Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BloockUTubeAd 3.2 removal


  • This topic is locked This topic is locked
6 replies to this topic

#1 fromage12345

fromage12345

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 13 March 2014 - 01:02 PM

I have this and Conduit search somehow installed on my computer, ive deleted the file for the BloockUTubeAd from the control panel but i cannot do it for Conduit- it says i do not have administration rights. however the BloockUTubeAd is still listed as installed on chrome and ads keep appearing on my webpages so it has not been removed from chrome at least. ive tried searching how to get rid of these adware but the methods use either dont work or they use an adware removing program which requires purchase to clean the files, and my installed anti-virus software cant detect these adware. 

 

Is there a way for me to remove these programs without the purchase of software or doing it manually? 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:31 PM

Posted 13 March 2014 - 01:30 PM

:welcome:

Hello fromage12345,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 fromage12345

fromage12345
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 13 March 2014 - 01:57 PM

 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
Virgin Media Security           
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#4 fromage12345

fromage12345
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 13 March 2014 - 02:15 PM

OTL logfile created on: 13/03/2014 18:58:13 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*USER*\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

7.69 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 80.41% Memory free

15.39 Gb Paging File | 13.84 Gb Available in Paging File | 89.95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 924.86 Gb Total Space | 797.05 Gb Free Space | 86.18% Space Free | Partition Type: NTFS

 

Computer Name: ZOOSTROM | User Name: *USER* | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\*USER*\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)

PRC - C:\Users\*USER*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe (Sony Computer Entertainment Inc.)

PRC - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)

PRC - C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.41.60198\RpsSecurityAwareR.exe (Virgin Media)

PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Users\*USER*\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()

MOD - C:\Users\*USER*\AppData\Roaming\Dropbox\bin\libcef.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found

SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (f1f78e38) -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)

SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Radialpoint Security Services) -- C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.41.60198\RpsSecurityAwareR.exe (Virgin Media)

SRV - (ServicepointService) -- C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (inpoutx64) -- C:\Windows\SysNative\drivers\inpoutx64.sys (Highresolution Enterprises [www.highrez.co.uk])

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)

DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)

DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)

DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)

DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)

DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)

DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)

DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)

DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)

DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (AMDCIR64) -- C:\Windows\SysNative\drivers\AMDCIR64.sys (Advanced Micro Devices)

DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\drivers\tmwfp.sys (Trend Micro Inc.)

DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\drivers\tmlwf.sys (Trend Micro Inc.)

DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)

DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)

DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)

DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)

DRV:64bit: - (ioatdma2) -- C:\Windows\SysNative\drivers\qd262x64.sys (Intel Corporation)

DRV:64bit: - (ioatdma1) -- C:\Windows\SysNative\drivers\qd162x64.sys (Intel Corporation)

DRV:64bit: - (ioatdma) -- C:\Windows\SysNative\drivers\ioatdma.sys (Intel Corporation)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtCzz0B0D0D0FtAtCtAtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1849171298&ir=

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtCzz0B0D0D0FtAtCtAtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1849171298&ir=

IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtCzz0B0D0D0FtAtCtAtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1849171298&ir=

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easylifeapp.com/?q={searchTerms}&pid=887&src=ie2&r=2013/08/25&hid=917684503&lg=EN&cc=GB

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtCzz0B0D0D0FtAtCtAtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1849171298&ir=

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easylifeapp.com/?q={searchTerms}&pid=887&src=ie2&r=2013/08/25&hid=917684503&lg=EN&cc=GB

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtCzz0B0D0D0FtAtCtAtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1849171298&ir=

IE - HKCU\..\SearchScopes\{67682131-3C43-4A5B-A371-7ADFA410688F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=8E63051A-0E99-4472-9D71-8D9996C3DBDD&apn_sauid=4E80BCB5-B50C-4B9C-A0F1-53A15A641119

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\\Program Files\\Trend Micro\\Titanium\\UIFramework\\Toolbar\\firefoxextension\\components\\npToolbarChrome.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\*USER*\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\*USER*\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\firefoxextension\ [2012/10/20 14:56:23 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (saafee saeve) - {070320E9-B282-2AF6-64CC-9832C8499BF6} - C:\ProgramData\saafee saeve\521a2076b37e8.dll ()

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found

O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe ()

O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

O4 - HKLM..\Run: [Virgin Media Security] C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.41.60198\RPS.exe (Virgin Media)

O4 - HKCU..\Run: [NextLive] C:\Users\*USER*\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)

O4 - HKCU..\Run: [SearchProtect] C:\Users\*USER*\AppData\Roaming\SearchProtect\bin\cltmng.exe ()

O4 - HKCU..\Run: [Voobly]  File not found

O4 - Startup: C:\Users\*USER*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*USER*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1253CA0F-3D8E-4417-9B96-2C7DD9BDB661}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\WinSpeed\WINSPE~1.DLL) - C:\ProgramData\WinSpeed\WinSpeed_x64.dll ()

O20 - AppInit_DLLs: (c:\progra~3\winspeed\winspeed.dll) - c:\ProgramData\WinSpeed\WinSpeed.dll ()

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2014/03/13 17:06:35 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/03/13 17:48:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2014/03/13 17:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2014/03/13 17:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2014/03/13 16:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewwSaver

[2014/03/13 16:53:34 | 000,000,000 | ---D | C] -- C:\Users\*USER*\AppData\Roaming\Malwarebytes

[2014/03/13 16:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/03/13 16:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BloockUTubeAd

[2014/03/12 12:51:46 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wer.dll

[2014/03/12 12:51:46 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wer.dll

[2014/03/12 12:51:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll

[2014/03/12 12:51:44 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll

[2014/03/12 12:51:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll

[2014/03/12 12:51:43 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2014/03/12 12:51:43 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2014/03/12 12:51:43 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll

[2014/03/12 12:51:43 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2014/03/12 12:51:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll

[2014/03/12 12:51:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll

[2014/03/12 12:51:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll

[2014/03/12 12:51:42 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2014/03/12 12:51:42 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe

[2014/03/12 12:51:42 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll

[2014/03/12 12:51:41 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll

[2014/03/12 12:51:41 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2014/03/12 12:51:41 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll

[2014/03/12 12:51:41 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2014/03/12 12:51:41 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe

[2014/03/12 12:51:40 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2014/03/12 12:51:40 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll

[2014/03/12 12:51:40 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll

[2014/03/12 12:51:40 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2014/03/12 12:51:39 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe

[2014/03/12 12:51:39 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll

[2014/03/12 12:51:28 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll

[2014/03/12 12:51:28 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll

[2014/03/12 12:51:27 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll

[2014/02/27 17:02:15 | 000,000,000 | ---D | C] -- C:\Users\*USER*\AppData\Local\Packages

[2014/02/27 17:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NewwSaver

[2014/02/12 17:54:17 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

[2014/02/12 12:56:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll

[2014/02/12 12:56:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll

[2014/02/12 12:56:26 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_isv.exe

[2014/02/12 12:56:26 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate.exe

[2014/02/12 12:56:25 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_isv.exe

[2014/02/12 12:56:25 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate.exe

[2014/02/12 12:56:25 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_ssp_isv.exe

[2014/02/12 12:56:24 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_ssp.exe

