Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Connected to net but cant not dl win updates connect to autolog and ma


  • This topic is locked This topic is locked

#46
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Yes I am using a Sky Router, not sure where you are from, but Sky are “very” big in the UK

OTL logfile created on: 30/08/2011 21:39:45 - Run 5
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\FLIPP\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 44.30% Memory free
8.19 Gb Paging File | 5.90 Gb Available in Paging File | 72.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.06 Gb Total Space | 592.58 Gb Free Space | 64.62% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.98 Gb Free Space | 13.73% Space Free | Partition Type: NTFS
Drive E: | 6.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FLIPP-PC | User Name: FLIPP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\FLIPP\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (HPBtnSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe ()
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV - (MxlW2k) -- C:\Windows\SysWow64\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)
DRV - (Secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2204173278-169951079-703970126-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\FLIPP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/11 13:56:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/08/28 12:39:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\FLIPP\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\FLIPP\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/27 17:06:10 | 000,464,144 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2011/03/08 15:33:55 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2011/03/08 11:33:03 | 034,599,936 | R--- | M] () - E:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2011/03/08 15:33:54 | 000,000,147 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{42ee88da-e157-11dd-be7e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{42ee88da-e157-11dd-be7e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011/01/27 17:06:10 | 000,464,144 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

MsConfig:64bit - StartUpFolder: C:^Users^FLIPP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk - - File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4685FF32-8937-7A46-6D26-6F7592AF90E3} - Microsoft Windows Media Player
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {973D77D6-FBD0-1D39-CB08-05D262DD9A87} - Microsoft Windows Media Player
ActiveX: {C1A8BD57-CC42-806E-BDCF-7AFCF8410C89} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.dvacm - C:\PROGRA~2\COMMON~1\ULEADS~1\vio\dvacm.acm File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2011/08/30 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\FLIPP\Documents\ManiaPlanet
[2011/08/30 00:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet
[2011/08/30 00:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ManiaPlanet
[2011/08/30 00:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManiaPlanet
[2011/08/27 14:34:12 | 000,000,000 | ---D | C] -- C:\Users\FLIPP\AppData\Roaming\Sammsoft
[2011/08/27 01:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/08/26 22:07:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/26 22:05:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/26 22:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/26 22:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/08/24 13:45:20 | 000,000,000 | ---D | C] -- C:\f12f1591da052aec4117
[2011/08/21 17:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/21 17:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/08/19 23:56:15 | 000,000,000 | ---D | C] -- C:\Users\FLIPP\AppData\Local\Mozilla
[2011/08/19 19:20:22 | 000,000,000 | ---D | C] -- C:\Users\FLIPP\AppData\Local\Deployment
[2011/08/19 19:20:22 | 000,000,000 | ---D | C] -- C:\Users\FLIPP\AppData\Local\Apps
[2011/08/13 01:23:21 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/08/11 13:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/11 13:56:41 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/11 13:56:40 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/08/11 13:56:36 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/08/11 13:56:36 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/08/11 13:56:35 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/08/11 13:56:33 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/08/11 13:56:16 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/11 13:56:15 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/11 13:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/10 14:07:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/10 14:07:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/10 14:07:14 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/10 14:07:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/10 14:07:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/10 14:07:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/10 14:07:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/10 14:07:13 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/10 14:07:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/10 13:43:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/08/10 13:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/08/10 12:03:12 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 12:03:11 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 12:03:00 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 01:07:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/08/09 22:03:33 | 000,000,000 | ---D | C] -- C:\Users\FLIPP\Documents\OneNote Notebooks
[2011/08/09 19:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/08/08 21:25:18 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/08/08 21:25:18 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

