I seem to have corrected a great many issues but still can not get access to some online games.
Please advise
OTL logfile created on: 21/06/2013 7:28:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\John Richardson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
3.25 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 71.81% Memory free
7.96 Gb Paging File | 7.11 Gb Available in Paging File | 89.34% Paging File free
Paging file location(s): C:\pagefile.sys 4989 7500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 59.50 Gb Free Space | 20.19% Space Free | Partition Type: NTFS
Drive D: | 630.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: PARENT | User Name: John Richardson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/06/21 19:26:12 | 006,065,712 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe
PRC - [2013/06/21 19:18:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\Desktop\OTL.exe
PRC - [2013/06/19 18:49:19 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/21 00:10:12 | 003,560,832 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2013/03/20 18:52:54 | 019,258,488 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Client\Blizzard Launcher.1974\Blizzard Launcher.exe
PRC - [2012/12/29 13:54:24 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/11/23 04:22:04 | 000,307,712 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2001/10/15 04:42:45 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
========== Modules (No Company Name) ==========
MOD - [2013/06/21 18:06:32 | 002,089,984 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13062103\algo.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/05/16 03:17:35 | 000,974,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b24d7c1afb003e95c6f5d924c56b930c\System.Configuration.ni.dll
MOD - [2013/05/16 03:15:51 | 012,536,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fd283696d695cab0aca331cb9cbbcacd\System.Windows.Forms.ni.dll
MOD - [2013/05/16 03:11:49 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/03/20 18:52:53 | 010,837,504 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Battle.net\Client\Blizzard Launcher.1974\QtWebKit4.dll
MOD - [2013/03/20 18:52:53 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Battle.net\Client\Blizzard Launcher.1974\QtXml4.dll
MOD - [2013/03/20 18:52:52 | 008,173,568 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Battle.net\Client\Blizzard Launcher.1974\QtGui4.dll
MOD - [2013/03/20 18:52:52 | 002,293,248 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Battle.net\Client\Blizzard Launcher.1974\QtCore4.dll
MOD - [2013/03/20 18:52:52 | 000,970,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Battle.net\Client\Blizzard Launcher.1974\QtNetwork4.dll
MOD - [2013/03/20 18:52:52 | 000,285,184 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Battle.net\Client\Blizzard Launcher.1974\imageformats\qtiff4.dll
MOD - [2013/03/20 18:52:52 | 000,266,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Battle.net\Client\Blizzard Launcher.1974\phonon4.dll
MOD - [2013/03/20 18:52:52 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Battle.net\Client\Blizzard Launcher.1974\imageformats\qmng4.dll
MOD - [2013/03/20 18:52:52 | 000,196,608 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Battle.net\Client\Blizzard Launcher.1974\imageformats\qjpeg4.dll
MOD - [2013/03/20 18:52:52 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Battle.net\Client\Blizzard Launcher.1974\imageformats\qico4.dll
MOD - [2013/03/20 18:52:52 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Battle.net\Client\Blizzard Launcher.1974\imageformats\qgif4.dll
MOD - [2013/02/14 04:12:16 | 011,892,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e40fa0e028ce1e45dea4270399281a4a\System.Web.ni.dll
MOD - [2013/02/14 04:11:09 | 001,712,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c784b72df85e3b35b4f8a4054a2e43e1\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/09 09:06:42 | 008,397,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\898552cef448b07502cc2c9e9763c07a\System.ni.dll
MOD - [2013/01/09 09:06:37 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/09 08:59:40 | 001,660,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\14c7539697f628595ed92cd51149db78\System.Drawing.ni.dll
MOD - [2013/01/09 08:59:33 | 005,764,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f2e0f6dacd8c58ef0e1bb788ca4347ee\System.Xml.ni.dll
MOD - [2012/08/23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012/04/03 17:06:14 | 000,565,640 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
MOD - [2011/05/19 20:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll
MOD - [2006/11/05 11:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/18 14:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2013/06/19 18:49:19 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/11 20:59:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 18:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/06 19:28:00 | 003,980,648 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (Beep)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOHNRI~1\LOCALS~1\Temp\aaudstum.sys -- (aaudstum)
DRV - [2013/05/09 04:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 04:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 04:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 04:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/12/29 16:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/11/16 17:04:28 | 007,874,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/09/04 01:54:46 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2012/05/14 02:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2008/01/15 19:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/08/28 21:52:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/01/14 12:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2004/12/03 06:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2004/10/28 06:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080221
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{4352F279-82F3-4FF2-8C18-74793B4E329F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{4889824E-79B2-4D6E-8092-DCD218F66D7A}: "URL" = http://search.zoneal...Id=&ver=&&r=687
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{90D74DB8-5709-4054-911E-52EC8A817CAA}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\SearchScopes\{EDAD97F0-437A-4A6D-820C-6622DF6576FB}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-879840139-2802958703-907680667-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@IObitBar.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Documents and Settings\John Richardson\Application Data\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\John Richardson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/25 09:38:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/12/29 13:54:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/16 07:27:14 | 000,000,000 | ---D | M]
[2012/05/23 22:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Extensions
[2013/05/24 07:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions
[2013/05/24 07:03:45 | 000,269,448 | ---- | M] () (No name found) -- C:\Documents and Settings\John Richardson\Application Data\Mozilla\Firefox\Profiles\zy5758f9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/04/13 08:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/25 09:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/25 09:53:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/25 09:38:04 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/22 12:22:09 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
========== Chrome ==========
O1 HOSTS File: ([2013/06/17 00:43:09 | 000,448,635 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15430 more lines...