[2014/02/12 12:56:24 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_ssp_isv.exe

[2014/02/12 12:56:24 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_ssp.exe

[2014/02/12 12:56:23 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdrm.dll

[2014/02/12 12:56:23 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc.dll

[2014/02/12 12:56:23 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_isv.dll

[2014/02/12 12:56:23 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_isv.dll

[2014/02/12 12:56:22 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc.dll

[2014/02/12 12:56:22 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_ssp_isv.dll

[2014/02/12 12:56:22 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_ssp.dll

[2014/02/12 12:56:22 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_ssp_isv.dll

[2014/02/12 12:56:22 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_ssp.dll

[2014/02/12 12:56:17 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll

[2014/02/12 12:56:16 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/03/13 18:50:12 | 000,000,024 | ---- | M] () -- C:\Users\*USER*\random.dat

[2014/03/13 18:50:09 | 000,000,024 | ---- | M] () -- C:\Users\*USER*\jagexappletviewer.preferences

[2014/03/13 18:28:17 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/03/13 18:28:17 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/03/13 18:24:31 | 000,000,051 | ---- | M] () -- C:\Users\*USER*\jagex_cl_runescape_LIVE.dat

[2014/03/13 18:21:12 | 000,000,906 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/03/13 18:21:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2014/03/13 18:20:56 | 1901,383,679 | -HS- | M] () -- C:\hiberfil.sys

[2014/03/13 18:10:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2014/03/13 17:20:00 | 000,000,910 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/03/13 17:06:35 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2014/03/13 16:35:15 | 000,409,912 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2014/03/12 07:15:35 | 000,811,442 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2014/03/12 07:15:35 | 000,686,832 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2014/03/12 07:15:35 | 000,134,106 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2014/03/08 17:05:59 | 000,000,056 | ---- | M] () -- C:\Users\*USER*\jagex_cl_runescape_LIVE_BETA.dat

[2014/03/08 10:49:03 | 000,000,052 | ---- | M] () -- C:\Users\*USER*\jagex_cl_runescape_LIVE1.dat

[2014/03/01 05:16:26 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll

[2014/03/01 04:52:55 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll

[2014/03/01 04:51:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll

[2014/03/01 04:40:43 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll

[2014/03/01 04:37:12 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2014/03/01 04:33:52 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2014/03/01 04:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe

[2014/03/01 04:32:59 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll

[2014/03/01 04:23:49 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe

[2014/03/01 04:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe

[2014/03/01 04:02:07 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll

[2014/03/01 03:54:33 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2014/03/01 03:52:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll

[2014/03/01 03:51:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll

[2014/03/01 03:43:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll

[2014/03/01 03:42:12 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2014/03/01 03:40:17 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2014/03/01 03:38:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2014/03/01 03:37:35 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll

[2014/03/01 03:35:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2014/03/01 03:16:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll

[2014/03/01 03:00:08 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2014/03/01 02:25:42 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll

[2014/03/01 02:25:22 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll

[2014/02/12 17:55:27 | 000,795,308 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/03/13 17:06:35 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

[2014/01/31 06:59:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2013/12/24 15:22:49 | 000,351,124 | ---- | C] () -- C:\Users\*USER*\AppData\Local\mysearchdial-speeddial.crx

[2013/12/22 11:13:48 | 000,000,024 | ---- | C] () -- C:\Users\*USER*\jagexappletviewer.preferences

[2013/09/08 13:39:00 | 000,054,712 | ---- | C] () -- C:\Users\*USER*\runescape 12month membership.pdf

[2013/03/18 17:11:02 | 000,000,053 | ---- | C] () -- C:\Users\*USER*\jagex_cl_speccollect_LIVE.dat

[2013/03/15 17:15:10 | 000,077,630 | ---- | C] () -- C:\Users\*USER*\RuneScape - MMORPG - The No.pdf

[2013/02/23 17:58:28 | 000,000,051 | ---- | C] () -- C:\Users\*USER*\jagex_cl_oldschool_LIVE.dat

[2012/12/01 14:52:59 | 000,000,100 | ---- | C] () -- C:\Users\*USER*\AppData\Local\fusioncache.dat

[2012/10/28 07:52:39 | 000,000,052 | ---- | C] () -- C:\Users\*USER*\jagex_cl_runescape_LIVE1.dat

[2012/10/26 09:10:34 | 000,000,053 | ---- | C] () -- C:\Users\*USER*\jagex_cl_loginapplet_LIVE.dat

[2012/10/21 15:13:54 | 000,000,056 | ---- | C] () -- C:\Users\*USER*\jagex_cl_runescape_LIVE_BETA.dat

[2012/10/20 15:05:22 | 000,000,051 | ---- | C] () -- C:\Users\*USER*\jagex_cl_runescape_LIVE.dat

[2012/10/20 15:05:22 | 000,000,024 | ---- | C] () -- C:\Users\*USER*\random.dat

[2012/05/29 11:56:15 | 000,795,308 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012/05/28 14:05:07 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2012/05/28 14:04:59 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2012/05/28 14:04:51 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012/05/28 14:04:48 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2012/05/28 14:04:42 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

 

========== ZeroAccess Check ==========

 

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2014/01/24 08:24:02 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Blackboard

[2014/03/13 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Dropbox

[2014/03/13 18:21:30 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\newnext.me

[2014/03/12 14:49:54 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Radialpoint

[2013/01/07 08:06:19 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Research In Motion

[2013/08/21 10:32:05 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\SearchProtect

[2013/12/24 15:27:37 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Systweak

[2013/11/21 18:00:14 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Unity

[2012/10/20 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Virgin Media

[2013/09/07 07:32:28 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Windows Live Writer

[2012/10/20 14:57:00 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\{{userdatapath.company}}

 

========== Purity Check ==========

 

 

 

< End of report >

OTL Extras logfile created on: 13/03/2014 18:58:13 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*USER*\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

7.69 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 80.41% Memory free

15.39 Gb Paging File | 13.84 Gb Available in Paging File | 89.95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 924.86 Gb Total Space | 797.05 Gb Free Space | 86.18% Space Free | Partition Type: NTFS

 

Computer Name: ZOOSTROM | User Name: *USER* | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00BE0AF7-544F-43C4-BC7A-0A0E9662AE52}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{06C45C34-B35C-4BDB-B798-828442486923}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{07ED69C5-204E-4035-BC02-EB1A193D2EC5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{0BAFC00A-4433-4801-A317-94B215427703}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{0F1EA82E-F4D7-4F32-BC9D-B93D40DEE46D}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{171CEB45-D342-491E-9115-7FA33A120E91}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1C330C86-D694-4674-B105-0878C69B3507}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{1E15ED75-A2F1-402C-9E34-02F107083CC2}" = lport=137 | protocol=17 | dir=in | app=system | 

"{343D9537-A52C-4B78-BC24-EBAFB2EBE3BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{3ACCE657-A0A4-4ACD-BB03-03161D473970}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{43E6F9D1-318B-410D-A74A-7D747317E6C6}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 

"{472BFEC0-8390-4411-A22C-FEA5A942691A}" = rport=138 | protocol=17 | dir=out | app=system | 