========== Files - Modified Within 30 Days ==========

[2011/08/30 21:43:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 21:43:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 21:25:47 | 000,002,635 | ---- | M] () -- C:\Users\FLIPP\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk
[2011/08/30 20:53:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/30 17:43:52 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/30 17:43:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/30 00:09:08 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\ManiaPlanet.lnk
[2011/08/29 20:19:24 | 000,074,736 | ---- | M] () -- C:\Users\FLIPP\Desktop\GetSystemInfo_FLIPP-PC_FLIPP_2011_08_29_20_18_10.zip
[2011/08/29 19:43:10 | 000,001,024 | ---- | M] () -- C:\Users\FLIPP\Desktop\Continue FoxTab PDF Converter Installation.lnk
[2011/08/29 18:27:05 | 000,000,588 | ---- | M] () -- C:\Users\FLIPP\Desktop\SystemLook_x64.exe - Shortcut.lnk
[2011/08/29 13:17:07 | 000,001,460 | ---- | M] () -- C:\Users\FLIPP\AppData\Local\d3d9caps64.dat
[2011/08/28 12:50:08 | 000,000,934 | ---- | M] () -- C:\Users\FLIPP\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/28 12:50:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/27 01:21:47 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2011/08/26 22:54:48 | 000,000,172 | ---- | M] () -- C:\Users\FLIPP\Desktop\Dr. Darden's H.I.T..url
[2011/08/26 22:04:52 | 000,000,725 | ---- | M] () -- C:\Users\FLIPP\Desktop\NTREGOPT.lnk
[2011/08/26 22:04:52 | 000,000,706 | ---- | M] () -- C:\Users\FLIPP\Desktop\ERUNT.lnk
[2011/08/26 20:33:32 | 000,001,200 | ---- | M] () -- C:\Users\FLIPP\Desktop\OTL.exe - Shortcut.lnk
[2011/08/26 18:23:30 | 000,000,222 | ---- | M] () -- C:\Users\FLIPP\Desktop\Virus, Spyware, Malware Removal - Geeks to Go Forums.url
[2011/08/26 01:18:32 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/08/25 12:03:21 | 000,715,772 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/25 12:03:21 | 000,599,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/25 12:03:21 | 000,105,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/20 02:03:33 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/19 02:42:21 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/08/19 02:42:21 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/08/14 21:07:34 | 000,144,144 | ---- | M] () -- C:\Users\FLIPP\Desktop\GetSystemInfo_FLIPP-PC_FLIPP_2011_08_14_21_06_21.zip
[2011/08/12 23:27:08 | 000,000,322 | ---- | M] () -- C:\Users\FLIPP\Desktop\Building Muscle Mass A Quick Look at Muscular Growth and Hypertrophy • AmpedTraining.com • Matthew Perryman, CSCS.url
[2011/08/11 13:56:42 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/11 13:56:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/08/09 22:34:48 | 000,000,951 | ---- | M] () -- C:\Users\FLIPP\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (64-bit).lnk
[2011/08/09 22:03:33 | 000,001,103 | ---- | M] () -- C:\Users\FLIPP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/09 19:36:59 | 000,327,680 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/08/03 02:18:19 | 000,140,288 | ---- | M] () -- C:\Users\FLIPP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/03 02:10:13 | 3073,871,496 | ---- | M] () -- C:\Users\FLIPP\Desktop\shift2u 2011-08-03 02-04-21-61.avi

========== Files Created - No Company Name ==========

[2011/08/30 00:09:08 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\ManiaPlanet.lnk
[2011/08/29 20:18:51 | 000,074,736 | ---- | C] () -- C:\Users\FLIPP\Desktop\GetSystemInfo_FLIPP-PC_FLIPP_2011_08_29_20_18_10.zip
[2011/08/29 19:43:10 | 000,001,024 | ---- | C] () -- C:\Users\FLIPP\Desktop\Continue FoxTab PDF Converter Installation.lnk
[2011/08/29 18:26:25 | 000,000,588 | ---- | C] () -- C:\Users\FLIPP\Desktop\SystemLook_x64.exe - Shortcut.lnk
[2011/08/27 01:48:48 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/27 01:48:48 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/26 22:54:48 | 000,000,172 | ---- | C] () -- C:\Users\FLIPP\Desktop\Dr. Darden's H.I.T..url
[2011/08/26 22:24:09 | 000,000,934 | ---- | C] () -- C:\Users\FLIPP\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/26 22:24:09 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/26 22:02:04 | 000,000,725 | ---- | C] () -- C:\Users\FLIPP\Desktop\NTREGOPT.lnk
[2011/08/26 22:02:04 | 000,000,706 | ---- | C] () -- C:\Users\FLIPP\Desktop\ERUNT.lnk
[2011/08/26 20:32:47 | 000,001,200 | ---- | C] () -- C:\Users\FLIPP\Desktop\OTL.exe - Shortcut.lnk
[2011/08/26 18:23:30 | 000,000,222 | ---- | C] () -- C:\Users\FLIPP\Desktop\Virus, Spyware, Malware Removal - Geeks to Go Forums.url
[2011/08/14 21:06:48 | 000,144,144 | ---- | C] () -- C:\Users\FLIPP\Desktop\GetSystemInfo_FLIPP-PC_FLIPP_2011_08_14_21_06_21.zip
[2011/08/12 23:27:08 | 000,000,322 | ---- | C] () -- C:\Users\FLIPP\Desktop\Building Muscle Mass A Quick Look at Muscular Growth and Hypertrophy • AmpedTraining.com • Matthew Perryman, CSCS.url
[2011/08/11 13:56:42 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/09 22:34:48 | 000,000,951 | ---- | C] () -- C:\Users\FLIPP\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (64-bit).lnk
[2011/08/09 22:22:45 | 000,000,951 | ---- | C] () -- C:\Users\FLIPP\Desktop\Internet Explorer (64-bit).lnk
[2011/08/09 22:03:33 | 000,001,103 | ---- | C] () -- C:\Users\FLIPP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/09 19:04:15 | 000,327,680 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2011/08/03 02:23:11 | 3073,871,496 | ---- | C] () -- C:\Users\FLIPP\Desktop\shift2u 2011-08-03 02-04-21-61.avi
[2011/05/02 22:28:13 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/02 22:28:13 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/26 19:16:50 | 000,000,192 | ---- | C] () -- C:\ProgramData\video
[2011/04/21 12:39:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/09 02:12:01 | 000,000,036 | ---- | C] () -- C:\Users\FLIPP\AppData\Local\housecall.guid.cache
[2011/02/27 23:03:48 | 000,822,636 | ---- | C] () -- C:\Users\FLIPP\AppData\Local\tmpIMG008.0
[2011/02/27 23:03:48 | 000,589,257 | ---- | C] () -- C:\Users\FLIPP\AppData\Local\tmpIMG008.JPG
[2011/02/18 15:26:49 | 000,001,460 | ---- | C] () -- C:\Users\FLIPP\AppData\Local\d3d9caps64.dat
[2010/06/04 00:26:18 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/04 00:26:18 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/02/28 16:17:48 | 003,284,480 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/12/25 19:37:42 | 000,070,575 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/25 19:27:08 | 000,070,575 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/11 02:01:29 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2009/11/11 02:01:29 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2009/11/11 02:01:29 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2009/11/11 02:01:29 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2009/11/11 02:01:29 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2009/11/11 02:01:29 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2009/11/11 02:01:29 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2009/11/11 02:01:29 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2009/11/11 02:01:29 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2009/11/11 02:01:29 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2009/11/11 02:01:29 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2009/11/11 02:01:29 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2009/11/11 02:01:29 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2009/11/11 02:01:29 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2009/11/11 02:01:29 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2009/11/11 02:01:29 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2009/11/11 02:01:29 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2009/11/11 02:01:29 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2009/11/11 02:01:29 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/11/10 21:52:31 | 000,000,025 | ---- | C] () -- C:\Windows\CDER300Euro.ini
[2009/11/10 14:25:52 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2009/09/24 12:28:53 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/24 12:28:32 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/24 12:28:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/19 18:22:48 | 000,009,160 | ---- | C] () -- C:\Users\FLIPP\AppData\Local\d3d9caps.dat
[2009/05/22 22:05:44 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/04/08 19:45:11 | 000,140,288 | ---- | C] () -- C:\Users\FLIPP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/07 00:17:13 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/06 17:18:44 | 000,008,572 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/01/06 16:40:11 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/01/06 16:40:11 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002/03/17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000071.DLL
[2000/08/29 03:09:26 | 000,011,616 | R--- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/04/25 00:49:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/04/25 00:49:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/04/25 00:49:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/04/25 00:49:57 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/04/25 00:49:57 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/25 00:49:53 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/25 00:49:53 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/25 00:49:53 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/04/25 00:49:57 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/04/25 00:49:57 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2011/08/12 23:24:34 | 000,000,647 | ---- | M] ()(C:\Users\FLIPP\Desktop\Tension-time index, fatigue, and energetics in isolated rat diaphragm a new experimental model--«???????»--??????--?????.url) -- C:\Users\FLIPP\Desktop\Tension-time index, fatigue, and energetics in isolated rat diaphragm a new experimental model--《应用生理学杂志》--医学期刊频道--首席医学网.url
[2011/08/12 23:24:34 | 000,000,647 | ---- | C] ()(C:\Users\FLIPP\Desktop\Tension-time index, fatigue, and energetics in isolated rat diaphragm a new experimental model--«???????»--??????--?????.url) -- C:\Users\FLIPP\Desktop\Tension-time index, fatigue, and energetics in isolated rat diaphragm a new experimental model--《应用生理学杂志》--医学期刊频道--首席医学网.url