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [Akamai NetSession Interface] C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\John Richardson\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: microsoft.com ([windowsupdate] http in Local intranet)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: worldoftanks.com ([]http in Local intranet)
O15 - HKU\S-1-5-21-879840139-2802958703-907680667-1005\..Trusted Domains: worldoftanks.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1348353807734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1333671003155 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD334E44-7F06-497C-A727-0B7C2627C830}: DhcpNameServer = 64.71.255.204 64.71.255.198
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 - No CLSID value found
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/09/28 17:50:06 | 000,000,063 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O34 - HKLM BootExecute: (aswBoot.exe /A:* /A:C: /A:*STARTUP-SHORT /A:*STARTUP /L:1033 /heur:100 /RA:chest /pup /archives /IA:0 /KBD:2 /dir:C:\Program)
O34 - HKLM BootExecute: (a)
O34 - HKLM BootExecute: (:1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-879840139-2802958703-907680667-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/21 19:18:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\Desktop\OTL.exe
[2013/06/21 19:04:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2013/06/21 19:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2013/06/21 18:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/06/21 18:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013/06/21 18:58:49 | 000,000,000 | ---D | C] -- C:\AMD
[2013/06/21 18:40:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John Richardson\Recent
[2013/06/20 20:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/19 19:10:26 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2013/06/19 18:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/06/19 18:34:28 | 000,792,704 | ---- | C] (AMD) -- C:\Documents and Settings\John Richardson\Desktop\amddriverdownloader(1).exe
[2013/06/14 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/06/12 20:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/06/12 20:36:21 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013/05/25 13:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Richardson\Start Menu\Programs\Neverwinter
[2013/05/25 09:38:13 | 000,021,576 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/06/21 19:18:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Richardson\Desktop\OTL.exe
[2013/06/21 19:16:03 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\SpeedFan.lnk
[2013/06/21 19:16:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2013/06/21 19:06:45 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/06/21 19:04:49 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/21 19:04:44 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/21 19:03:59 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/06/21 19:03:48 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/21 19:03:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/06/21 19:03:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/21 19:03:30 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/21 19:03:30 | 000,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/21 18:59:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/21 18:59:02 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/21 18:43:41 | 000,008,992 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/21 18:29:36 | 000,000,396 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/06/20 20:48:15 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
[2013/06/19 23:05:12 | 000,000,918 | ---- | M] () -- C:\WINDOWS\DCEBOOT.RST
[2013/06/19 23:03:49 | 000,022,064 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2013/06/19 22:30:10 | 000,694,203 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\census.cache
[2013/06/19 22:29:35 | 000,236,975 | ---- | M] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\ars.cache
[2013/06/19 18:34:30 | 000,792,704 | ---- | M] (AMD) -- C:\Documents and Settings\John Richardson\Desktop\amddriverdownloader(1).exe
[2013/06/19 07:16:52 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/06/17 00:43:38 | 000,000,360 | RHS- | M] () -- C:\boot.ini
[2013/06/17 00:43:09 | 000,448,635 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/14 18:37:28 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/06/14 18:36:20 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/06/12 20:39:20 | 000,447,019 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130617-004309.backup
[2013/06/12 20:37:47 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/06/12 20:36:40 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/06/12 20:27:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/06/12 07:20:00 | 000,446,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130612-203920.backup
[2013/06/11 02:03:03 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013/06/08 22:51:54 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\adwcleaner.exe
[2013/06/05 07:24:32 | 000,446,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130612-072000.backup
[2013/06/05 07:22:58 | 000,446,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130605-072432.backup
[2013/06/05 07:21:38 | 000,446,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130605-072258.backup
[2013/06/05 07:19:16 | 000,446,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130605-072138.backup
[2013/06/04 07:50:42 | 000,446,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130605-071916.backup
[2013/05/29 07:19:36 | 000,446,422 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130604-075042.backup
[2013/05/25 13:24:58 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\John Richardson\Desktop\Neverwinter.lnk
[2013/05/25 09:53:12 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\John Richardson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/05/25 09:53:12 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/06/21 19:00:02 | 000,246,000 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2013/06/21 18:51:01 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/19 23:05:12 | 000,000,918 | ---- | C] () -- C:\WINDOWS\DCEBOOT.RST
[2013/06/19 23:03:39 | 000,022,064 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2013/06/14 18:36:20 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/06/12 20:37:42 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/06/12 20:37:41 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/06/12 20:37:39 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/06/12 20:36:41 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/06/12 20:36:40 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/06/08 22:51:51 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\adwcleaner.exe
[2013/05/25 13:24:58 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\John Richardson\Desktop\Neverwinter.lnk
[2013/03/21 00:10:18 | 000,042,880 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2013/03/18 16:50:00 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/18 16:50:00 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/02/14 04:32:34 | 000,201,806 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-879840139-2802958703-907680667-1005-0.dat
[2013/01/21 18:55:29 | 000,000,396 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/01/12 09:23:46 | 000,201,806 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/09 22:31:15 | 000,124,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/04 20:29:31 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.rhk