"{50AED5A4-52AB-4743-A0DA-14A0E252AC20}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{5F049BE6-9E3B-4CC3-9F54-E2DE2782F501}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{6BBF2669-68C0-444D-957E-3102E75719CF}" = lport=445 | protocol=6 | dir=in | app=system | 

"{6E51644C-44FA-48C4-A549-6CAD7572B761}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 

"{7B0B34AF-F48F-459C-B24C-79297282F8DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{7F936C21-1E51-46C0-8EC9-AFB007D9D385}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{81504FA4-4EA0-4D47-BB11-58DED13FB0D9}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 

"{89613CB9-50BC-49D2-A2AF-F6D5754141F9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{AAF233D4-8DD1-46CF-B5F4-74F04F63066F}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 

"{B203C122-58A6-4773-B759-5D1B8DCB790A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{B6B03887-E952-418C-A28B-00BC92D954E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{BF108F06-A015-4938-AC75-F69C8F6709A4}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{C3E8164A-BAF6-4D55-9F1D-E49562A22DC9}" = rport=445 | protocol=6 | dir=out | app=system | 

"{CBA1D417-842A-4158-983C-C965E77E5881}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{D96AC0B1-8697-47B6-97B1-45D0D77DAF3C}" = lport=139 | protocol=6 | dir=in | app=system | 

"{D9EE7EDA-1DAE-46ED-BA16-36B584C1BC75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{DB7CA444-1FEA-44C5-B183-3C57E971A39D}" = lport=138 | protocol=17 | dir=in | app=system | 

"{F181753E-5E2E-4AB9-AE80-702F4A89BB47}" = rport=137 | protocol=17 | dir=out | app=system | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{042EB7FA-BF51-4904-BF7B-0B4B58CB6398}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{0BCEF9AA-9653-4AD9-A8AA-7CB75C808AAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1C171066-D02C-45E5-AB6C-B9B731A88C30}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{22F02513-1009-4C25-9E1A-735F66674F6A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{25C9264A-F9AB-44E3-88F0-8BB1F86A3353}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{288C7E55-5560-457E-B516-86EC8A666FAB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 

"{294FFDEB-0B6D-4A95-B824-0C6EB7553ABA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2AE54D89-C03E-45E9-BE03-841E5A591727}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe | 

"{2BC1F300-89ED-45EF-908F-2682C9F009B2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 

"{2E7DD11D-4109-4ACC-A63F-22110F113DA5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{370EAD4D-70CF-4F9D-8BA2-EDCAC6618CD3}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 

"{3C4CDF14-1BE6-4D7C-9868-C381DC40D577}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{3C884D86-AD66-4A86-A3A6-8E98B81A8318}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 

"{43FA1BB2-C70F-4D95-83D9-08C46FABE549}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 

"{44B773CA-9236-4589-B49B-EAB3D182ECF4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{4B17ACFF-81A3-4111-9365-153D590A930E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 

"{4C8D36AF-90FC-48AA-B7EE-2CAA46E2CCC8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{4D7492E5-25E5-4764-8563-32B22E9D7A4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{50FC0D65-31B7-415A-8731-B7FA01C21405}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{592EF296-FCA0-48A9-902D-C6DD4EA25587}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{5FB33DB3-4C71-42A0-8D50-1BAA328581DA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 

"{61322CCF-085D-4109-B9DD-C543EAF26334}" = protocol=6 | dir=in | app=c:\users\*USER*\appdata\roaming\dropbox\bin\dropbox.exe | 

"{6462E9EA-7F20-4BC2-B4EA-A4167CF8A321}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{6847C3BE-D79F-40A7-A4A9-2718BE0843D0}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe | 

"{696BF5A7-1456-4544-89BD-8E8A8D4155E1}" = protocol=6 | dir=out | app=system | 

"{6E6F6102-5858-41B8-BE45-68B6666841B2}" = protocol=6 | dir=in | app=c:\program files (x86)\virgin media\service manager\servicepointservice.exe | 

"{6FDF822C-FAA1-4F74-879B-67967396F81C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"{70D1D9CE-E4BC-4198-A6DD-95CAC70F4A7B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 

"{78A1E58F-61A1-4FB9-8B03-2F15F890C6A8}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 

"{78F5B60C-1149-4672-8AD8-7AB11AC160CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{7B0FDDB6-9F1A-401A-816E-F9526CF6B12C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 

"{7C750CE4-F450-48D0-87C0-BBD63202157E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"{7E286DF8-C226-4CE4-92AF-38E196AA8406}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{7E342840-97A8-459B-9753-01FA714B46B1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{82877EE8-DE82-4628-8DAB-ADB2DE2CCCFE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{8B335D68-4D73-496D-B3F7-87BAC5A86880}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 

"{8E0A4FC3-06F4-4E9A-A920-75E42BC67E0A}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 

"{97D0D256-50AD-4B81-87AD-EB705E22BBCB}" = protocol=17 | dir=in | app=c:\program files (x86)\virgin media\service manager\servicepointservice.exe | 

"{9BD370AB-6459-41FD-A4DC-C54A6DCA3EDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A0AA9670-780D-48F6-81B6-928E4CB5E46D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{A5341CB0-4235-4F93-8C66-CFB0DB1D392A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{A8702751-E36B-4FA4-AD39-1474285D9981}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 

"{A969494A-3731-4495-8F71-E5196C0B5724}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 

"{AC87D56A-BC77-4403-BEFA-FA3A665B38C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{B0E4A8E5-8259-4CF6-91E3-F3544FD41497}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 

"{B2D8AD77-3F2B-4362-81D7-56CD4B3230B9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 

"{B3F01ABE-D4FE-474E-BEEE-B4FB619BC1BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 

"{B641AF4A-8A1A-4296-8C9C-806F68FD7A9B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{B9852FDD-D409-48CA-A293-00BF0AACFFD7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{BAD4F275-13C7-42BE-8F79-EAC5618D9DB7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 

"{BE33AF11-9FDB-45FC-8649-243AC6F25007}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"{C26AC098-55DD-4488-823F-27239C540A8E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{C38AE1DA-987F-4527-8FB9-18E0CF3FFE9D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C592E4E9-5BF2-49EE-8B73-3705FA259388}" = protocol=17 | dir=in | app=c:\users\*USER*\appdata\roaming\dropbox\bin\dropbox.exe | 

"{C5B97054-FA72-43C5-BBF9-E66DA9316F15}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe | 

"{CCD35FC8-A3AF-4F5E-BB37-0CBAB2E2B1ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{CE478F32-B0C0-4EAC-A231-7EDFC985361B}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 

"{D02BA1E2-070A-4F83-93AC-16E8CEBFEABD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 

"{D8F6F212-67CD-4CE0-ADCB-1A89ECA85606}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{D9478245-BA6B-4BDF-AA4E-1FB44A61A388}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"{DABB7478-DFCB-4D3E-8A87-9023952C22E5}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 

"{DBAA632F-59A3-4FA3-BFA8-A2520C6BFF33}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe | 

"{E16F200B-C3F0-49DD-975A-DCB7C33AA92E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 

"{E5DBB49D-535D-45A7-B64C-6AAC47DCF137}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E8915777-90DE-4519-A78F-84E88607F563}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{EC32CB0C-63D3-44E0-A282-8371730A0F22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{F7FA24C8-CF30-45BD-9696-C1E49846F5CE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{F906E3E7-1F6F-45D9-8750-BC8287E7E152}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 