========== Alternate Data Streams ==========

@Alternate Data Stream - 2873 bytes -> C:\Users\FLIPP\Documents\FW_ Animated Map of Europe During World War II.eml:OECustomProperty
@Alternate Data Stream - 16 bytes -> C:\Users\FLIPP\Documents\Shareaza Downloads:Shareaza.GUID

< End of report >

Wayne
  • 0

Advertisements


#47
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
OTL Extras logfile created on: 30/08/2011 21:39:45 - Run 5
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\FLIPP\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 44.30% Memory free
8.19 Gb Paging File | 5.90 Gb Available in Paging File | 72.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.06 Gb Total Space | 592.58 Gb Free Space | 64.62% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.98 Gb Free Space | 13.73% Space Free | Partition Type: NTFS
Drive E: | 6.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FLIPP-PC | User Name: FLIPP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 0E C9 B1 53 B5 46 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D2B3A7-D047-4ECE-9B8C-32978424E4E2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{02AAE1DD-D2F8-4C1B-A671-26F77E4BBCAB}" = rport=137 | protocol=17 | dir=out | app=system |
"{046265AC-1B1D-4DD5-B9FD-8C31285DFF6E}" = lport=1701 | protocol=17 | dir=in | app=system |
"{04CCD77E-FDFC-4DCD-84D5-C7745A9C4B36}" = rport=5357 | protocol=6 | dir=out | app=system |
"{053F89A5-084A-411F-951F-69E1F899CEC6}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{0B819F22-5F7A-4B0A-B1A4-69D9B9586AF1}" = lport=3390 | protocol=6 | dir=in | app=system |
"{0E746C2F-C601-4FBE-928E-8181DFBCA329}" = lport=3390 | protocol=6 | dir=in | app=system |
"{173240F6-C79F-4036-84B2-7B0CB0B3304C}" = lport=5358 | protocol=6 | dir=in | app=system |
"{210A368E-FC1E-4428-A9CB-3371C497232B}" = rport=10244 | protocol=6 | dir=out | app=system |
"{2554ABAC-8E8C-4F4E-A0F8-C7FEE3D1F520}" = lport=139 | protocol=6 | dir=in | app=system |
"{25E441A1-AB09-466F-8580-BC4FC8CC2F60}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{25E899F4-88A0-40FB-9612-22F8BD990271}" = rport=138 | protocol=17 | dir=out | app=system |
"{27BEA95E-DDBB-4BB1-AB84-2C278340C4EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28C56C6B-11C2-4A2E-841E-E08104695811}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{28CDFDD2-DF86-42F1-8D44-D615C24DED04}" = rport=445 | protocol=6 | dir=out | app=system |
"{2A031940-33E2-430D-BE65-81DF7C49FB60}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4624B61B-1263-4EB4-9F16-26F65BB30A54}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4862BEF7-A5F1-417E-A2E1-EE8EF804936A}" = rport=139 | protocol=6 | dir=out | app=system |
"{56457319-C8CC-4421-9722-6FFA6025D141}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58D327D1-1D0E-4B44-9551-75CB935780E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58EE35A4-F17D-482A-A363-813734852D3B}" = lport=445 | protocol=6 | dir=in | app=system |
"{59415616-2861-4268-B184-AE56F58C1271}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59F2D680-D631-4178-9A7C-81E160E395A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A6DF1FA-B9C3-4E59-BAF1-B380D5653BED}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D1CE477-06E0-4FBA-8B57-109D6DE57E1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E71CA1E-C8BD-4ACC-B515-5DED76DC046E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6517A276-310C-46B4-A730-BCBE47D6AA72}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{66CBFC2B-7F22-4591-BB7C-19CBBC0FBF6F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6CA8BD82-9CC1-4C82-95D9-31F968AD28D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6CC851F7-4232-46FA-9E13-3FE412AB79A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73C95694-0538-4841-8180-D737AA1CF451}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F5FDC71-1D27-4EBD-8C9B-2E286C669BE3}" = rport=5358 | protocol=6 | dir=out | app=system |
"{84293402-7FD6-4B5B-AE92-C6AB7F4CA309}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B6FBDC9-2D4D-43C4-9A25-E35749623CF1}" = lport=5357 | protocol=6 | dir=in | app=system |
"{920A971B-F68D-4221-8AE4-505BD54F19FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2764A54-2B4C-4589-9741-7D367FEF19E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA301CD6-77C7-4973-8FC5-432E4DB50863}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7B87364-1D02-40F0-A2BF-9C752E8039D6}" = lport=10244 | protocol=6 | dir=in | app=system |
"{BE62AB1A-F596-4323-82A7-2361528CAB1B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE7436F4-31F8-4D3F-9749-0348F57CA0AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C24C7A2C-BFF6-4FFE-8098-7B68E8462944}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{CA73F90B-0DD1-4ED0-A8FC-632D513C829C}" = lport=137 | protocol=17 | dir=in | app=system |
"{D0924737-1454-4D68-A908-2B169C73B190}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2282FC6-6874-450D-96B6-98B1DA89F39C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E2CCE76A-968E-47ED-8DD4-0DA58893AF95}" = lport=1723 | protocol=6 | dir=in | app=system |
"{EAB924EE-E97B-4E56-AB35-CCA00980275E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EBF9A57D-DC2A-4554-AC37-469E4A0FA4FC}" = rport=1723 | protocol=6 | dir=out | app=system |
"{F2990E86-83EF-4A24-A316-511CAEB2BAFA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F413C410-252A-4032-A8E6-20A32D75182D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6154A82-E1D8-48AE-900E-7CF1D98CBBD6}" = rport=1701 | protocol=17 | dir=out | app=system |
