT079395" = Escape Rosecliff Island "WT079397" = Mahjongg Artifacts "WT079421" = Virtual Families ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.3.0 "EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0 "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15/04/2013 19:56:13 | Computer Name = david-PC | Source = VSS | ID = 8193 Description = Error - 15/04/2013 19:56:13 | Computer Name = david-PC | Source = System Restore | ID = 8193 Description = Error - 15/04/2013 19:57:20 | Computer Name = david-PC | Source = VSS | ID = 13 Description = Error - 15/04/2013 19:57:20 | Computer Name = david-PC | Source = VSS | ID = 12292 Description = Error - 15/04/2013 19:57:46 | Computer Name = david-PC | Source = VSS | ID = 13 Description = Error - 15/04/2013 19:57:46 | Computer Name = david-PC | Source = VSS | ID = 12292 Description = Error - 15/04/2013 19:58:09 | Computer Name = david-PC | Source = VSS | ID = 13 Description = Error - 15/04/2013 19:58:09 | Computer Name = david-PC | Source = VSS | ID = 12292 Description = Error - 17/04/2013 15:49:07 | Computer Name = david-PC | Source = Application Hang | ID = 1002 Description = The program rundll32.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1394 Start Time: 01ce3ba470653b1f Termination Time: 15 Application Path: C:\Windows\system32\rundll32.exe Report Id: Error - 17/04/2013 17:46:59 | Computer Name = david-PC | Source = Application Hang | ID = 1002 Description = The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 15c8 Start Time: 01ce3bb4d6c266a5 Termination Time: 3 Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Report Id: 44642a64-a7a8-11e2-b6ed-4487fcab2060 [ System Events ] Error - 18/04/2013 07:20:17 | Computer Name = david-PC | Source = DCOM | ID = 10010 Description = Error - 18/04/2013 07:31:15 | Computer Name = david-PC | Source = DCOM | ID = 10010 Description = Error - 18/04/2013 12:33:31 | Computer Name = david-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect. Error - 18/04/2013 12:33:31 | Computer Name = david-PC | Source = Service Control Manager | ID = 7000 Description = The dleaCATSCustConnectService service failed to start due to the following error: %%1053 Error - 18/04/2013 12:39:07 | Computer Name = david-PC | Source = DCOM | ID = 10010 Description = Error - 18/04/2013 12:40:42 | Computer Name = david-PC | Source = DCOM | ID = 10010 Description = Error - 18/04/2013 16:01:47 | Computer Name = david-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect. Error - 18/04/2013 16:01:47 | Computer Name = david-PC | Source = Service Control Manager | ID = 7000 Description = The dleaCATSCustConnectService service failed to start due to the following error: %%1053 Error - 18/04/2013 16:07:16 | Computer Name = david-PC | Source = DCOM | ID = 10010 Description = Error - 18/04/2013 16:18:18 | Computer Name = david-PC | Source = DCOM | ID = 10010 Description = < End of report > Quote
mackay55 Posted April 18, 2013 Author Posted April 18, 2013 OTL Extras logfile created on: 18/04/2013 21:50:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\david\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 7.99 Gb Total Physical Memory | 5.23 Gb Available Physical Memory | 65.40% Memory free 15.98 Gb Paging File | 12.96 Gb Available in Paging File | 81.09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 689.45 Gb Total Space | 476.10 Gb Free Space | 69.06% Space Free | Partition Type: NTFS Drive D: | 689.71 Gb Total Space | 689.60 Gb Free Space | 99.98% Space Free | Partition Type: NTFS Computer Name: DAVID-PC | User Name: david | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CF9BB0B-8DDF-4F28-AA3E-AA1C3AC7BEBF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{17C46AE2-8F4B-42E6-B852-F4CBF66B9AD4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1D3BD22D-582A-49E0-BFEB-163E893BE8D0}" = rport=10243 | protocol=6 | dir=out | app=system | "{20A1C624-E746-45BA-8B7B-E7800B1D6319}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{284F042A-A9D6-4A4C-BB4E-218D5E3E93E9}" = rport=138 | protocol=17 | dir=out | app=system | "{39D5FFC2-740F-4230-84A2-A34E7A7D1C8E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{3D0D4F59-61F5-4B13-AA2C-D52DB42E35E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3D925F0A-C436-4ABC-ABCD-9D415BE77538}" = rport=139 | protocol=6 | dir=out | app=system | "{3F12C074-6A3E-4E63-95FF-DB401F8FDA29}" = rport=137 | protocol=17 | dir=out | app=system | "{42CF5768-DE9E-4E38-AEAB-5A1F870586DB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{45E01FA8-F6D7-4509-AA3C-2F281DF64A09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{47912D4C-C4BC-4DAE-AF84-D3F520E7918F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{48EC3EF1-0846-4200-950E-8387A3EB5463}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4FAE3645-84DE-47FC-ABC8-64D866CF5F78}" = lport=10243 | protocol=6 | dir=in | app=system | "{72782090-4ED5-4241-A519-F75CE62448F8}" = lport=2869 | protocol=6 | dir=in | app=system | "{7586BBEE-DBDA-44E3-994A-A5FD42EA294C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{7A95F239-0214-4674-8404-2F690468E8F6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7CF9231E-F9CB-4730-97CB-4B9D16BFE582}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A05371AE-3A3A-4722-8083-79A82B080E08}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A2AF1380-AAF1-4123-9FD0-790E595DB4DF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AB3C8222-FE8B-4E2F-ACD2-3D2FC3D56BB9}" = lport=2869 | protocol=6 | dir=in | app=system | "{B5630E59-BC8F-4506-86FE-CF950BC82002}" = rport=445 | protocol=6 | dir=out | app=system | "{B587AD65-C1FA-4D18-8C9B-3DFEF2EF8205}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 | "{B96628EF-8E73-478A-8B45-EB762F41B5FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{C064BAA5-9F02-4A00-ADAB-227C18A812F0}" = lport=138 | protocol=17 | dir=in | app=system | "{D0068FB8-A615-4B25-9A2D-66A2B7CC9FA5}" = lport=139 | protocol=6 | dir=in | app=system | "{DCCE95A4-0121-4ED7-866D-68E5F1E91D87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DF53B8F9-E5EA-49F7-B13A-C8741152875C}" = lport=137 | protocol=17 | dir=in | app=system | "{F5F31AB3-CCBB-4FB5-9689-5EF098FF8092}" = lport=445 | protocol=6 | dir=in | app=system | "{FDCA5B82-1CFD-4ECE-BD50-CC0123A4D1D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{006C9816-3E0A-48A5-88CC-80A3BFC858FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{01D8EE86-9F54-47F3-AF16-F9D131947888}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe | "{03C7E76C-5E9F-44DB-8E19-1B770D5D5BC3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{0661C2C8-4D43-44CD-BC41-FD79BB2CF2C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0B19AF71-C105-4723-94BF-4B3F17F9523F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{0C6AF723-1BC8-4A21-9D4E-C663127DC2D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\farming simulator 2011\game.exe | "{0E9C0819-B485-40C3-BF70-99E94D5BB2FD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1235C078-F018-4E1E-A923-09E7603EA96C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | "{14CD0631-1A57-4AE0-9946-C0C5E2E03AE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\farming simulator 2011\game.exe | "{19059BE9-6737-44AB-BC91-1FF5278CE462}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{1911FE1F-CFCC-41A9-998A-36BFD6274208}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{1B8C5219-C630-44F0-BD8B-62E2D21D5A67}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1BC3FD49-4086-4387-9181-652CC39F910A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{1D91D24C-291D-4EEA-96A7-8EAB13C372F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1DD9AB00-A16F-4FB5-A2C3-3932739655BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{1DDD90C5-51ED-4CEB-8543-0550FA591BE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{1E66B353-BC01-4017-B2A2-8F0797CC4E7E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1F442343-7980-402F-A723-4B67EE4D6317}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | "{2ACD47C1-6B52-4E32-A003-9ADAE6AE88C3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{303B00FB-3FF5-4180-91EB-7D2ABE81C269}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{3757151D-1881-4AC7-83DB-4EF10EF45977}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{375D8333-8EA1-4742-AC66-ECEEC2CA28A0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{3B389FFF-0A89-4F42-ADA3-A5A77DA9D96F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\stronghold3.exe | "{3FCF5FEB-685B-4BEA-BD0D-5367F94B8FC0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{465C8793-91B4-4208-9D7E-44A48B448C9A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{4B658A3D-9B83-4491-AE78-DB82362FC9BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4DEE212B-4843-486F-975C-B737094E35D1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4E7623F5-8EC3-43DC-90BB-650341208C13}" = dir=in | app=c:\windows\system32\dleacoms.exe | "{4F4A64CA-BA43-4FC0-B664-C2F4FF5B960C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{50EFE597-C629-4CF0-B996-0315F08CEEC5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{51279157-1A79-4F9C-91B2-5DAE2D818C3D}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{5C87627A-E739-4E6F-887B-8E3997394CF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{66207C27-03B8-4FDF-997C-88CE41996C68}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicator.exe | "{673900AE-1BC9-4C00-AA6D-36A89DDD035D}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{67B032B6-0CAA-4EBE-BA02-B947AD7A6825}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{7236557C-691D-40D4-9AEB-4B2218F774A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{73E5325A-5A01-421B-B335-35A0BE15A6C3}" = dir=in | app=c:\windows\system32\dleacoms.exe | "{7A1E5582-5ADC-488E-91F0-AA1B066FAE3A}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{7C297DB3-EBBA-445C-936A-D8C4FD4F4FAE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{7D5FCA79-4D9A-4FA0-9E66-3ACB97AD8221}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7DC9AB7C-F667-4200-8B68-7F012B857ED9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe | "{7ECFCDC0-D78A-4650-8FD5-F5F06FBA4FB8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{86BB593D-DB98-45A7-8780-AEEBBF7557CF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{89DC8880-7C59-48F2-A153-CBE40929758F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe | "{8DC0B4CE-2E0B-4AB1-B7DD-A472F8C6E9F7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{8FEBAF9A-9546-4828-BA07-4E680F6A3E85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe | "{8FF8C378-3162-43DE-A22E-2044E9B486F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{910E2E13-38A6-4711-B383-63A33956EBAE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{91818CD0-B5E7-49CA-8F20-1F9EC0795099}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | "{945476F7-98C5-4BDC-9450-307F3BD9FC67}" = protocol=6 | dir=out | app=system | "{97778CC8-C5E8-4CE0-92AA-CD287F1663C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe | "{9966A24C-57D0-48BB-9E94-5D66A517D26E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9B851596-E1BE-4F6B-87C3-91BA5C2AEFCC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{9D59FA21-4C4A-44DC-B8A2-BCC43737187E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | "{9D6373D6-432A-48DA-8767-E38BA4D741EA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{9E84AD66-FBA5-41C1-9B36-88F10078EF97}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A3044422-1E2A-4A75-BCFE-25890782561A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A36D9D10-7654-4626-B983-C7E1D54E9238}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe | "{A76C8F37-6C87-4892-8275-E2A59EFCA878}" = dir=in | app=c:\windows\system32\dleacoms.exe | "{A909DD98-BA8E-47BC-9146-EE0D0FA4DF2C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A95ECFD2-FA8F-41DC-9C17-C0E550B9AD5F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{AB14EFF1-D95B-4B7F-AEF1-E718778C6051}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{AD4C882D-9199-47F1-94B4-66A0C5BC2DC3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{B236ED9D-3AED-4C23-B547-6567045D0046}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B37266A5-0039-4F7A-8E0D-D7D66973E185}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | "{B4984838-8010-43EE-B546-BBBEE9E43534}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B54DD27B-927A-4691-81D7-ECEF31AC8662}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "{B6F86DF7-27D9-4C96-8CE1-75A4E9D5862E}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\devicesetup.exe | "{BA34EEB5-A163-4ACA-BD05-1F65F2D0D266}" = dir=in | app=c:\windows\system32\dleccoms.exe | "{BBA0E1E5-CD63-4C25-A34F-839941FB1A96}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{BD6C6B21-2447-4AF5-B72E-9E4070286399}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{C1368566-4433-43B8-A829-929D540C751C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{C243972F-14EE-4FAB-9897-8606B2783D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C3EEA344-E6FA-4424-9F84-C4A52D871678}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C4C50EF4-8A33-4910-87A6-54233C9CD003}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C53CB493-9C1F-46D2-8673-18E5CFFA3D44}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | "{D0D3ED28-8908-404E-B321-72114B8C8B00}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | "{D3F92FB4-F7C2-4308-93B9-C4C5A4A0DE4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{D843788D-052D-4DE4-8200-DBACE92094A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | "{DB3AF94D-4047-4465-9077-43A9C164793F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | "{DE599CC7-3B34-4F59-814D-E1D2BD4B932D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{DEB626DD-8BD1-436C-AE53-66BA18DE66A0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{DFD93CE6-3291-4A11-82AB-CA4BC7765445}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{DFDD87BE-B66B-462D-BBD1-7A879DE61453}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{DFE752C8-738A-4F6D-B977-82FB9428E4CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe | "{E11E4899-C49D-4A70-BB37-4C68358FAF37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E702D403-5712-442D-9634-263863025814}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe | "{EAD62FAC-0653-482A-BC7D-6EDB92382BCA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2013\fm.exe | "{EDFADE52-EF7B-4413-962E-5F0943405149}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold3\bin\win32_release\mapeditor.exe | "{EF7DF460-09B8-4C5C-BF0C-B045243B3014}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | "{F0EF3341-480D-4573-BAC4-B5E9F8094A6B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{F8012FF4-5ABE-42FF-9CC0-826DCE564176}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{FA19D101-C365-4F50-B0D3-192C12707366}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | "{FD52E3A2-BF6E-437C-A0DE-1C16ED7CBCB1}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "{FE1DC584-49E7-430E-AC1C-9C03C57DF0E6}" = dir=in | app=c:\windows\system32\dleacoms.exe | "TCP Query User{42281FDA-194E-4777-B68D-0B7B96B27E13}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{A4AE0705-D35D-463C-B46B-5CAFD44B503F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{12E063F4-FC2E-412D-8EF2-345B85C5B8D8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{8660B3FA-6076-479C-BC2C-BA778921826B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{235FC8A2-FFDF-4F74-A829-BA20EC015EC7}" = HP Photosmart 5520 series Product Improvement Study "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{53469789-996F-4193-9FBD-A053EE298C6F}" = HP Photosmart 5520 series Basic Device Software "{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "C-Media Oxygen HD Audio Driver" = ASUS Xonar DS Audio Driver "Dell V310-V510 Series" = Dell V310-V510 Series "EPSON XP-102 103 Series" = EPSON XP-102 103 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis® "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar "{0C3B3058-F1DB-4E51-8115-AD06825EE1C5}" = Razer Naga Epic Firmware Updater "{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{294A2E0E-3A0B-4D1F-8282-11DEF2040227}" = InstallIQ Updater "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{3607FA40-1D0F-4294-B034-6054349E1613}" = Windows Live Messenger "{37F79672-76E1-11D6-B2FB-0002A5E32BEF}" = BVHE-Beauty and the Beast Magical Ballroom "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars® "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night "{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{5BF6D4DE-C915-44C4-9176-AF6D3B27052F}" = XP500 Advanced Sound Editor "{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery "{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials "{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games) "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7137E26A-10F7-4B1C-9980-0893579E92DA}" = HP Photosmart 5520 series Help "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{733C5FC0-F0C4-405B-A983-61C24CC60E39}_is1" = Photo Frame "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD® "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{88F84936-8445-438D-A5E5-E3DA61A22A30}" = Windows Live Family Safety "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8af0a855-8811-42b5-8f56-a9f856b2bf75}" = Nero 9 Essentials "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker "{8F4D359D-99E3-4158-8BD4-7F9512E67391}" = Windows Live Writer Resources "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{9971EC43-AB05-48B9-9BA2-5DBE0A42191B}" = Windows Live Writer "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F64A0D3-B0D2-4EE1-9A9D-452BD4459D09}" = Razer Naga "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F2409431-8B8C-4256-A97E-9138EBA34DC9}" = Windows Live Mail "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US) "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "ArtMoney SE_is1" = ArtMoney SE v7.38 "AVG PC TuneUp" = AVG PC TuneUp "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVSRegistryCleaner_is1" = AVS Registry Cleaner version 2.2 "Belarc Advisor" = Belarc Advisor 8.3 "Company of Heroes" = Company of Heroes "Crysis WARHEAD®" = Crysis WARHEAD® "Crysis Wars®" = Crysis Wars® "Desura" = Desura "Diablo III" = Diablo III "EADM" = EA Download Manager "EPSON Scanner" = EPSON Scan "EPSON XP-102 103 Series Useg" = User's Guide EPSON XP-102 103 Series "GoToAssist" = GoToAssist Corporate "Hotkey Utility" = Hotkey Utility "HP Photo Creations" = HP Photo Creations "Identity Card" = Identity Card "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "Intelli-studio" = SAMSUNG Intelli-studio "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "N360" = Norton 360 "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Student 2010 "OpenAL" = OpenAL "Packard Bell InfoCentre" = Packard Bell InfoCentre "Packard Bell Registration" = Packard Bell Registration "Packard Bell Screensaver" = Packard Bell ScreenSaver "Packard Bell Software Suite SE" = Packard Bell Software Suite SE "Packard Bell Welcome Center" = Welcome Center "PunkBusterSvc" = PunkBuster Services "Steam App 10500" = Empire: Total War "Steam App 20570" = Warhammer® 40,000â„¢: Dawn of War® II – Chaos Risingâ„¢ "Steam App 207890" = Football Manager 2013 "Steam App 219640" = Chivalry: Medieval Warfare "Steam App 34030" = Napoleon: Total War "Steam App 47400" = Stronghold 3 "Steam App 4760" = Rome: Total War "Steam App 48700" = Mount & Blade: Warband "Steam App 48720" = Mount & Blade: With Fire and Sword "Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™ "Steam App 8930" = Sid Meier's Civilization V "Steam App 90200" = Farming Simulator 2011 "WildTangent packardbell Master Uninstall" = Packard Bell Games "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-bit) "WT078791" = Bejeweled 2 Deluxe "WT078806" = Insaniquarium Deluxe "WT078833" = Zuma Deluxe "WT078960" = Blasterball 3 "WT078964" = Bob the Builder Can-Do-Zoo "WT079020" = Faerie Solitaire "WT079024" = FATE - The Traitor Soul "WT079064" = Jewel Quest "WT079068" = Jewel Quest Solitaire 3 "WT079108" = Penguins! "WT079116" = Polar Bowler "WT079120" = Polar Golfer "WT079124" = Polar Pool "WT079177" = Virtual Villagers - A New Home "WT079184" = Yahtzee "WT079363" = Build-a-lot 2 "WT079366" = Chicken Invaders 3 - Revenge of the Yolk "WT079395" = Escape Rosecliff Island "WT079397" = Mahjongg Artifacts "WT079421" = Virtual Families ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.3.0 "EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0 "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15/04/2013 19:56:13 | Computer Name = david-PC | Source = VSS | ID = 8193 Description = Error - 15/04/2013 19:56:13 | Computer Name = david-PC | Source = System Restore | ID = 8193 Description = Error - 15/04/2013 19:57:20 | Computer Name = david-PC | Source = VSS | ID = 13 Description = Error - 15/04/2013 19:57:20 | Computer Name = david-PC | Source = VSS | ID = 12292 Description = Error - 15/04/2013 19:57:46 | Computer Name = david-PC | Source = VSS | ID = 13 Description = Error - 15/04/2013 19:57:46 | Computer Name = david-PC | Source = VSS | ID = 12292 Description = Error - 15/04/2013 19:58:09 | Computer Name = david-PC | Source = VSS | ID = 13 Description = Error - 15/04/2013 19:58:09 | Computer Name = david-PC | Source = VSS | ID = 12292 Description = Error - 17/04/2013 15:49:07 | Computer Name = david-PC | Source = Application Hang | ID = 1002 Description = The program rundll32.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1394 Start Time: 01ce3ba470653b1f Termination Time: 15 Application Path: C:\Windows\system32\rundll32.exe Report Id: Error - 17/04/2013 17:46:59 | Computer Name = david-PC | Source = Application Hang | ID = 1002 Description = The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 15c8 Start Time: 01ce3bb4d6c266a5 Termination Time: 3 Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Report Id: 44642a64-a7a8-11e2-b6ed-4487fcab2060 [ System Events ] Error - 18/04/2013 07:20:17 | Computer Name = david-PC | Source = DCOM | ID = 10010 Description = Error - 18/04/2013 07:31:15 | Computer Name = david-PC | Source = DCOM | ID = 10010 Description = Error - 18/04/2013 12:33:31 | Computer Name = david-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect. Error - 18/04/2013 12:33:31 | Computer Name = david-PC | Source = Service Control Manager | ID = 7000 Description = The dleaCATSCustConnectService service failed to start due to the following error: %%1053 Error - 18/04/2013 12:39:07 | Computer Name = david-PC | Source = DCOM | ID = 10010 Description = Error - 18/04/2013 12:40:42 | Computer Name = david-PC | Source = DCOM | ID = 10010 Description = Error - 18/04/2013 16:01:47 | Computer Name = david-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect. Error - 18/04/2013 16:01:47 | Computer Name = david-PC | Source = Service Control Manager | ID = 7000 Description = The dleaCATSCustConnectService service failed to start due to the following error: %%1053 Error - 18/04/2013 16:07:16 | Computer Name = david-PC | Source = DCOM | ID = 10010 Description = Error - 18/04/2013 16:18:18 | Computer Name = david-PC | Source = DCOM | ID = 10010 Description = < End of report > Quote
Starbuck Posted April 19, 2013 Posted April 19, 2013 Hi mackay55 Now that MBAM has removed this: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Quarantined and deleted successfully. The exploit should be unable to run. Let's deal with some other issues showing in the report and then we'll double check. Step 1 AVS Registry Cleaner version 2.2: We don't recommend any registry cleaners here (or on any site i work) they can cause more problems than they actually cure. I recommend you uninstall this program. AVG PC TuneUp Did you pay for the full version? If not, it's only a one day trial and doesn't do an awful lot. The full paid for version is very expensive for the little it does. I recommend this is also uninstalled. Step 2 If you encounter any problems with the following fix freezing..... You will need to uninstall MBAM. It is known that MBAM causes problems with the OTL fix on some systems. ( yours may or may not be effected) MBAM can be reinstalled again once the fix has been run. Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 3 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 7 Update 21 and save it to your desktop. Scroll down to where it says "Java SE 7 Update 21". Click the "Download JRE" button. Accept the license agreement. select 'Windows x64.exe' from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. . Java 6 Update 31 Java 7 Update 17 . Reboot your computer once all Java components are removed. Then from your desktop double-click on downloaded icon to install the newest version. Step 4 Please update MBAM and run another scan: Start MBAM Click on the Update tab http://img.photobucket.com/albums/v708/starbuck50/new/mbamnew.png Click Check for Updates The latest Database Version is: v2013.04.19.08 If it says that MBAM needs to close to update it... let it close and then restart. Then click the Scan button. Don't forget: When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. In your next reply, please submit: OTL fix report New MBAM scan report Thanks. Quote Member of:UNITE
mackay55 Posted April 20, 2013 Author Posted April 20, 2013 All processes killed ========== OTL ========== 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-2050934482-116919376-2043438584-1005\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\david\Downloads\cmd.bat deleted successfully. C:\Users\david\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: david ->Temp folder emptied: 4437271 bytes ->Temporary Internet Files folder emptied: 2012355 bytes ->Java cache emptied: 902778160 bytes ->Google Chrome cache emptied: 403705215 bytes ->Flash cache emptied: 88667 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1531904 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 40179212 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304615 bytes RecycleBin emptied: 648520 bytes Total Files Cleaned = 1,333.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 04202013_110157 Files\Folders moved on Reboot... C:\Users\david\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\david\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Quote
mackay55 Posted April 20, 2013 Author Posted April 20, 2013 Malwarebytes Anti-Malware (Trial) 1.75.0.1300 http://www.malwarebytes.org Database version: v2013.04.20.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 david :: DAVID-PC [administrator] Protection: Disabled 20/04/2013 12:54:49 mbam-log-2013-04-20 (12-54-49).txt Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|K:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 497639 Time elapsed: 1 hour(s), 13 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Quote
Starbuck Posted April 21, 2013 Posted April 21, 2013 Hi mackay55 That seems fine now. Just one more check..... I'd like you to do an ESET OnlineScan 64Bit users, please see note at the bottom. You may find it beneficial to close your resident AV program before running the scan. It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: As you are running a 64bit system: The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu. Quote Member of:UNITE
mackay55 Posted April 21, 2013 Author Posted April 21, 2013 C:\Users\david\Downloads\driverupdater.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined Quote
Starbuck Posted April 21, 2013 Posted April 21, 2013 Hi mackay55 Ok, that's not much to worry about. How's the system running? when I click on the control panel and click on programs or anything else it just freezes Are you still getting this problem? Quote Member of:UNITE
mackay55 Posted April 21, 2013 Author Posted April 21, 2013 yes it still freezes when I click on it Quote
Starbuck Posted April 21, 2013 Posted April 21, 2013 Let's look a little deeper then: Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. Vista/Win7 users should right click on the icon and select Run as Administrator. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista/Win7, you will not see the recovery console screens as they are Win XP related Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.