[2012/12/24 16:46:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/06/03 11:44:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/25 19:04:09 | 010,223,616 | ---- | C] () -- C:\Documents and Settings\John Richardson\NTUSER.bak
[2012/05/23 22:26:32 | 000,034,814 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\dt.dat
[2012/04/09 18:17:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/26 01:00:10 | 000,694,203 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\census.cache
[2011/10/26 00:59:53 | 000,236,975 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\ars.cache
[2011/10/25 23:25:51 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\housecall.guid.cache
[2011/03/13 11:38:17 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\John Richardson\test
[2008/04/26 12:38:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Richardson\Application Data\wklnhst.dat
[2008/03/06 23:08:23 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/25 20:02:55 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\John Richardson\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/09/19 20:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2012/05/24 21:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\wargaming.net
[2013/01/04 20:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wise Registry Cleaner
[2012/10/16 19:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/21 19:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2013/02/23 18:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/05/23 21:11:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/07 00:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curse Client
[2011/06/05 18:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/10/29 19:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2011/01/04 19:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2012/02/10 08:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/04/11 18:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2012/05/24 21:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/05 18:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2012/09/18 20:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/04/03 18:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/12/29 13:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/04/05 07:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/06/05 17:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IObit
[2008/12/27 18:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Acreon
[2012/05/26 09:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG
[2012/05/23 21:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\AVG2012
[2012/11/03 20:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Bioshock
[2011/05/30 19:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\BugTrap Console Test108
[2008/03/01 15:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Canon
[2013/06/08 22:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\CheckPoint
[2012/12/24 17:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Cobra Mobile
[2012/06/03 13:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Downloaded Installations
[2010/03/28 14:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\FOG Downloader
[2011/08/20 12:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\IGG
[2012/10/06 12:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\IObit
[2011/03/27 12:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Itibiti
[2011/07/16 20:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Kalypso Media
[2012/04/05 07:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\PCDr
[2012/06/03 13:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\PingPlotter
[2012/12/19 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\raidcall
[2011/03/27 13:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\RegistryKeys
[2012/12/29 13:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\RoboForm
[2013/04/19 19:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Sony Online Entertainment
[2008/04/26 12:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Template
[2011/07/07 21:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Unity
[2011/05/03 21:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\wargaming.net
[2012/06/02 09:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Richardson\Application Data\Wise Registry Cleaner
[2009/02/15 13:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristi Richardson\Application Data\Canon
[2012/04/04 21:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristi Richardson\Application Data\IObit
[2008/05/05 12:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristi Richardson\Application Data\Template
[2009/12/11 11:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\System32\XPSViewer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\SxsCaPendDel:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie8updates:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie8:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB942288-v3$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2839229$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2829361$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2820197$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2761226$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2757638$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2756822$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2753842-v2$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2736233$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2731847$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2727528$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2724197$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2723135$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2719985$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2718704$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2718523$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2709162$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2698365$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2685939$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2661254-v2$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB2655992$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WAR2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\World of Warcraft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Ubisoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Sun:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\SpywareBlaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\SpeedFan:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Sony Online Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Siber Systems:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Reference Assemblies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Railroad Tycoon 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\RaidCall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\QuickTax 2007:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\PingPlotter Standard:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Origin Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\NOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\MSECache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\MSBuild:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Mozilla Maintenance Service:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Mozilla