"{F99233FD-D1A7-4838-A961-53A2C6006626}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0065F900-15E3-4C2C-93A6-3F0B0E2B02AA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{048E6CBB-5C30-4160-8EFB-8FF476CC4FEB}" = protocol=17 | dir=in | app=c:\program files (x86)\origin\origin.exe |
"{04FFC0CB-985E-43E0-B97E-D553176B4172}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{073F519C-C699-4263-B7D6-3DF4597B2C2C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{07646797-F04F-4A39-A5EC-083F9598D025}" = protocol=6 | dir=in | app=c:\program files (x86)\blubster\blubster.exe |
"{0AD486B2-2D10-41D3-8B9D-3ACCB0517214}" = protocol=1 | dir=in | [email protected],-28543 |
"{0B20C80A-7AD7-4BD3-AF4A-6AC3564049C3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0BFAD6D5-9611-46C3-992B-4FDC9C1B1E0C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C3EC9C0-2156-428E-9449-1FC36BBB2FB1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft silverlight\4.0.60531.0\silverlight.configuration.exe |
"{0F5BCB09-F5F0-43B1-8056-667683AC2919}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C295F92-1C88-477C-B0FB-2FF412031425}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1D64C977-A6A9-4EC9-B4DD-AD634D95AC7E}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{22076E88-E6C0-420F-A250-D23A06435FE3}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{23CC9DEE-879E-45E5-828E-F8D0B3B9B303}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\blur™\blur.exe |
"{23E4C82F-1674-4FA8-BB5E-4137A1060381}" = protocol=17 | dir=in | app=c:\programdata\{e53f90e0-d7ca-4310-8844-f6e688407890}\ad-aware90install.exe |
"{2A2841BC-CE17-4995-8E6F-B3ADC5A9B689}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A7B31EA-5FC0-44EB-B179-A0FF9DE4DE1D}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{2D4D850F-EE65-439F-94A7-7042D275A62D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin\origin.exe |
"{31E80192-7C69-4EEE-8F0B-4B139C0A1C9C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{33CA7DC2-73B2-4303-8349-20086CB20ADA}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{3B7B2EDF-F715-4E93-9EA2-CC80B2B7F3E3}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{3BACA39C-671C-4690-B5A7-0A99CDC25CBF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46F21759-4CA3-456E-81AD-B94D17B12437}" = protocol=58 | dir=out | [email protected],-28546 |
"{48CB1A2A-6FEC-4B2E-8084-9B05E7BAC539}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{4D2FF9F9-6439-4FFE-B8A6-12C741BD42B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5048C718-473E-42E8-8DEA-E6AF0F9D065D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50E7C1BC-C467-4D07-8027-4B14CD79DEDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5523D450-199A-4D74-9F22-26FDE35C9CEB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{576722AB-E2B2-490E-83A8-21B6EE100F7D}" = protocol=17 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{58268374-5BCD-44F1-A9BB-E115CD0F3115}" = protocol=6 | dir=in | app=c:\programdata\{e53f90e0-d7ca-4310-8844-f6e688407890}\ad-aware90install.exe |
"{59013F9B-8A92-4B34-811A-566801498ECB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{596EC312-070D-4F76-BC13-C5B36489FAFC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{5AAFFDF6-BCEF-4440-8FDA-A324D92EECEF}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{66338E78-EBB0-48C5-9CC8-17F9D3AF71ED}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{69090B75-3123-49ED-BAB8-34CD80BB10D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{6982BF44-00B4-4A94-BE12-023B4E908805}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{6BE8FE3D-1300-4291-8C23-3F86FEFDA2C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77F86004-3738-4894-8D97-E33A0A86FB0A}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{7A8DCFB3-14A0-470D-AF7E-9C0FB67BF87F}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{87998AB0-5FB3-4499-B2C6-B0BF7474504A}" = protocol=1 | dir=out | [email protected],-28544 |
"{8AA4FA61-07FD-413D-BE15-ED3B84F1EA4F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft silverlight\4.0.60531.0\silverlight.configuration.exe |
"{907BD803-731B-48B1-B58B-C1D52F7CB5FA}" = protocol=6 | dir=in | app=c:\program files (x86)\malwarebytes' anti-malware\mbam.exe |
"{90E8318D-746C-4B3C-A443-19F3C59E121F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{91EAC513-173B-47F3-B969-B59167E0069E}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{9358F1A5-2C0D-4A07-9B31-85AAE7A7EA60}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9376F9DF-0B1D-4E9D-B56C-7A93766A7091}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{9552E8D2-C8AE-4A24-B01D-9D47734F7101}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99C78A63-AA00-4C40-B218-4CE449614B6E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A482BD75-18F9-424E-A3F4-82775A070943}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{AA976D61-971A-4430-B808-35EB69A95D9F}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\3d vision\nvstview.exe |
"{ACC2F848-40CE-454A-8B9F-E4AC8B8D5215}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{ADDEB26A-B28F-41A9-AB0B-4DAA40FD9E52}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{B6CAD3D4-DFB2-4239-843A-2447730E72ED}" = protocol=6 | dir=out | app=system |
"{B9B2FA1F-2C68-4B69-A42D-DB9638A65365}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\blur™\blur.exe |