"{FB36EACF-9AA2-454B-976A-41C4F6154D19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{FBA743F8-9C94-4DB9-84A8-92BE0C35209C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 

"{FBCDCF07-4A74-4C1C-BE49-979AB1BA616D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"TCP Query User{032CAAE0-F9A1-4660-ACED-618BAEBAE3E5}C:\program files (x86)\voobly\voobly.exe" = protocol=6 | dir=in | app=c:\program files (x86)\voobly\voobly.exe | 

"TCP Query User{1FDA16C4-1A46-4B7F-9C9E-6044B2354900}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 

"TCP Query User{34BBFB31-2021-4836-A67A-5626B5636390}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | 

"TCP Query User{3B917BBB-F16C-472E-9D49-13FFDF7BED3C}C:\program files (x86)\voobly\voobly.exe" = protocol=6 | dir=in | app=c:\program files (x86)\voobly\voobly.exe | 

"TCP Query User{59C5CC0D-DFDD-40A2-A9FA-6407AEB86BE0}C:\users\*USER*\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\*USER*\appdata\roaming\dropbox\bin\dropbox.exe | 

"TCP Query User{BCA87C6E-C0D9-49F0-8908-E385CD79EA64}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 

"TCP Query User{E114A783-098C-4B10-AC97-B9BC0C9449E1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 

"TCP Query User{FADCB900-24A2-4C24-8A4A-894FA317BA9C}C:\users\*USER*\documents\vivek\world of warcraft trial\launcher.exe" = protocol=6 | dir=in | app=c:\users\*USER*\documents\vivek\world of warcraft trial\launcher.exe | 

"UDP Query User{1D442992-3E8D-4F80-A671-4710AFE3A4EF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 

"UDP Query User{3EFBBA59-C076-4000-AB20-87A215A91773}C:\program files (x86)\voobly\voobly.exe" = protocol=17 | dir=in | app=c:\program files (x86)\voobly\voobly.exe | 

"UDP Query User{74A55B50-0EEC-4B83-9948-F99F45947107}C:\users\*USER*\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\*USER*\appdata\roaming\dropbox\bin\dropbox.exe | 

"UDP Query User{9825054F-0D60-40AD-BC09-F565C4741FCD}C:\program files (x86)\voobly\voobly.exe" = protocol=17 | dir=in | app=c:\program files (x86)\voobly\voobly.exe | 

"UDP Query User{A709EF8B-5288-49EF-9AC7-3630768CB81D}C:\users\*USER*\documents\vivek\world of warcraft trial\launcher.exe" = protocol=17 | dir=in | app=c:\users\*USER*\documents\vivek\world of warcraft trial\launcher.exe | 

"UDP Query User{ACCE0082-9026-4C5C-B538-B421A7261C78}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 

"UDP Query User{CC6C62A4-FF63-4615-A0EE-A782F26A4122}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | 

"UDP Query User{CF540AAC-4C46-41CE-BC53-B5A4A34E04C0}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety

"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Virgin Media Security

"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Virgin Media Security

"{ACE9FB2A-31A5-4285-9510-43F1636EAB21}" = EasyLife Gadget

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft Security Client" = Microsoft Security Essentials

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{32C46540-7693-49E1-A81E-121B09C8303B}" = Content Manager Assistant for PlayStation®

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support

"{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38}" = WinSpeed

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A866227D-CDBC-4F4B-A9D0-F3CFE81050C3}" = Virgin Media Security

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call

"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}" = RuneScape Launcher 1.2.3

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE95B351-9E7F-40DD-AE62-21A7ED765436}" = Virgin Media Security

"Age of Mythology 1.0" = Age of Mythology

"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion

"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1

"Google Chrome" = Google Chrome

"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"PROPLUS" = Microsoft Office Professional Plus 2007

"RadialpointClientGateway_is1" = Virgin Media Service Manager 4.1.18

"SearchProtect" = Search Protect by conduit

"StarCraft II" = StarCraft II

"Voobly_is1" = Voobly

"WinLiveSuite" = Windows Live Essentials

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"SOE Web Installer" = SOE Web Installer

"UnityWebPlayer" = Unity Web Player

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 24/02/2014 12:43:28 | Computer Name = Zoostrom | Source = WinMgmt | ID = 10

Description = 

 

Error - 24/02/2014 14:19:53 | Computer Name = Zoostrom | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Research

 In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe".  Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 24/02/2014 14:20:00 | Computer Name = Zoostrom | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Common

 Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe".  Dependent Assembly

 Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 25/02/2014 11:54:34 | Computer Name = Zoostrom | Source = WinMgmt | ID = 10

Description = 

 

Error - 26/02/2014 08:54:24 | Computer Name = Zoostrom | Source = WinMgmt | ID = 10

Description = 

 

Error - 27/02/2014 12:43:47 | Computer Name = Zoostrom | Source = WinMgmt | ID = 10

Description = 

 

Error - 27/02/2014 14:40:10 | Computer Name = Zoostrom | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Research

 In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe".  Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 27/02/2014 14:40:18 | Computer Name = Zoostrom | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Common

 Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe".  Dependent Assembly

 Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 28/02/2014 09:24:32 | Computer Name = Zoostrom | Source = WinMgmt | ID = 10

Description = 

 

Error - 01/03/2014 03:07:29 | Computer Name = Zoostrom | Source = WinMgmt | ID = 10

Description = 

 

[ OSession Events ]

Error - 12/03/2013 14:05:27 | Computer Name = Zoostrom | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 12/03/2013 14:07:24 | Computer Name = Zoostrom | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 12/03/2013 14:08:41 | Computer Name = Zoostrom | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7038

Description = The PolicyAgent service was unable to log on as NT Authority\NetworkService

 with the currently configured password due to the following error:   %%1352    To ensure

 that the service is configured properly, use the Services snap-in in Microsoft 

Management Console (MMC).

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7000

Description = The IPsec Policy Agent service failed to start due to the following

 error:   %%1069

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7038

Description = The PolicyAgent service was unable to log on as NT Authority\NetworkService

 with the currently configured password due to the following error:   %%1352    To ensure

 that the service is configured properly, use the Services snap-in in Microsoft 

Management Console (MMC).

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7000

Description = The IPsec Policy Agent service failed to start due to the following

 error:   %%1069

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7038

Description = The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService

 with the currently configured password due to the following error:   %%1352    To ensure

 that the service is configured properly, use the Services snap-in in Microsoft 

Management Console (MMC).

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7000

Description = The WinHTTP Web Proxy Auto-Discovery Service service failed to start

 due to the following error:   %%1069

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7038

Description = The PolicyAgent service was unable to log on as NT Authority\NetworkService

 with the currently configured password due to the following error:   %%1352    To ensure

 that the service is configured properly, use the Services snap-in in Microsoft 

Management Console (MMC).