Firefox:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Microsoft.NET:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\IObit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\FreeApps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Firaxis Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\FileHippo.com:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\File Type Assistant:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\ESET:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\EA SPORTS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\Intuit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Common Files\AnswerWorks 4.0:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\ATI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\ATI Technologies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\NetmarbleGlobal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\ie-spyad_zo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Download:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.010\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.009\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.008\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.007\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.006\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.005\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.004\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.003\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.002\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.001\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\TEMP.PARENT.000\Application Data\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\SACore:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\McAfee:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\Macromedia:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\LocalService\Application Data\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kristi Richardson\Application Data\IObit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kristi Richardson\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kristi Richardson\Application Data\Canon:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\SpeedFan:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\RaidCall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\Neverwinter:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\FreeApps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Start Menu\Programs\Administrative Tools:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\PrivacIE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\SH3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\QuickTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\ProcAlyzer Dumps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\My Avast EasyPass Data:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\KOEI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\My Documents\democracy2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Temp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Sun:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\PCHealth:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Electronic Arts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Dell:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Blizzard Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\IECompatCache:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\ZonedOut:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\Runes_of_Magic_2.1.6.2049:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\New Hampshire Trip 2011:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Desktop\Adobe Reader 9 Installer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Sony Online Entertainment:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\RegistryKeys:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\raidcall:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\PingPlotter:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Itibiti:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\FOG Downloader:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Downloaded Installations:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\CheckPoint:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John Richardson\Application Data\Acreon:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Default User\Application Data\Macromedia:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Ventrilo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\StarCraft II:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Railroad Tycoon 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\QuickTax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\NetmarbleGlobal:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Firaxis Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\DivX:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Diablo III:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\avast! EasyPass:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Desktop\CC Support:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\RoboForm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Origin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\NOS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Mozilla:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\MFAData:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Licenses:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Intuit Canada:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\FreeApp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Common Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\CheckPoint:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Blizzard:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Application Data\Battle.net:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Config.Msi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\b90c13be94acef04c636:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\AMD:Roxio EMC Stream
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
OTL Extras logfile created on: 21/06/2013 7:28:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\John Richardson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
3.25 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 71.81% Memory free
7.96 Gb Paging File | 7.11 Gb Available in Paging File | 89.34% Paging File free
Paging file location(s): C:\pagefile.sys 4989 7500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 59.50 Gb Free Space | 20.19% Space Free | Partition Type: NTFS
Drive D: | 630.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: PARENT | User Name: John Richardson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"58199:TCP" = 58199:TCP:*:Enabled:Pando Media Booster
"58199:UDP" = 58199:UDP:*:Enabled:Pando Media Booster
"59153:TCP" = 59153:TCP:*:Enabled:Pando Media Booster
"59153:UDP" = 59153:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58199:TCP" = 58199:TCP:*:Enabled:Pando Media Booster
"58199:UDP" = 58199:UDP:*:Enabled:Pando Media Booster
"59153:TCP" = 59153:TCP:*:Enabled:Pando Media Booster
"59153:UDP" = 59153:UDP:*:Enabled:Pando Media Booster
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe" = C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\EA SPORTS\Madden NFL 07\Updater.exe" = C:\Program Files\EA SPORTS\Madden NFL 07\Updater.exe:*:Enabled:Updater
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Steam\SteamApps\common\amd driver updater, xp, 32 bit\Setup.exe" = C:\Program Files\Steam\SteamApps\common\amd driver updater, xp, 32 bit\Setup.exe:*:Enabled:AMD Driver Updater, XP, 32 bit -- (Advanced Micro Devices, Inc.)
"C:\NetmarbleGlobal\MarbleStation\nmgDownloader\nmgDownload.exe" = C:\NetmarbleGlobal\MarbleStation\nmgDownloader\nmgDownload.exe:*:Enabled:nmgDownLoad -- ()
"C:\Program Files\Steam\SteamApps\common\FEAR2\FEAR2.exe" = C:\Program Files\Steam\SteamApps\common\FEAR2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin -- (Monolith Productions, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\John Richardson\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc.)
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1363\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1363\Agent.exe:*:Enabled:Battle.net Update Agent
"C:\Program Files\Diablo III\Diablo III.exe" = C:\Program Files\Diablo III\Diablo III.exe:*:Enabled:Diablo III -- (Blizzard Entertainment)
"C:\Program Files\Steam\SteamApps\common\king's bounty - the legend\kb.exe" = C:\Program Files\Steam\SteamApps\common\king's bounty - the legend\kb.exe:*:Enabled:King's Bounty: The Legend -- ()
"C:\Program Files\Steam\SteamApps\common\king's bounty - the legend\save_fixer.exe" = C:\Program Files\Steam\SteamApps\common\king's bounty - the legend\save_fixer.exe:*:Enabled:King's Bounty: The Legend -- ()
"C:\Program Files\Steam\SteamApps\common\kings bounty armored princess\kb.exe" = C:\Program Files\Steam\SteamApps\common\kings bounty armored princess\kb.exe:*:Enabled:King's Bounty: Armored Princess -- ()
"C:\Program Files\Steam\SteamApps\common\kings bounty crossworlds\kb.exe" = C:\Program Files\Steam\SteamApps\common\kings bounty crossworlds\kb.exe:*:Enabled:King's Bounty: Crossworlds -- ()
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe:*:Enabled:Battle.net Update Agent
"C:\Program Files\Steam\SteamApps\common\dungeon siege iii\Dungeon Siege III.exe" = C:\Program Files\Steam\SteamApps\common\dungeon siege iii\Dungeon Siege III.exe:*:Enabled:Dungeon Siege III -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Steam\SteamApps\common\Carrier Command Gaea Mission demo\carrier_demo.exe" = C:\Program Files\Steam\SteamApps\common\Carrier Command Gaea Mission demo\carrier_demo.exe:*:Enabled:Carrier Command: Gaea Mission Demo -- (Bohemia Interactive)
"C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe" = C:\Documents and Settings\John Richardson\Local Settings\Apps\2.0\RCMH2E3C.XKX\N6C0O9YD.PBO\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"C:\Program Files\Steam\SteamApps\common\Mafia II\pc\mafia2.exe" = C:\Program Files\Steam\SteamApps\common\Mafia II\pc\mafia2.exe:*:Enabled:Mafia II -- (2K Czech)
"C:\Games\World_of_Tanks\WorldOfTanks.exe" = C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks -- (Wargaming.net)
"C:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe" = C:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Cryptic Studios\Star Trek Online\Live\GameClient.exe" = C:\Program Files\Cryptic Studios\Star Trek Online\Live\GameClient.exe:*:Enabled:GameClient -- ()
"C:\Program Files\File Type Assistant\TSAssist.exe" = C:\Program Files\File Type Assistant\TSAssist.exe:*:Enabled:ProgramUpdateCheck -- (Trusted Software ApS)
"C:\Program Files\Wing Commander Saga Prologue\wcsaga.exe" = C:\Program Files\Wing Commander Saga Prologue\wcsaga.exe:*:Enabled:FreeSpace -- (Volition Inc.)
"C:\Program Files\Cryptic Studios\Neverwinter\Live\GameClient.exe" = C:\Program Files\Cryptic Studios\Neverwinter\Live\GameClient.exe:*:Enabled:GameClient -- ()
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0483D29D-A3B6-178F-6ED1-46EFBB780317}" = Catalyst Control Center
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10721C8A-8288-98DC-5322-6561C1FBCEFD}" = CCC Help Chinese Standard
"{12270803-2287-60C7-F010-73A35969FA9D}" = ccc-utility
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{1E71BCE7-5A58-BC8A-791F-7505851E0F77}" = CCC Help Finnish
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2E2E3707-873D-69AE-F7CD-ABDF2A8ADC7C}" = CCC Help Japanese
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DDE5D5A-E667-349B-3D67-EC46F4559CA2}" = CCC Help Thai
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4250CCCA-E916-2A8D-1728-0059007732A9}" = CCC Help Russian
"{428D44EE-A9C7-8FB7-7825-07D95B147541}" = CCC Help Spanish
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4DAE1F80-ECD3-3F50-2D03-3061061DBCA5}" = CCC Help Korean
"{4FBC7CC9-BF92-6E6C-09EA-AEA5F6A0D4AF}" = CCC Help Czech
"{4FDC50F6-1FA2-D82D-5FF7-AF014AF3DA55}" = CCC Help English
"{5375EB06-E8E0-B2E8-E1B5-4EDC5D0A0DC0}" = CCC Help Swedish
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{677E934A-07CD-AA1A-2D16-BE2FA04F2955}" = CCC Help English
"{67D9647A-6211-0EE0-38C1-20696FC45BA7}" = CCC Help Norwegian
"{6895B14D-FE34-502A-CF35-4BD7573F65B4}" = Catalyst Control Center InstallProxy
"{68F134EB-52E5-45CB-93D3-CE2A341004D0}" = Microsoft Project 2010 SDK [EN-US]
"{69E8BEA4-6E98-68CA-8C1A-8448DB9F4AD6}" = CCC Help Turkish
"{6A993CF8-9F86-59D0-89CD-C720B4C53086}" = CCC Help Italian
"{6ACE51D9-0C91-FF14-93B7-235D6E8BD4DC}" = CCC Help Hungarian
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7E6C16AE-58EC-F03C-1E22-C13AF3824808}" = CCC Help Portuguese
"{836F070A-0E66-4597-5129-4EA44F54576F}" = CCC Help Danish
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8921E7CF-F47B-781E-E7AA-653E2AB2FD5B}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate II - Shadows of Amn
"{91E9B920-0BA0-8020-496A-622AF456337F}" = AMD Catalyst Install Manager
"{93F6FB3E-5134-B63B-0771-D5B928EA4AD9}" = Catalyst Control Center Localization All
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9534FAC9-E04C-4B5A-871C-A52A783986DB}" = Netmarble Launcher
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD43D69-2E42-0526-D65B-6C6B8FA6A2F6}" = Catalyst Control Center Graphics Previews Common
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A477AB54-7C38-A981-9820-551B8A8E216C}" = CCC Help German
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9308032-8E26-12DC-8D1C-52DB78753660}" = CCC Help Chinese Traditional
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B737CA01-BC17-6F51-FEDD-84FDCA78B13B}" = ccc-utility
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BC538EFE-A1CF-40A5-A6FE-36DDE76FA9E0}" = PingPlotter Standard 3.40.1s
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D98C9637-93DA-44DB-B73A-B11A1192AB26}" = GameShadow
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E48F2277-3BA3-A179-F0B5-37DE6BD9390B}" = CCC Help Polish
"{EA5D6A8A-56FD-3732-AECF-5A4876A0B93A}" = CCC Help Greek
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F4521DC3-AED8-AEB6-9823-B90FB5AAF4B6}" = CCC Help Dutch
"{FA03C438-AA0B-409C-B90D-93C3CEB42859}" = Wing Commander Saga Prologue
"{FCC1A1DB-F3BC-3CAF-FCB1-B191167BAEA4}" = CCC Help French
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = avast! EasyPass
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"Blueline_is1" = Blueline 1.1.1
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Download Manager" = Download Manager 2.3.6
"DPP" = Canon Utilities Digital Photo Professional 3.0
"DungeonSiege2" = Dungeon Siege 2
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"FreeApp v1" = FreeApps
"Game Booster_is1" = Game Booster
"HijackThis" = HijackThis 2.0.2
"hp deskjet 656c series" = hp deskjet 656c series (Remove only)
"hp deskjet 656c series_Driver" = hp deskjet 656c series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neverwinter" = Neverwinter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ODSK" = Canon Utilities Original Data Security Tools
"OpenAL" = OpenAL
"Origin" = Origin
"PC-Doctor for Windows" = Dell Support Center
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Network Connections Drivers
"Protected Folder_is1" = Protected Folder
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SearchAssist" = SearchAssist
"Sexy Lingerie Catalog_is1" = Electronic Database v. 2.0
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Smart Defrag_is1" = Smart Defrag
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SpywareGuard_is1" = SpywareGuard v2.2
"Star Trek Online" = Star Trek Online
"StarCraft II" = StarCraft II
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 222700" = Carrier Command: Gaea Mission Demo
"Steam App 25900" = King's Bounty: The Legend
"Steam App 3170" = King's Bounty: Armored Princess
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 39160" = Dungeon Siege III
"Steam App 50130" = Mafia II
"Steam App 63910" = King's Bounty: Crossworlds
"Steam App 8930" = Sid Meier's Civilization V
"Trusted Software Assistant_is1" = File Type Assistant
"WFTK" = Canon Utilities WFT-E1/E2 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.63
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-879840139-2802958703-907680667-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"NetAssistant" = NetAssistant for Firefox
"soe-PlanetSide 2" = PlanetSide 2
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14/02/2013 4:03:21 AM | Computer Name = PARENT | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET_2.0.50727
(ASP.NET_2.0.50727) failed. The Error code is the first DWORD in Data section.
Error - 14/02/2013 4:03:23 AM | Computer Name = PARENT | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 17766, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.
Error - 19/03/2013 5:27:09 PM | Computer Name = PARENT | Source = WmiAdapter | ID = 4099
Description = Open of service failed.
Error - 06/04/2013 2:40:20 PM | Computer Name = PARENT | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: PARENT\John Richardson Checkpoint ID: 1 Error Code: 0x80070005
Error
description: Access is denied.
Error - 06/04/2013 2:40:20 PM | Computer Name = PARENT | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: PARENT\John Richardson Checkpoint ID: 1 Error Code: 0x8000ffff
Error
description: Catastrophic failure
Error - 16/05/2013 3:32:17 AM | Computer Name = PARENT | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 12/06/2013 1:52:18 AM | Computer Name = PARENT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.
Error - 19/06/2013 7:06:17 PM | Computer Name = PARENT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: -2147483576. This error code indicates the cause of the error.
Error - 20/06/2013 7:24:20 AM | Computer Name = PARENT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: -2147483576. This error code indicates the cause of the error.
Error - 20/06/2013 7:34:41 AM | Computer Name = PARENT | Source = Microsoft Fax | ID = 32045
Description = Fax Service failed to initialize because it could not initialize the
TAPI devices. Verify that the fax modem was installed and configured correctly. Win32
error code: -2147483576. This error code indicates the cause of the error.
[ System Events ]
Error - 21/06/2013 6:43:44 PM | Computer Name = PARENT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep
Error - 21/06/2013 6:52:09 PM | Computer Name = PARENT | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126
Error - 21/06/2013 6:52:09 PM | Computer Name = PARENT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.
Error - 21/06/2013 6:52:09 PM | Computer Name = PARENT | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053
Error - 21/06/2013 6:52:09 PM | Computer Name = PARENT | Source = Service Control Manager | ID = 7000
Description = The SupportSoft Sprocket Service (dellsupportcenter) service failed
to start due to the following error: %%2
Error - 21/06/2013 7:04:41 PM | Computer Name = PARENT | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126
Error - 21/06/2013 7:04:41 PM | Computer Name = PARENT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.
Error - 21/06/2013 7:04:41 PM | Computer Name = PARENT | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053
Error - 21/06/2013 7:04:41 PM | Computer Name = PARENT | Source = Service Control Manager | ID = 7000
Description = The SupportSoft Sprocket Service (dellsupportcenter) service failed
to start due to the following error: %%2
Error - 21/06/2013 7:04:41 PM | Computer Name = PARENT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep
< End of report >
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\28\60f210dc-48ba4a71 multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\4\4316fb04-6e958830 multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\45\3c2de5ed-636855c9 multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\John Richardson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\5\72912385-55341822 Java/Exploit.Agent.NQR trojan cleaned by deleting - quarantined
C:\Documents and Settings\John Richardson\My Documents\Downloads\FreeFileViewer2011Setup.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined
C:\Documents and Settings\John Richardson\My Documents\Downloads\gamebooster(2).exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Documents and Settings\John Richardson\My Documents\Downloads\prologue_setup.exe.exe a variant of Win32/DownloadSponsor.A application cleaned by deleting - quarantined
C:\Documents and Settings\Kristi Richardson\Desktop\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application cleaned by deleting - quarantined
C:\Program Files\FreeApps\FreeApps.exe probably a variant of Win32/FreeNew application cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-879840139-2802958703-907680667-1005\Dc9.exe a variant of Win32/ELEX application cleaned by deleting - quarantined