"{BAD4181D-DC21-4D3A-86CA-92A0C612CC63}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{BC532312-B76A-4382-9B00-CDD2F8084450}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7883CE2-4135-4E8C-A5B3-38C431B647CE}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{C94915D5-B9A3-4EDB-9AC5-B120211AF25D}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{C974E6E4-C176-4F53-A9F8-EA126CE40A72}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{D0CFF87E-DFD0-41C0-BFA0-A5B8DE622C4C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2801AA4-9390-4D0F-B3DE-30E5A3BF4B00}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D38652D4-5863-434D-9DE9-0A810CB82382}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{D5729749-D88B-4DF3-B28E-CE3961A3B7AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D9F568E4-2D6A-47E1-B9FE-A5246272265A}" = protocol=17 | dir=in | app=c:\program files (x86)\blubster\blubster.exe |
"{E3097E8B-B3A8-4355-AC4C-1FDD74732EF0}" = protocol=58 | dir=in | [email protected],-28545 |
"{E6654A62-C735-4DD5-9E86-0EC81841C210}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{EA6E673A-4478-403C-80F6-E6952C9DE8BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE4B226B-6515-493F-B74D-A1CC713FBB2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEB415FC-FB0A-4899-88A2-CDBDA55E4A4E}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\3d vision\nvstview.exe |
"{EF50635C-822A-4DAB-8A9A-1920E1FBD0BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F1E6116D-5E8A-40D3-9241-455EB1854B59}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{F1E632FB-256E-4FDA-9A08-95E55DFAB1B3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\launcher.exe |
"{F2F12ECC-500E-4EC9-973A-0FAB99A09767}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{F7E9B19B-8899-4DD8-A254-05ADBC5F0B7B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F80F79A5-DDE1-4FAB-93F0-3DAB4C5FBC3B}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{FEE18470-4040-4052-AC2D-D5F19B6BD4E7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\launcher.exe |
"TCP Query User{30E9CDDE-DE3F-499D-AC7B-92EBDCE9D0C6}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{3188541D-E01C-4A33-AC23-13E1E71E03F4}C:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe |
"TCP Query User{3AAC2912-13A3-4E64-BA34-54B4A876278C}C:\program files (x86)\atari\tdu2 demo\uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\uplauncher.exe |
"TCP Query User{3CE7D616-4AEC-46DF-8A51-626E86275656}C:\program files (x86)\atari\tdu2 demo\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\testdrive2.exe |
"TCP Query User{4E274F48-2406-46CD-BBF2-FED77CC295BA}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"TCP Query User{655A6036-AA21-4503-8B38-B3199D6C9495}C:\program files (x86)\electronic arts\nfs world\data\nfswo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\nfs world\data\nfswo.exe |
"TCP Query User{66A4A82A-C5CC-4A0E-8109-D4FDD0DDBF9C}C:\program files (x86)\electronic arts\need for speed shift\shift.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed shift\shift.exe |
"TCP Query User{6BEB860A-F2F5-4D5A-96DD-D479A37C3DF0}C:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\testdrive2.exe |
"TCP Query User{74C3112B-079F-4EE4-BE05-26301D053996}C:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\uplauncher.exe |
"TCP Query User{75ADDE8A-D187-4955-B449-6517CF9FA2E2}C:\users\flipp\appdata\local\microsoft\windows\temporary internet files\content.ie5\7nfl62sr\tdu2downloader[1].exe" = protocol=6 | dir=in | app=c:\users\flipp\appdata\local\microsoft\windows\temporary internet files\content.ie5\7nfl62sr\tdu2downloader[1].exe |
"TCP Query User{7637EDD7-CDCE-4B0B-B537-D56A7A2317A0}C:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe |
"TCP Query User{7EC190B3-3B8E-4FB8-8D17-311FD58A2518}C:\program files (x86)\atari\tdu2\_uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2\_uplauncher.exe |
"TCP Query User{808F0DA4-9747-414D-9FE2-FDDABA3B8692}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{80EC146D-C599-4E17-9C91-BC69C80BCE08}C:\users\flipp\appdata\roaming\siytcu\ruawu.exe" = protocol=6 | dir=in | app=c:\users\flipp\appdata\roaming\siytcu\ruawu.exe |
"TCP Query User{83DD15E5-9392-4612-B7ED-14AD8EF36EE6}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{847C6D32-D7DE-445E-932F-6308B39AC4EA}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{858B59BF-31EE-493C-9DDF-449D709D9D8D}C:\programdata\electronic arts\need for speed world\data\nfswo.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfswo.exe |
"TCP Query User{99A46B6B-160C-448E-B3F0-D2EC8B3FD900}C:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{B5A83A8B-DE1C-4FBF-8FFE-A1FDEDAA23E7}E:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |
"TCP Query User{C1D30453-11FA-4AA1-9BEB-23FE79009994}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"TCP Query User{C8B76827-8A60-448D-9405-B965C12CC459}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"TCP Query User{CF6CDF34-183F-4532-8E00-53E5AB6E333D}C:\program files (x86)\atari\tdu2 demo\_uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\_uplauncher.exe |
"TCP Query User{FCFF19A4-E951-4CE4-9C0C-CA38BD6675E8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{113225B7-C27D-46B8-B995-891F8646FDA1}C:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe |
"UDP Query User{1F93ADB8-8F09-4E3C-A0C5-F547717F21BA}C:\program files (x86)\electronic arts\nfs world\data\nfswo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\nfs world\data\nfswo.exe |
"UDP Query User{2D4B5599-4397-4289-8288-FDC28D26D108}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"UDP Query User{41E24003-89E9-4F6D-9FE9-64D7D86345DF}C:\users\flipp\appdata\local\microsoft\windows\temporary internet files\content.ie5\7nfl62sr\tdu2downloader[1].exe" = protocol=17 | dir=in | app=c:\users\flipp\appdata\local\microsoft\windows\temporary internet files\content.ie5\7nfl62sr\tdu2downloader[1].exe |
"UDP Query User{48BCD3A6-A71F-4F89-B473-D33B80F3DA96}C:\users\flipp\appdata\roaming\siytcu\ruawu.exe" = protocol=17 | dir=in | app=c:\users\flipp\appdata\roaming\siytcu\ruawu.exe |
"UDP Query User{4B2FC93D-FACA-417E-BACC-AA397167C36D}C:\program files (x86)\atari\tdu2 demo\uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\uplauncher.exe |
"UDP Query User{5006CC6C-A538-49A3-BB93-F2FB92C9E93B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{58076FA1-6F92-4775-91AF-BE24B47EAE18}C:\program files (x86)\atari\tdu2\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\testdrive2.exe |
"UDP Query User{59EF4499-880C-4D0F-BBCF-F7474D543169}C:\programdata\electronic arts\need for speed world\data\nfswo.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfswo.exe |
"UDP Query User{6A2E42F7-7FE4-4EB5-974C-1DAE70881ECB}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{792AC3CC-A6AD-4E6F-8FF4-6CE018A02184}C:\program files (x86)\atari\tdu2 demo\_uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\_uplauncher.exe |
"UDP Query User{7E69E347-F200-42C5-880C-3F49F8D640AF}C:\program files (x86)\electronic arts\need for speed shift\shift.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed shift\shift.exe |
"UDP Query User{90488EE6-A90B-41C8-970A-45A040B1AC54}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{96DAF15E-0051-40C2-9DD0-2681CD5EEA9F}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{97E3A2CF-4339-4F06-9733-6D6850190234}C:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{A3E8EF9C-B398-47F8-81E0-4A55C2A8DB39}C:\program files (x86)\atari\tdu2 demo\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\testdrive2.exe |
"UDP Query User{AEF772CD-A478-4C27-8AFE-283C9D26C3F7}C:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe |
"UDP Query User{B2A53909-4414-4654-A741-AF086A6BB5B8}C:\program files (x86)\atari\tdu2\_uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\_uplauncher.exe |
"UDP Query User{D098317F-B33F-4B17-B4E3-BFA0F45B30FF}C:\program files (x86)\atari\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2\uplauncher.exe |
"UDP Query User{E1237BC3-9CE9-47BE-97AD-1A290B74821B}C:\program files (x86)\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gadu-gadu 10\gg.exe |
"UDP Query User{E414AF33-E26A-42F3-B03E-CA1F08A929C6}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"UDP Query User{F2A171C9-D533-4B60-838B-1F0A11536F3D}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{FC6C18E2-6536-4ED6-9C9C-0197C6AFBEE2}E:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=e:\epsonnet easyinstall\easyinstall.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.51
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.51
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.51
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.47
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"WinRAR archiver" = WinRAR 4.01 beta 1 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision®
"{5DBCC860-02F1-182F-7528-42B8ED9E4C5C}" = muvee Reveal
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1" = HP Easy Backup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{70C23A2D-11F9-4558-AD73-54BFA6F7E75A}" = Button Manager v1.60
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97099A77-2CD0-4C2C-8931-7F0B73CFE0FA}" = SoftMCE Encoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D3FF6-FFDD-4E4E-B887-4BF378174F04}" = ArcSoft PhotoStudio 6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"EPSON Stylus Office BX600FW_Office TX600FW_SX600FW User’s Guide" = EPSON Stylus Office BX600FW_Office TX600FW_SX600FW Manual
"ERUNT_is1" = ERUNT 1.1j
"Fraps" = Fraps (remove only)
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.26268)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur™
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"ManiaPlanet_is1" = ManiaPlanet
"Movie Player Pro ActiveX Control_is1" = Movie Player Pro ActiveX Control
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"PremElem80" = Adobe Premiere Elements 8.0
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SystemRequirementsLab" = System Requirements Lab
"WinZip Self-Extractor" = WinZip Self-Extractor
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2204173278-169951079-703970126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/08/2011 18:17:40 | Computer Name = FLIPP-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 29/08/2011 18:17:48 | Computer Name = FLIPP-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 29/08/2011 19:00:26 | Computer Name = FLIPP-PC | Source = Application Error | ID = 1000
Description = Faulting application Downloader.exe, version 1.0.0.23, time stamp
0x4d5400f3, faulting module KERNEL32.dll, version 6.0.6002.18449, time stamp 0x4da47a32,
exception code 0xe06d7363, fault offset 0x0001c83b, process id 0xøP øP , application
start time 0xøP øP .