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7000

Description = The IPsec Policy Agent service failed to start due to the following

 error:   %%1069

 

Error - 13/03/2014 14:13:05 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error: 

  %%1115

 

Error - 13/03/2014 14:13:05 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7023

Description = The Server service terminated with the following error:   %%1062

 

 

< End of report >

OTL logfile created on: 13/03/2014 18:58:13 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*USER*\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

7.69 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 80.41% Memory free

15.39 Gb Paging File | 13.84 Gb Available in Paging File | 89.95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 924.86 Gb Total Space | 797.05 Gb Free Space | 86.18% Space Free | Partition Type: NTFS

 

Computer Name: ZOOSTROM | User Name: *USER* | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


Edited by fromage12345, 13 March 2014 - 02:27 PM.


#5 fromage12345

fromage12345
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 13 March 2014 - 02:29 PM

========== Processes (SafeList) ==========

 

PRC - C:\Users\*USER*\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)

PRC - C:\Users\*USER*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe (Sony Computer Entertainment Inc.)

PRC - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)

PRC - C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.41.60198\RpsSecurityAwareR.exe (Virgin Media)

PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Users\*USER*\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()

MOD - C:\Users\*USER*\AppData\Roaming\Dropbox\bin\libcef.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found

SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (f1f78e38) -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)

SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Radialpoint Security Services) -- C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.41.60198\RpsSecurityAwareR.exe (Virgin Media)

SRV - (ServicepointService) -- C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (inpoutx64) -- C:\Windows\SysNative\drivers\inpoutx64.sys (Highresolution Enterprises [www.highrez.co.uk])

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)

DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)

DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)

DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)

DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)

DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)

DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)

DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)

DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)

DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (AMDCIR64) -- C:\Windows\SysNative\drivers\AMDCIR64.sys (Advanced Micro Devices)

DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\drivers\tmwfp.sys (Trend Micro Inc.)

DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\drivers\tmlwf.sys (Trend Micro Inc.)

DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)

DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)

DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)

DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)

DRV:64bit: - (ioatdma2) -- C:\Windows\SysNative\drivers\qd262x64.sys (Intel Corporation)

DRV:64bit: - (ioatdma1) -- C:\Windows\SysNative\drivers\qd162x64.sys (Intel Corporation)

DRV:64bit: - (ioatdma) -- C:\Windows\SysNative\drivers\ioatdma.sys (Intel Corporation)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtCzz0B0D0D0FtAtCtAtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1849171298&ir=

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtCzz0B0D0D0FtAtCtAtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1849171298&ir=

IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtCzz0B0D0D0FtAtCtAtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1849171298&ir=

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easylifeapp.com/?q={searchTerms}&pid=887&src=ie2&r=2013/08/25&hid=917684503&lg=EN&cc=GB

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtCzz0B0D0D0FtAtCtAtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1849171298&ir=

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easylifeapp.com/?q={searchTerms}&pid=887&src=ie2&r=2013/08/25&hid=917684503&lg=EN&cc=GB

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutAtDzzyD0AzyyEtCzz0B0D0D0FtAtCtAtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1849171298&ir=

IE - HKCU\..\SearchScopes\{67682131-3C43-4A5B-A371-7ADFA410688F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U4&apn_dtid=OSJ000YYUK&apn_uid=8E63051A-0E99-4472-9D71-8D9996C3DBDD&apn_sauid=4E80BCB5-B50C-4B9C-A0F1-53A15A641119

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\\Program Files\\Trend Micro\\Titanium\\UIFramework\\Toolbar\\firefoxextension\\components\\npToolbarChrome.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\*USER*\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\*USER*\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\firefoxextension\ [2012/10/20 14:56:23 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (saafee saeve) - {070320E9-B282-2AF6-64CC-9832C8499BF6} - C:\ProgramData\saafee saeve\521a2076b37e8.dll ()

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found

O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe ()

O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

O4 - HKLM..\Run: [Virgin Media Security] C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.41.60198\RPS.exe (Virgin Media)

O4 - HKCU..\Run: [NextLive] C:\Users\*USER*\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)

O4 - HKCU..\Run: [SearchProtect] C:\Users\*USER*\AppData\Roaming\SearchProtect\bin\cltmng.exe ()

O4 - HKCU..\Run: [Voobly]  File not found

O4 - Startup: C:\Users\*USER*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*USER*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1253CA0F-3D8E-4417-9B96-2C7DD9BDB661}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\WinSpeed\WINSPE~1.DLL) - C:\ProgramData\WinSpeed\WinSpeed_x64.dll ()

O20 - AppInit_DLLs: (c:\progra~3\winspeed\winspeed.dll) - c:\ProgramData\WinSpeed\WinSpeed.dll ()

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2014/03/13 17:06:35 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/03/13 17:48:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2014/03/13 17:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2014/03/13 17:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2014/03/13 16:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewwSaver

[2014/03/13 16:53:34 | 000,000,000 | ---D | C] -- C:\Users\*USER*\AppData\Roaming\Malwarebytes

[2014/03/13 16:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/03/13 16:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BloockUTubeAd

[2014/03/12 12:51:46 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wer.dll

[2014/03/12 12:51:46 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wer.dll

[2014/03/12 12:51:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll

[2014/03/12 12:51:44 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll

[2014/03/12 12:51:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll

[2014/03/12 12:51:43 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2014/03/12 12:51:43 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2014/03/12 12:51:43 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll

[2014/03/12 12:51:43 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2014/03/12 12:51:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll

[2014/03/12 12:51:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll

[2014/03/12 12:51:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll

[2014/03/12 12:51:42 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2014/03/12 12:51:42 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe

[2014/03/12 12:51:42 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll

[2014/03/12 12:51:41 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll

[2014/03/12 12:51:41 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2014/03/12 12:51:41 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll

[2014/03/12 12:51:41 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2014/03/12 12:51:41 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe

[2014/03/12 12:51:40 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2014/03/12 12:51:40 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll

[2014/03/12 12:51:40 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll

[2014/03/12 12:51:40 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2014/03/12 12:51:39 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe

[2014/03/12 12:51:39 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll

[2014/03/12 12:51:28 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll

[2014/03/12 12:51:28 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll

[2014/03/12 12:51:27 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll

[2014/02/27 17:02:15 | 000,000,000 | ---D | C] -- C:\Users\*USER*\AppData\Local\Packages

[2014/02/27 17:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NewwSaver

[2014/02/12 17:54:17 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

[2014/02/12 12:56:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll

[2014/02/12 12:56:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll

[2014/02/12 12:56:26 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_isv.exe

[2014/02/12 12:56:26 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate.exe

[2014/02/12 12:56:25 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_isv.exe

[2014/02/12 12:56:25 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate.exe

[2014/02/12 12:56:25 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_ssp_isv.exe

[2014/02/12 12:56:24 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_ssp.exe

[2014/02/12 12:56:24 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMActivate_ssp_isv.exe

[2014/02/12 12:56:24 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RMActivate_ssp.exe

[2014/02/12 12:56:23 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msdrm.dll

[2014/02/12 12:56:23 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc.dll

[2014/02/12 12:56:23 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_isv.dll

[2014/02/12 12:56:23 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_isv.dll

[2014/02/12 12:56:22 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc.dll

[2014/02/12 12:56:22 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_ssp_isv.dll

[2014/02/12 12:56:22 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secproc_ssp.dll

[2014/02/12 12:56:22 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_ssp_isv.dll

[2014/02/12 12:56:22 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\secproc_ssp.dll

[2014/02/12 12:56:17 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll

[2014/02/12 12:56:16 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/03/13 18:50:12 | 000,000,024 | ---- | M] () -- C:\Users\*USER*\random.dat

[2014/03/13 18:50:09 | 000,000,024 | ---- | M] () -- C:\Users\*USER*\jagexappletviewer.preferences

[2014/03/13 18:28:17 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/03/13 18:28:17 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/03/13 18:24:31 | 000,000,051 | ---- | M] () -- C:\Users\*USER*\jagex_cl_runescape_LIVE.dat

[2014/03/13 18:21:12 | 000,000,906 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/03/13 18:21:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2014/03/13 18:20:56 | 1901,383,679 | -HS- | M] () -- C:\hiberfil.sys

[2014/03/13 18:10:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2014/03/13 17:20:00 | 000,000,910 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/03/13 17:06:35 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2014/03/13 16:35:15 | 000,409,912 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2014/03/12 07:15:35 | 000,811,442 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2014/03/12 07:15:35 | 000,686,832 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2014/03/12 07:15:35 | 000,134,106 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2014/03/08 17:05:59 | 000,000,056 | ---- | M] () -- C:\Users\*USER*\jagex_cl_runescape_LIVE_BETA.dat

[2014/03/08 10:49:03 | 000,000,052 | ---- | M] () -- C:\Users\*USER*\jagex_cl_runescape_LIVE1.dat

[2014/03/01 05:16:26 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll

[2014/03/01 04:52:55 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll

[2014/03/01 04:51:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll

[2014/03/01 04:40:43 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll

[2014/03/01 04:37:12 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2014/03/01 04:33:52 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2014/03/01 04:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe

[2014/03/01 04:32:59 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll

[2014/03/01 04:23:49 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe

[2014/03/01 04:17:43 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe

[2014/03/01 04:02:07 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll

[2014/03/01 03:54:33 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2014/03/01 03:52:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll

[2014/03/01 03:51:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll

[2014/03/01 03:43:28 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll

[2014/03/01 03:42:12 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2014/03/01 03:40:17 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2014/03/01 03:38:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2014/03/01 03:37:35 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll

[2014/03/01 03:35:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2014/03/01 03:16:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll

[2014/03/01 03:00:08 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2014/03/01 02:25:42 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll

[2014/03/01 02:25:22 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll

[2014/02/12 17:55:27 | 000,795,308 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/03/13 17:06:35 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

[2014/01/31 06:59:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2013/12/24 15:22:49 | 000,351,124 | ---- | C] () -- C:\Users\*USER*\AppData\Local\mysearchdial-speeddial.crx

[2013/12/22 11:13:48 | 000,000,024 | ---- | C] () -- C:\Users\*USER*\jagexappletviewer.preferences

[2013/09/08 13:39:00 | 000,054,712 | ---- | C] () -- C:\Users\*USER*\runescape 12month membership.pdf

[2013/03/18 17:11:02 | 000,000,053 | ---- | C] () -- C:\Users\*USER*\jagex_cl_speccollect_LIVE.dat

[2013/03/15 17:15:10 | 000,077,630 | ---- | C] () -- C:\Users\*USER*\RuneScape - MMORPG - The No.pdf

[2013/02/23 17:58:28 | 000,000,051 | ---- | C] () -- C:\Users\*USER*\jagex_cl_oldschool_LIVE.dat

[2012/12/01 14:52:59 | 000,000,100 | ---- | C] () -- C:\Users\*USER*\AppData\Local\fusioncache.dat

[2012/10/28 07:52:39 | 000,000,052 | ---- | C] () -- C:\Users\*USER*\jagex_cl_runescape_LIVE1.dat

[2012/10/26 09:10:34 | 000,000,053 | ---- | C] () -- C:\Users\*USER*\jagex_cl_loginapplet_LIVE.dat

[2012/10/21 15:13:54 | 000,000,056 | ---- | C] () -- C:\Users\*USER*\jagex_cl_runescape_LIVE_BETA.dat

[2012/10/20 15:05:22 | 000,000,051 | ---- | C] () -- C:\Users\*USER*\jagex_cl_runescape_LIVE.dat

[2012/10/20 15:05:22 | 000,000,024 | ---- | C] () -- C:\Users\*USER*\random.dat

[2012/05/29 11:56:15 | 000,795,308 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012/05/28 14:05:07 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2012/05/28 14:04:59 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2012/05/28 14:04:51 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012/05/28 14:04:48 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2012/05/28 14:04:42 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

 

========== ZeroAccess Check ==========

 

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2014/01/24 08:24:02 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Blackboard

[2014/03/13 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Dropbox

[2014/03/13 18:21:30 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\newnext.me

[2014/03/12 14:49:54 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Radialpoint

[2013/01/07 08:06:19 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Research In Motion

[2013/08/21 10:32:05 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\SearchProtect

[2013/12/24 15:27:37 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Systweak

[2013/11/21 18:00:14 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Unity

[2012/10/20 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Virgin Media

[2013/09/07 07:32:28 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\Windows Live Writer

[2012/10/20 14:57:00 | 000,000,000 | ---D | M] -- C:\Users\*USER*\AppData\Roaming\{{userdatapath.company}}

 

========== Purity Check ==========

 

 

 

< End of report >

OTL Extras logfile created on: 13/03/2014 18:58:13 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*USER*\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

7.69 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 80.41% Memory free

15.39 Gb Paging File | 13.84 Gb Available in Paging File | 89.95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 924.86 Gb Total Space | 797.05 Gb Free Space | 86.18% Space Free | Partition Type: NTFS

 

Computer Name: ZOOSTROM | User Name: *USER* | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00BE0AF7-544F-43C4-BC7A-0A0E9662AE52}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{06C45C34-B35C-4BDB-B798-828442486923}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{07ED69C5-204E-4035-BC02-EB1A193D2EC5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{0BAFC00A-4433-4801-A317-94B215427703}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{0F1EA82E-F4D7-4F32-BC9D-B93D40DEE46D}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{171CEB45-D342-491E-9115-7FA33A120E91}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1C330C86-D694-4674-B105-0878C69B3507}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{1E15ED75-A2F1-402C-9E34-02F107083CC2}" = lport=137 | protocol=17 | dir=in | app=system | 

"{343D9537-A52C-4B78-BC24-EBAFB2EBE3BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{3ACCE657-A0A4-4ACD-BB03-03161D473970}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{43E6F9D1-318B-410D-A74A-7D747317E6C6}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 

"{472BFEC0-8390-4411-A22C-FEA5A942691A}" = rport=138 | protocol=17 | dir=out | app=system | 

"{50AED5A4-52AB-4743-A0DA-14A0E252AC20}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{5F049BE6-9E3B-4CC3-9F54-E2DE2782F501}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{6BBF2669-68C0-444D-957E-3102E75719CF}" = lport=445 | protocol=6 | dir=in | app=system | 

"{6E51644C-44FA-48C4-A549-6CAD7572B761}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 

"{7B0B34AF-F48F-459C-B24C-79297282F8DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{7F936C21-1E51-46C0-8EC9-AFB007D9D385}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{81504FA4-4EA0-4D47-BB11-58DED13FB0D9}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 

"{89613CB9-50BC-49D2-A2AF-F6D5754141F9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{AAF233D4-8DD1-46CF-B5F4-74F04F63066F}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 

"{B203C122-58A6-4773-B759-5D1B8DCB790A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{B6B03887-E952-418C-A28B-00BC92D954E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{BF108F06-A015-4938-AC75-F69C8F6709A4}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{C3E8164A-BAF6-4D55-9F1D-E49562A22DC9}" = rport=445 | protocol=6 | dir=out | app=system | 

"{CBA1D417-842A-4158-983C-C965E77E5881}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{D96AC0B1-8697-47B6-97B1-45D0D77DAF3C}" = lport=139 | protocol=6 | dir=in | app=system | 

"{D9EE7EDA-1DAE-46ED-BA16-36B584C1BC75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{DB7CA444-1FEA-44C5-B183-3C57E971A39D}" = lport=138 | protocol=17 | dir=in | app=system | 

"{F181753E-5E2E-4AB9-AE80-702F4A89BB47}" = rport=137 | protocol=17 | dir=out | app=system | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{042EB7FA-BF51-4904-BF7B-0B4B58CB6398}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{0BCEF9AA-9653-4AD9-A8AA-7CB75C808AAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1C171066-D02C-45E5-AB6C-B9B731A88C30}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{22F02513-1009-4C25-9E1A-735F66674F6A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{25C9264A-F9AB-44E3-88F0-8BB1F86A3353}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{288C7E55-5560-457E-B516-86EC8A666FAB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 

"{294FFDEB-0B6D-4A95-B824-0C6EB7553ABA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2AE54D89-C03E-45E9-BE03-841E5A591727}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe | 

"{2BC1F300-89ED-45EF-908F-2682C9F009B2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 

"{2E7DD11D-4109-4ACC-A63F-22110F113DA5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{370EAD4D-70CF-4F9D-8BA2-EDCAC6618CD3}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 

"{3C4CDF14-1BE6-4D7C-9868-C381DC40D577}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{3C884D86-AD66-4A86-A3A6-8E98B81A8318}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 

"{43FA1BB2-C70F-4D95-83D9-08C46FABE549}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 

"{44B773CA-9236-4589-B49B-EAB3D182ECF4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{4B17ACFF-81A3-4111-9365-153D590A930E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 

"{4C8D36AF-90FC-48AA-B7EE-2CAA46E2CCC8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{4D7492E5-25E5-4764-8563-32B22E9D7A4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{50FC0D65-31B7-415A-8731-B7FA01C21405}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{592EF296-FCA0-48A9-902D-C6DD4EA25587}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{5FB33DB3-4C71-42A0-8D50-1BAA328581DA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 

"{61322CCF-085D-4109-B9DD-C543EAF26334}" = protocol=6 | dir=in | app=c:\users\*USER*\appdata\roaming\dropbox\bin\dropbox.exe | 

"{6462E9EA-7F20-4BC2-B4EA-A4167CF8A321}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{6847C3BE-D79F-40A7-A4A9-2718BE0843D0}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe | 

"{696BF5A7-1456-4544-89BD-8E8A8D4155E1}" = protocol=6 | dir=out | app=system | 

"{6E6F6102-5858-41B8-BE45-68B6666841B2}" = protocol=6 | dir=in | app=c:\program files (x86)\virgin media\service manager\servicepointservice.exe | 

"{6FDF822C-FAA1-4F74-879B-67967396F81C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"{70D1D9CE-E4BC-4198-A6DD-95CAC70F4A7B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 

"{78A1E58F-61A1-4FB9-8B03-2F15F890C6A8}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 

"{78F5B60C-1149-4672-8AD8-7AB11AC160CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{7B0FDDB6-9F1A-401A-816E-F9526CF6B12C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 

"{7C750CE4-F450-48D0-87C0-BBD63202157E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"{7E286DF8-C226-4CE4-92AF-38E196AA8406}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{7E342840-97A8-459B-9753-01FA714B46B1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{82877EE8-DE82-4628-8DAB-ADB2DE2CCCFE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{8B335D68-4D73-496D-B3F7-87BAC5A86880}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 

"{8E0A4FC3-06F4-4E9A-A920-75E42BC67E0A}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 

"{97D0D256-50AD-4B81-87AD-EB705E22BBCB}" = protocol=17 | dir=in | app=c:\program files (x86)\virgin media\service manager\servicepointservice.exe | 

"{9BD370AB-6459-41FD-A4DC-C54A6DCA3EDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A0AA9670-780D-48F6-81B6-928E4CB5E46D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{A5341CB0-4235-4F93-8C66-CFB0DB1D392A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{A8702751-E36B-4FA4-AD39-1474285D9981}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 

"{A969494A-3731-4495-8F71-E5196C0B5724}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 

"{AC87D56A-BC77-4403-BEFA-FA3A665B38C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{B0E4A8E5-8259-4CF6-91E3-F3544FD41497}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 

"{B2D8AD77-3F2B-4362-81D7-56CD4B3230B9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 

"{B3F01ABE-D4FE-474E-BEEE-B4FB619BC1BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 

"{B641AF4A-8A1A-4296-8C9C-806F68FD7A9B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{B9852FDD-D409-48CA-A293-00BF0AACFFD7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{BAD4F275-13C7-42BE-8F79-EAC5618D9DB7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 

"{BE33AF11-9FDB-45FC-8649-243AC6F25007}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"{C26AC098-55DD-4488-823F-27239C540A8E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{C38AE1DA-987F-4527-8FB9-18E0CF3FFE9D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C592E4E9-5BF2-49EE-8B73-3705FA259388}" = protocol=17 | dir=in | app=c:\users\*USER*\appdata\roaming\dropbox\bin\dropbox.exe | 

"{C5B97054-FA72-43C5-BBF9-E66DA9316F15}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe | 

"{CCD35FC8-A3AF-4F5E-BB37-0CBAB2E2B1ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{CE478F32-B0C0-4EAC-A231-7EDFC985361B}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 

"{D02BA1E2-070A-4F83-93AC-16E8CEBFEABD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe | 

"{D8F6F212-67CD-4CE0-ADCB-1A89ECA85606}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{D9478245-BA6B-4BDF-AA4E-1FB44A61A388}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 

"{DABB7478-DFCB-4D3E-8A87-9023952C22E5}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 

"{DBAA632F-59A3-4FA3-BFA8-A2520C6BFF33}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe | 

"{E16F200B-C3F0-49DD-975A-DCB7C33AA92E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe | 

"{E5DBB49D-535D-45A7-B64C-6AAC47DCF137}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E8915777-90DE-4519-A78F-84E88607F563}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{EC32CB0C-63D3-44E0-A282-8371730A0F22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{F7FA24C8-CF30-45BD-9696-C1E49846F5CE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{F906E3E7-1F6F-45D9-8750-BC8287E7E152}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 

"{FB36EACF-9AA2-454B-976A-41C4F6154D19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{FBA743F8-9C94-4DB9-84A8-92BE0C35209C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe | 

"{FBCDCF07-4A74-4C1C-BE49-979AB1BA616D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"TCP Query User{032CAAE0-F9A1-4660-ACED-618BAEBAE3E5}C:\program files (x86)\voobly\voobly.exe" = protocol=6 | dir=in | app=c:\program files (x86)\voobly\voobly.exe | 

"TCP Query User{1FDA16C4-1A46-4B7F-9C9E-6044B2354900}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 

"TCP Query User{34BBFB31-2021-4836-A67A-5626B5636390}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | 

"TCP Query User{3B917BBB-F16C-472E-9D49-13FFDF7BED3C}C:\program files (x86)\voobly\voobly.exe" = protocol=6 | dir=in | app=c:\program files (x86)\voobly\voobly.exe | 

"TCP Query User{59C5CC0D-DFDD-40A2-A9FA-6407AEB86BE0}C:\users\*USER*\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\*USER*\appdata\roaming\dropbox\bin\dropbox.exe | 

"TCP Query User{BCA87C6E-C0D9-49F0-8908-E385CD79EA64}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 

"TCP Query User{E114A783-098C-4B10-AC97-B9BC0C9449E1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 

"TCP Query User{FADCB900-24A2-4C24-8A4A-894FA317BA9C}C:\users\*USER*\documents\vivek\world of warcraft trial\launcher.exe" = protocol=6 | dir=in | app=c:\users\*USER*\documents\vivek\world of warcraft trial\launcher.exe | 

"UDP Query User{1D442992-3E8D-4F80-A671-4710AFE3A4EF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 

"UDP Query User{3EFBBA59-C076-4000-AB20-87A215A91773}C:\program files (x86)\voobly\voobly.exe" = protocol=17 | dir=in | app=c:\program files (x86)\voobly\voobly.exe | 

"UDP Query User{74A55B50-0EEC-4B83-9948-F99F45947107}C:\users\*USER*\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\*USER*\appdata\roaming\dropbox\bin\dropbox.exe | 

"UDP Query User{9825054F-0D60-40AD-BC09-F565C4741FCD}C:\program files (x86)\voobly\voobly.exe" = protocol=17 | dir=in | app=c:\program files (x86)\voobly\voobly.exe | 

"UDP Query User{A709EF8B-5288-49EF-9AC7-3630768CB81D}C:\users\*USER*\documents\vivek\world of warcraft trial\launcher.exe" = protocol=17 | dir=in | app=c:\users\*USER*\documents\vivek\world of warcraft trial\launcher.exe | 

"UDP Query User{ACCE0082-9026-4C5C-B538-B421A7261C78}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 

"UDP Query User{CC6C62A4-FF63-4615-A0EE-A782F26A4122}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | 

"UDP Query User{CF540AAC-4C46-41CE-BC53-B5A4A34E04C0}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety

"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Virgin Media Security

"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Virgin Media Security

"{ACE9FB2A-31A5-4285-9510-43F1636EAB21}" = EasyLife Gadget

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft Security Client" = Microsoft Security Essentials

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{32C46540-7693-49E1-A81E-121B09C8303B}" = Content Manager Assistant for PlayStation®

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support

"{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38}" = WinSpeed

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A866227D-CDBC-4F4B-A9D0-F3CFE81050C3}" = Virgin Media Security

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call

"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}" = RuneScape Launcher 1.2.3

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE95B351-9E7F-40DD-AE62-21A7ED765436}" = Virgin Media Security

"Age of Mythology 1.0" = Age of Mythology

"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion

"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1

"Google Chrome" = Google Chrome

"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"PROPLUS" = Microsoft Office Professional Plus 2007

"RadialpointClientGateway_is1" = Virgin Media Service Manager 4.1.18

"SearchProtect" = Search Protect by conduit

"StarCraft II" = StarCraft II

"Voobly_is1" = Voobly

"WinLiveSuite" = Windows Live Essentials

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"SOE Web Installer" = SOE Web Installer

"UnityWebPlayer" = Unity Web Player

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 24/02/2014 12:43:28 | Computer Name = Zoostrom | Source = WinMgmt | ID = 10

Description = 

 

Error - 24/02/2014 14:19:53 | Computer Name = Zoostrom | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Research

 In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe".  Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 24/02/2014 14:20:00 | Computer Name = Zoostrom | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Common

 Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe".  Dependent Assembly

 Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 25/02/2014 11:54:34 | Computer Name = Zoostrom | Source = WinMgmt | ID = 10

Description = 

 

Error - 26/02/2014 08:54:24 | Computer Name = Zoostrom | Source = WinMgmt | ID = 10

Description = 

 

Error - 27/02/2014 12:43:47 | Computer Name = Zoostrom | Source = WinMgmt | ID = 10

Description = 

 

Error - 27/02/2014 14:40:10 | Computer Name = Zoostrom | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Research

 In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe".  Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 27/02/2014 14:40:18 | Computer Name = Zoostrom | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Common

 Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe".  Dependent Assembly

 Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 28/02/2014 09:24:32 | Computer Name = Zoostrom | Source = WinMgmt | ID = 10

Description = 

 

Error - 01/03/2014 03:07:29 | Computer Name = Zoostrom | Source = WinMgmt | ID = 10

Description = 

 

[ OSession Events ]

Error - 12/03/2013 14:05:27 | Computer Name = Zoostrom | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 12/03/2013 14:07:24 | Computer Name = Zoostrom | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 12/03/2013 14:08:41 | Computer Name = Zoostrom | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7038

Description = The PolicyAgent service was unable to log on as NT Authority\NetworkService

 with the currently configured password due to the following error:   %%1352    To ensure

 that the service is configured properly, use the Services snap-in in Microsoft 

Management Console (MMC).

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7000

Description = The IPsec Policy Agent service failed to start due to the following

 error:   %%1069

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7038

Description = The PolicyAgent service was unable to log on as NT Authority\NetworkService

 with the currently configured password due to the following error:   %%1352    To ensure

 that the service is configured properly, use the Services snap-in in Microsoft 

Management Console (MMC).

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7000

Description = The IPsec Policy Agent service failed to start due to the following

 error:   %%1069

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7038

Description = The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService

 with the currently configured password due to the following error:   %%1352    To ensure

 that the service is configured properly, use the Services snap-in in Microsoft 

Management Console (MMC).

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7000

Description = The WinHTTP Web Proxy Auto-Discovery Service service failed to start

 due to the following error:   %%1069

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7038

Description = The PolicyAgent service was unable to log on as NT Authority\NetworkService

 with the currently configured password due to the following error:   %%1352    To ensure

 that the service is configured properly, use the Services snap-in in Microsoft 

Management Console (MMC).

 

Error - 13/03/2014 14:13:02 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7000

Description = The IPsec Policy Agent service failed to start due to the following

 error:   %%1069

 

Error - 13/03/2014 14:13:05 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error: 

  %%1115

 

Error - 13/03/2014 14:13:05 | Computer Name = Zoostrom | Source = Service Control Manager | ID = 7023

Description = The Server service terminated with the following error:   %%1062

 

 

< End of report >



#6 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:31 PM

Posted 13 March 2014 - 02:49 PM

Hello fromage12345,

without the OTL log header and without the real Windows user name it is not possible to use scripting for analyse and cleaning your pc!


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 fromage12345

fromage12345
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 14 March 2014 - 12:05 PM

Thanks for your replies but i may have found a solution for my problem on a blog. it seems that the bloockutubead has gone but if it returns i will repost here with the extra information.

thanks again for your time and help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users