Error - 29/08/2011 19:09:27 | Computer Name = FLIPP-PC | Source = System Restore | ID = 8193
Description =

Error - 30/08/2011 07:24:16 | Computer Name = FLIPP-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/08/2011 12:29:26 | Computer Name = FLIPP-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/08/2011 12:45:21 | Computer Name = FLIPP-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/08/2011 16:12:05 | Computer Name = FLIPP-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 30/08/2011 16:12:05 | Computer Name = FLIPP-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 30/08/2011 16:12:05 | Computer Name = FLIPP-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 30/08/2011 12:42:40 | Computer Name = FLIPP-PC | Source = DCOM | ID = 10010
Description =

Error - 30/08/2011 12:43:25 | Computer Name = FLIPP-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 30/08/2011 12:45:21 | Computer Name = FLIPP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 30/08/2011 12:45:21 | Computer Name = FLIPP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 30/08/2011 12:45:21 | Computer Name = FLIPP-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 30/08/2011 12:45:21 | Computer Name = FLIPP-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 30/08/2011 12:45:21 | Computer Name = FLIPP-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 30/08/2011 12:45:21 | Computer Name = FLIPP-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 30/08/2011 12:45:31 | Computer Name = FLIPP-PC | Source = WMPNetworkSvc | ID = 866312
Description =

Error - 30/08/2011 12:45:32 | Computer Name = FLIPP-PC | Source = WMPNetworkSvc | ID = 866312
Description =


< End of report >

Wayne
  • 0

#48
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Good news, it seems I am now staying logged on in Facebook, and a few other sites, before I was clicking stay logged on, but was being logged off for some reason.

Wayne
  • 0

#49
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
I said that to soon, just got logged out of all those site for some reson, dammed, thought we were making a little more progress, well suppose we are.

Wayne
  • 0

#50
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Yes I am using a Sky Router, not sure where you are from, but Sky are “very” big in the UK

OK, thank you for the clarification and aye I have heard of Sky. As for what else you have posted/mentioned....to be expected as this point.

Anyway I propose is we actually reset your Router and apply a new admin' password and security key if you are using the wireless mode. Follow the tutorials I have listed below, take your time with all OK.

Reset a Sky Broadband router to the default settings

And:-

Change your wireless password (network key)

Reset Vista SP2 Firewall:

Click on Start(Vista Orb) >> Run... and cut/paste in the following and click on OK

firewall.cpl

Or Start(Vista Orb) >> Control Panel >> Windows Firewall

Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK

Now click back on Change Settings again >> General >> and select On(recommended) >> Apply >> OK.

Ensure System Restore is Active:

Right-Click on Computer >> Properties >> System Protection

Now under Available Disks, ensure there is a check-mark against the C Drive, if their isn't do check-mark it >> follow the prompts >> Apply >> OK

Then exit the System Control Panel.

Next:

Please Download HostsXpert and unzip it to your computer, somewhere where you can find it.

The root of the system drive would be a ideal location EG: C:\

Note: Do not use this yet, we will be in due course. It is actually compatible with Vista as used it successfully in the past.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found

:Files
ipconfig /flushdns /c
C:\WINDOWS\system32\drivers\etc\hosts
C:\Users\FLIPP\Documents\Shareaza Downloads

:Commands
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

  • Right-click on HostsXpert.exe and select Run as Administrator to launch the programme.
  • When prompted with:
HOSTS file does not exist, press OK to create HOSTS file, Cancel to quit.
  • Select OK.
  • Check to see if top button on left hand side says Make Writable?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
  • When finished.
    • Click on File Handling button.
    • Click on Make Read Only? to secure it against infection.
  • Exit the programme.
Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform a Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#51
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\FLIPP\Downloads\cmd.bat deleted successfully.
C:\Users\FLIPP\Downloads\cmd.txt deleted successfully.
File move failed. C:\WINDOWS\system32\drivers\etc\hosts scheduled to be moved on reboot.
File\Folder C:\Users\FLIPP\Documents\Shareaza Downloads not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: FLIPP
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FLIPP
->Temp folder emptied: 170867 bytes
->Temporary Internet Files folder emptied: 15940406 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.26.5 log created on 08312011_134629

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\etc\hosts scheduled to be moved on reboot.
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF3317.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF331F.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF33AA.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF33B2.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF654.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF693.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DFB4C.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DFB74C.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DFB7A2.tmp not found!
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C9E6ZIYB\tweet_button[1].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8ZZLK4QE\fastbutton[1].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8ZZLK4QE\login_status[2].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2FPD2P9A\like[1].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2163B998-43D6-4D1A-BFCC-D01D2C517512}.tmp moved successfully.

Registry entries deleted on Reboot...

Problem on HostsXpert.exe, when I did what you said, after I click Restore MS Hosts File to, it’s says error, cannot create file, c\windows\system\32\drive\etc\hosts.

Did other things with router you asked.

The malwear scan found nothing, but could not open the log up, when I clicked on the log, it tried to open up the internet, but could not, and disappears, just like when I just to open my internet shortcut icons on my desktop.

Same old problems, but computer and internet running much faster

Wayne
  • 0

#52
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Problem on HostsXpert.exe, when I did what you said, after I click Restore MS Hosts File to, it’s says error, cannot create file, c\windows\system\32\drive\etc\hosts.

OK lets try a slightly different approach shall we...

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote)to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Host File Replace:

  • Right-click on HostsXpert.exe and select Run as Administrator to launch the programme.
  • Check to see if top button on left hand side says Make Writable?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
  • When finished.
    • Click on File Handling button.
    • Click on Make Read Only? to secure it against infection.
  • Exit the programme.
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...Click on Scan Now

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at :C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Eset Log.

  • 0

#53
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Hi very late here.

All processes killed
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: FLIPP
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FLIPP
->Temp folder emptied: 176963 bytes
->Temporary Internet Files folder emptied: 3538204 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49621 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 26112 bytes

Total Files Cleaned = 4.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.26.5 log created on 09012011_022207

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF70A2.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF70AF.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF710D.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF711A.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF7145.tmp not found!
File\Folder C:\Users\FLIPP\AppData\Local\Temp\~DF7152.tmp not found!
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GPDK6033\ads[2].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GPDK6033\ads[3].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GPDK6033\ads[4].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GPDK6033\page__st__45[1].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AGO7N5AE\ads[2].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AGO7N5AE\ads[3].htm moved successfully.
C:\Users\FLIPP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

Wayne
  • 0

#54
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
On HostsXpert.exe it could not conect to the web site. As we know thats one of the problems I am having with some programs.

Wayne
  • 0

#55
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
With the ESET Online Scanner: it says can not get proxy or somthing.

Tried it again with fire wall off, and it now says; unexpected error, another instance is running. will try this again in sever minites.

It did not ask for any Add-On/Active X to install.

Wayne

Edited by waynegr, 01 September 2011 - 01:25 PM.

  • 0

Advertisements


#56
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Its still saying is proxy configered.

Wayne
  • 0

#57
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

OK leave both the online scan with Eset and HostsXpert for now and we will try something else...

Do you have access to another machine/have a USB type drive so we could download and transfer something to your machine if the need?

Next:

Carry out the below please and attach the requested logs...

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#58
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
Yes I can get somone labtop.

The scan is running, its says 7 hours left, will have to let it run all night, thx again.

Wayne
  • 0

#59
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
OK and you're welcome! :)
  • 0

#60
waynegr

waynegr

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 194 posts
It found nothing, thus dont see any reports.

Did save the full scan report, but that trys to open with internet explorer, but does not open, as of this problem, and tried to open with notebook, but it still would not.

Wayne
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP