TomyB Posted August 4, 2012 ID:580655 Share Posted August 4, 2012 Upon recent browsing of various internets, i recentally discoverd that random words in variousonline documents were being underlined and higlighted, which then produced an obvious virus ad whenever the mouse hoverd over the words. After some light research I discoverd the suposed virus was called EasyInline, which was published by Yontoo LLC, and to my shock a program of the same name had appeared on my C drive. I have no idea what that program is or what it does, but i strongly believe it may be a virus of some sort. What is it and how do I get rid of it. Please help!DDS and Attach logs have been attached.DDS.txtAttach.zip Link to post Share on other sites More sharing options...
Maniac Posted August 4, 2012 ID:580715 Share Posted August 4, 2012 Hello TomyB and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Yontoo Layers or Drop Down Deals browser add-on - creates virtual layers that can be edited to create the appearance of having made changes to the underlying website. Has ads in the layers with no obvious warning on install.Step 1Please uninstall this application: µTorrentStep 2Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic. Link to post Share on other sites More sharing options...
TomyB Posted August 5, 2012 Author ID:580921 Share Posted August 5, 2012 Ok, doneOTL.txt:OTL logfile created on: 8/5/2012 1:07:37 PM - Run 1OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Tommy-\Desktop64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy7.95 Gb Total Physical Memory | 5.91 Gb Available Physical Memory | 74.35% Memory free15.90 Gb Paging File | 13.65 Gb Available in Paging File | 85.90% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 915.25 Gb Total Space | 797.25 Gb Free Space | 87.11% Space Free | Partition Type: NTFSDrive D: | 15.97 Gb Total Space | 2.00 Gb Free Space | 12.54% Space Free | Partition Type: NTFSDrive G: | 955.73 Mb Total Space | 728.20 Mb Free Space | 76.19% Space Free | Partition Type: FATComputer Name: TOMMY--HP | User Name: Tommy- | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/08/05 12:59:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy-\Desktop\OTL.exePRC - [2012/03/19 21:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exePRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exePRC - [2010/12/14 06:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exePRC - [2010/12/11 16:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exePRC - [2010/12/07 23:06:00 | 000,249,672 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exePRC - [2010/12/07 23:05:52 | 000,634,696 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exePRC - [2010/12/07 23:05:38 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exePRC - [2010/11/25 15:26:40 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exePRC - [2010/11/24 04:26:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2010/11/24 04:26:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2010/11/19 05:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exePRC - [2010/11/18 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exePRC - [2010/11/10 09:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exePRC - [2010/11/10 09:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exePRC - [2010/09/14 11:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2010/09/14 11:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2010/07/30 12:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exePRC - [2010/02/03 17:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe========== Modules (No Company Name) ==========MOD - [2012/06/19 20:36:07 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4aa3b127a59b6c1cd3b8749ea972771f\IAStorUtil.ni.dllMOD - [2012/06/15 20:47:12 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dllMOD - [2012/06/15 20:47:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dllMOD - [2012/05/12 22:03:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1a4c0f7ba90a13c246a90a579552935a\IAStorCommon.ni.dllMOD - [2012/05/12 17:37:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dllMOD - [2012/05/12 17:36:47 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dllMOD - [2012/05/12 17:36:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dllMOD - [2012/05/12 17:36:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dllMOD - [2012/05/12 17:36:40 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dllMOD - [2012/05/12 17:36:36 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dllMOD - [2011/11/01 22:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2011/11/01 22:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2010/11/19 06:08:02 | 001,695,800 | ---- | M] () -- C:\Users\Tommy-\AppData\Roaming\PictureMover\EN-AU\Presentation.dllMOD - [2010/11/19 05:57:42 | 012,284,984 | ---- | M] () -- C:\Users\Tommy-\AppData\Roaming\PictureMover\Bin\Core.dllMOD - [2009/07/14 11:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll========== Win32 Services (SafeList) ==========SRV:64bit: - [2010/12/31 11:10:00 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2010/12/02 14:44:08 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)SRV:64bit: - [2010/11/03 06:49:46 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)SRV:64bit: - [2010/11/03 06:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)SRV:64bit: - [2010/11/03 06:34:14 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)SRV:64bit: - [2010/09/23 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010/08/13 09:24:30 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)SRV:64bit: - [2010/08/06 13:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)SRV:64bit: - [2010/07/30 12:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)SRV:64bit: - [2010/07/22 08:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2009/03/03 20:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)SRV - [2012/07/07 13:39:16 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/03/19 21:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)SRV - [2010/12/07 23:06:00 | 000,249,672 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)SRV - [2010/11/25 14:26:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)SRV - [2010/11/24 04:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2010/11/24 04:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010/11/10 09:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)SRV - [2010/09/14 11:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2010/06/19 11:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/03/01 16:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2011/03/11 16:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 16:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/12/31 11:39:22 | 008,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2010/12/31 10:33:06 | 000,292,864 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2010/12/17 12:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2010/12/17 11:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)DRV:64bit: - [2010/12/17 11:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2010/12/11 16:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)DRV:64bit: - [2010/12/09 07:30:08 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)DRV:64bit: - [2010/12/02 14:44:08 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)DRV:64bit: - [2010/12/01 22:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)DRV:64bit: - [2010/11/20 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)DRV:64bit: - [2010/11/20 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)DRV:64bit: - [2010/11/09 20:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)DRV:64bit: - [2010/10/20 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2010/10/20 05:56:44 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2010/10/15 18:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2010/09/14 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2010/08/13 09:24:30 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)DRV:64bit: - [2010/08/13 09:24:30 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)DRV:64bit: - [2010/07/21 07:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)DRV:64bit: - [2010/07/21 07:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)DRV:64bit: - [2010/07/21 07:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)DRV:64bit: - [2010/07/15 00:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)DRV:64bit: - [2010/06/30 10:10:58 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)DRV:64bit: - [2010/03/03 08:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/14 09:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2009/06/11 07:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)DRV:64bit: - [2009/06/11 07:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)DRV:64bit: - [2009/06/11 07:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)DRV:64bit: - [2009/06/11 06:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)DRV:64bit: - [2009/06/11 06:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFIE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFIE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = PreserveIE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109217&tt=280612_7_&babsrc=SP_ss&mntrId=a883be400000000000008ca98265595dIE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit.com/search.aspx?aff=115&q={searchTerms}IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)[2012/07/02 15:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy-\AppData\Roaming\mozilla\Firefox\Profiles\extensions[2012/07/02 15:10:20 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Tommy-\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com[2012/07/02 15:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/07/02 15:11:14 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com========== Chrome ==========O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\Tommy-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)O4 - Startup: C:\Users\Tommy-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{145F010E-EEE4-43F7-A3A0-FC9E9352EC52}: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB3B0E79-6147-4A8D-94E8-1418D83DDD57}: DhcpNameServer = 192.168.0.1O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/08/05 12:58:42 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy-\Desktop\OTL.exe[2012/07/28 18:10:45 | 000,000,000 | ---D | C] -- C:\Users\Tommy-\Desktop\USB[2012/07/28 17:57:21 | 000,000,000 | ---D | C] -- C:\Users\Tommy-\AppData\Roaming\LOVE[2012/07/22 21:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Users\Tommy-\Desktop\*.tmp files -> C:\Users\Tommy-\Desktop\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/08/05 12:59:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy-\Desktop\OTL.exe[2012/08/05 12:45:02 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/08/05 12:45:02 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/08/05 12:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/08/05 12:41:57 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/08/05 12:41:57 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/08/05 12:41:57 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/08/05 12:37:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/08/05 12:37:35 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys[2012/08/04 21:27:50 | 000,002,787 | ---- | M] () -- C:\Users\Tommy-\Desktop\Attach.zip[2012/08/01 19:35:33 | 001,843,715 | ---- | M] () -- C:\Users\Tommy-\Desktop\victer2015.pdf[2012/07/30 19:18:19 | 000,035,387 | ---- | M] () -- C:\Users\Tommy-\Desktop\VE_Employment_Application_Form.pdf[2012/07/12 12:44:01 | 000,342,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2012/07/11 16:51:25 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTommy-.job[2012/07/07 22:37:44 | 000,000,063 | ---- | M] () -- C:\Windows\SIERRA.INI[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Users\Tommy-\Desktop\*.tmp files -> C:\Users\Tommy-\Desktop\*.tmp -> ]========== Files Created - No Company Name ==========[2012/08/04 21:27:50 | 000,002,787 | ---- | C] () -- C:\Users\Tommy-\Desktop\Attach.zip[2012/08/01 19:35:33 | 001,843,715 | ---- | C] () -- C:\Users\Tommy-\Desktop\victer2015.pdf[2012/07/30 19:18:19 | 000,035,387 | ---- | C] () -- C:\Users\Tommy-\Desktop\VE_Employment_Application_Form.pdf[2012/07/07 13:39:18 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/04/12 19:38:21 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE[2012/04/12 19:25:58 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll[2012/04/12 19:25:58 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll[2012/02/02 21:53:04 | 000,000,685 | ---- | C] () -- C:\Users\Tommy-\Thomas - Shortcut.lnk[2012/01/24 22:08:34 | 000,000,063 | ---- | C] () -- C:\Windows\SIERRA.INI[2012/01/24 22:07:31 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll[2012/01/24 22:07:31 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll[2012/01/24 22:07:31 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll[2011/10/10 16:29:14 | 000,001,854 | ---- | C] () -- C:\Users\Tommy-\AppData\Roaming\GhostObjGAFix.xml[2011/04/23 00:17:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[2011/04/23 00:01:50 | 000,003,028 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat[2011/04/23 00:00:51 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2011/04/23 00:00:51 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2011/04/23 00:00:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin[2011/04/23 00:00:49 | 000,003,028 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat[2011/01/30 14:25:38 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini[2010/12/17 12:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll[2010/09/25 08:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL========== LOP Check ==========[2012/07/09 16:06:15 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\.minecraft[2012/04/12 19:31:26 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\Atari[2012/05/25 21:13:04 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\Audacity[2012/07/02 15:10:37 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\Babylon[2011/09/18 21:09:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\funkitron[2011/10/19 19:33:43 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\Image-Line[2011/09/29 17:38:48 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\Leadertech[2012/07/28 17:57:21 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\LOVE[2011/10/20 20:06:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\Music Recognition[2011/09/01 14:09:56 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\PictureMover[2011/09/01 14:08:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\Synaptics[2011/11/07 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\SynthMaker[2011/09/10 23:42:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\WildTangent[2011/09/18 21:26:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\WildTangentv1001[2012/06/22 19:13:57 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:553CA6CA< End of report >Extras.txt:OTL Extras logfile created on: 8/5/2012 1:07:37 PM - Run 1OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Tommy-\Desktop64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy7.95 Gb Total Physical Memory | 5.91 Gb Available Physical Memory | 74.35% Memory free15.90 Gb Paging File | 13.65 Gb Available in Paging File | 85.90% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 915.25 Gb Total Space | 797.25 Gb Free Space | 87.11% Space Free | Partition Type: NTFSDrive D: | 15.97 Gb Total Space | 2.00 Gb Free Space | 12.54% Space Free | Partition Type: NTFSDrive G: | 955.73 Mb Total Space | 728.20 Mb Free Space | 76.19% Space Free | Partition Type: FATComputer Name: TOMMY--HP | User Name: Tommy- | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1========== Authorized Applications List ==================== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{007AA094-794B-4927-BD6B-23F7AEF665B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{01FFFC47-309A-4D73-8AE7-185B254FD915}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{071D938E-F23C-451D-A3BC-E3FD5126D414}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{0CDC539D-CDF2-420F-91A8-B0D22830A406}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{0E3978C0-CDD8-4ABB-A492-2E239029A743}" = rport=138 | protocol=17 | dir=out | app=system |"{18F8B7CC-8367-464E-A67D-5D9F783C2FDE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |"{22D8E18E-2803-4451-8A39-654B4E10B880}" = rport=139 | protocol=6 | dir=out | app=system |"{4117E57C-BEC0-4DB7-9AB6-47083125C19F}" = rport=10243 | protocol=6 | dir=out | app=system |"{48AA6257-862A-4622-A882-CB44CFED2FEC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |"{4F77CF44-51DB-47DD-A24A-ECCBE1C8A7AF}" = lport=10243 | protocol=6 | dir=in | app=system |"{5DA62BF4-DF27-42DB-BB43-8C6FF6C2E750}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{6A3738D3-EB85-4F48-9332-6E38CB440BA8}" = rport=137 | protocol=17 | dir=out | app=system |"{7F65E277-62F5-4C74-B300-819A3F581F50}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{80D14520-4B68-421C-B149-D6C800CD9C46}" = lport=139 | protocol=6 | dir=in | app=system |"{82CDE4DD-98CB-4FA1-8A66-1F78526FC82F}" = lport=137 | protocol=17 | dir=in | app=system |"{890F3B01-5403-45FB-BE63-D76ECEA3D62A}" = rport=445 | protocol=6 | dir=out | app=system |"{96DAC6B3-E166-4C64-ACA3-1E800BD89BEA}" = lport=2869 | protocol=6 | dir=in | app=system |"{9F1C2F37-ABFD-4ECB-8B6D-11FB3D39C814}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{AEE56569-535E-4FE6-9D69-97D2C988FF58}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{CCB69E0F-7237-4856-B6CB-86E370735401}" = lport=445 | protocol=6 | dir=in | app=system |"{CEEDD644-D622-437D-B3AB-2FBE19298508}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |"{E0C77447-9928-478F-9D87-7A76C7658373}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{E685C301-3B92-419B-858C-2FB945505570}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |"{EDCA56EB-67B8-49D6-85DE-F3B5B509E1C3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |"{EFAAEC07-823F-484E-82A5-B7F54F01396B}" = lport=138 | protocol=17 | dir=in | app=system |========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0825DACB-CF18-4153-A347-A44B12786A27}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{0BB2D425-F7B3-49FB-9CE8-9E2DC747ABB9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{182397A9-9F6C-45BE-889A-68A3B4E2B3DC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |"{1FBE40AB-99F3-4396-9AEC-A92C6D5C2AF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{3FB47A39-6C6F-4460-B0C9-988B827C082E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |"{4990C061-0EF5-44B0-90C9-4CB86743F8A0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |"{55FD1E69-ECBA-40D5-B655-FFF53DDBD136}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{582DA3A7-B659-49DD-95D3-CE4ED15904C8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |"{59A56269-A993-46A6-B3CD-23B8E241DB83}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{5CDE7BB6-E6CF-49DA-AE88-5CA793719E2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{64090423-2D14-4244-AA66-38D31A459D79}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |"{6E276027-F5E5-40C9-B54E-EEBCA205EA32}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{728D8361-9D77-4FA5-B552-6C3D7AD564D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{76CC5CE1-D6EE-4F00-A080-2AC2958F49BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{7F388343-87D2-4B80-AC02-E97E11F31A9A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |"{8199D749-6F84-4493-8572-A91D8F94BDD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{872FBB1E-95F5-40AE-A348-88A518FBEF36}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |"{87F9C48B-F70B-4948-82C8-01F0BB6FF190}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{8F920378-17C7-4B6A-93BE-5659C5FE7FDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{918EBEC8-5F51-4A0F-9088-034215A0E88E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |"{999DE1DD-7529-48D5-93D6-74619972215D}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |"{9B357D48-2EDC-4C9E-B8C4-B4B6DBE087EA}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |"{9D3241DF-D579-4694-8890-CDE6DC2BF490}" = protocol=6 | dir=out | app=system |"{9E754645-CD7D-4FAF-9B3C-D1A6C1E95A57}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |"{A1508E03-89FD-482E-BBD3-AF1D41A57E7D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |"{BC9C8982-797E-46CA-863A-063E50A5CEFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{C13245CB-A222-4A28-89C2-5EF743FB2309}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{CABCAB51-AE89-4976-9881-0858192BA601}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |"{D1678128-6261-42FC-BCCA-D7FECBFC7E1E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{D17BBA64-8682-4A28-8F1A-19B5FA5AD6DE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |"{DC56711A-C4CC-448B-899F-1C6FCCF495AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{E13FC2DB-FC5C-4117-A7AF-838B2B656B2C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |"{E5E7FFBC-62FA-4060-A391-C9272368E6BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{E8FC2D41-32C1-4014-97DF-B622CEC813E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{E9C64024-E64B-4021-82A1-962DC6FD053F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{EA14255D-E559-4DB1-8107-38CBA9042D9D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |"{EDBDF721-A57A-4376-8EC3-DBEBD9DE200C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{F0D654A1-8EC6-48B6-918A-40405E5B46A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |"{F2C64B9D-5A31-4BB7-B6AE-AC420CD2147C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |"TCP Query User{14B36206-4107-4B08-954C-20519BF0F399}C:\users\tommy-\desktop\usbwebserver v8.5\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe" = protocol=6 | dir=in | app=c:\users\tommy-\desktop\usbwebserver v8.5\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe |"TCP Query User{27932D4F-3BAC-44DD-9276-D21A6BE2B35A}C:\sierra\empire earth - the art of conquest\ee-aoc.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth - the art of conquest\ee-aoc.exe |"TCP Query User{57FD23A4-C451-4EEA-8FAF-E3F5E360A806}H:\usbwebserver v8.5\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe" = protocol=6 | dir=in | app=h:\usbwebserver v8.5\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe |"TCP Query User{5FAB3F42-ED5F-4106-BA56-8497783DC742}C:\users\tommy-\desktop\usbwebserver v8.5\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe" = protocol=6 | dir=in | app=c:\users\tommy-\desktop\usbwebserver v8.5\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe |"TCP Query User{86211C0C-23AE-4AA8-B704-0ED654ECD3B1}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |"TCP Query User{BA7E402D-AF6F-4C77-8CD0-F6329B5B87D0}H:\usbwebserver v8.5\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe" = protocol=6 | dir=in | app=h:\usbwebserver v8.5\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe |"TCP Query User{C43E65D4-0288-499C-BB8A-15289BC029DF}H:\lucky strike records\usbwebserver v8.5\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe" = protocol=6 | dir=in | app=h:\lucky strike records\usbwebserver v8.5\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe |"TCP Query User{D91D1A18-760A-44F7-8BD0-D32ED4254036}H:\lucky strike records\usbwebserver v8.5\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe" = protocol=6 | dir=in | app=h:\lucky strike records\usbwebserver v8.5\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe |"TCP Query User{E0B37DAA-4E67-41B9-80F5-E9DE2D61EA4D}H:\lucky strike records\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe" = protocol=6 | dir=in | app=h:\lucky strike records\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe |"TCP Query User{EC03A682-9943-4898-AF88-3BE9A5341FDD}H:\lucky strike records\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe" = protocol=6 | dir=in | app=h:\lucky strike records\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe |"TCP Query User{F7CD3DCD-6995-4F0F-B00E-0BF136B9CAAD}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |"TCP Query User{FC790DCF-0393-457E-885E-8B5277C01C5D}C:\users\tommy-\appdata\local\temp\rarsfx0\hl.exe" = protocol=6 | dir=in | app=c:\users\tommy-\appdata\local\temp\rarsfx0\hl.exe |"UDP Query User{13109E70-DE4C-482B-B71D-961821CB7A94}H:\lucky strike records\usbwebserver v8.5\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe" = protocol=17 | dir=in | app=h:\lucky strike records\usbwebserver v8.5\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe |"UDP Query User{3C0A89A9-E9B5-4A48-A468-37F3FC6AAEA2}H:\usbwebserver v8.5\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe" = protocol=17 | dir=in | app=h:\usbwebserver v8.5\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe |"UDP Query User{3FD282A6-F4C4-4873-9077-2E8F22589A75}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |"UDP Query User{49EE4CBD-25FE-49AD-8650-5E4FCA092CA2}H:\lucky strike records\usbwebserver v8.5\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe" = protocol=17 | dir=in | app=h:\lucky strike records\usbwebserver v8.5\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe |"UDP Query User{5687E76B-3C99-4E40-BD7B-D42FD9293583}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |"UDP Query User{744C723E-F884-4782-8529-B4FABA8527C3}H:\lucky strike records\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe" = protocol=17 | dir=in | app=h:\lucky strike records\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe |"UDP Query User{79732148-6E2A-4FB1-9312-134A9FD8F535}H:\lucky strike records\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe" = protocol=17 | dir=in | app=h:\lucky strike records\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe |"UDP Query User{B12C1C85-4739-4EFC-AE74-EB1EB3876AF1}C:\users\tommy-\desktop\usbwebserver v8.5\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe" = protocol=17 | dir=in | app=c:\users\tommy-\desktop\usbwebserver v8.5\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe |"UDP Query User{BD971CB3-966B-4272-B7E3-4B63F85A7850}H:\usbwebserver v8.5\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe" = protocol=17 | dir=in | app=h:\usbwebserver v8.5\usbwebserver v8.5\8.5\mysql\bin\mysqld_usbwv8.exe |"UDP Query User{D1D9D1BA-E144-4315-BBE2-E3473D7730BF}C:\users\tommy-\appdata\local\temp\rarsfx0\hl.exe" = protocol=17 | dir=in | app=c:\users\tommy-\appdata\local\temp\rarsfx0\hl.exe |"UDP Query User{E5AA9DAC-51BB-4884-8B04-AD29C1B797A3}C:\sierra\empire earth - the art of conquest\ee-aoc.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth - the art of conquest\ee-aoc.exe |"UDP Query User{FF62D0FD-E8E3-4A4E-A397-F72D1B94905D}C:\users\tommy-\desktop\usbwebserver v8.5\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe" = protocol=17 | dir=in | app=c:\users\tommy-\desktop\usbwebserver v8.5\usbwebserver v8.5\8.5\apache2\bin\httpd_usbwv8.exe |========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0DF3F266-B52E-4309-B3CC-233607DF4E50}" = HP 3D DriveGuard"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant"{1C3266D4-0DA1-415B-951B-7B5B050B16F1}" = Validity WBF DDK"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java 6 Update 22 (64-bit)"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display"{2E794F67-DAC1-C4A3-9128-0C841DF8A1BE}" = ATI Catalyst Install Manager"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{AF162E20-417F-4946-A06D-65734984957F}" = Intel® PROSet/Wireless WiFi Software"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{F12CAF9A-1803-610D-C686-220E35980C99}" = ccc-utility64"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"ProInst" = Intel PROSet Wireless"SynTPDeinstKey" = Synaptics Pointing Device Driver[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements"{0A143C9B-DCE4-5089-E3DE-12BBCA178C12}" = CCC Help Russian"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0F7BFF8F-274A-05FE-2D37-A0C644424871}" = CCC Help Greek"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display"{15775C9B-CD12-BDAF-F5FA-E06A7CB4F25D}" = CCC Help Korean"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2CAF2C07-3219-8143-0E1C-EB1E20223171}" = CCC Help Japanese"{2CF48C8D-38F6-09E3-C24D-69999191726F}" = CCC Help Portuguese"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support"{3436866E-2C3A-AC6F-C6CF-1ABFF5FB69A3}" = CCC Help Thai"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{35D2E477-8524-4294-9D6A-D8481328389F}" = HP Software Framework"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5"{3BC81D4E-0E14-472D-2DA4-CB51D9A21BAE}" = Catalyst Control Center InstallProxy"{3CBC0CD2-18F0-523D-DA6A-B224C3C4B2CF}" = CCC Help French"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{5175254C-4F5C-61DF-9647-306994652857}" = CCC Help Chinese Traditional"{52FB1497-BBDD-F46F-2ADE-407148D63C65}" = CCC Help Dutch"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver"{5486C37D-73E8-4C31-A3FA-D796494F8286}" = Catalyst Control Center - Branding"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{610A0147-10AB-D148-B6E1-503E40A444B9}" = CCC Help German"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{66F0F1EB-A7B1-4592-BE90-404CD9E49053}" = HP Documentation"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime"{7F9EA30A-2DD4-81B6-8A08-719EB8683C40}" = CCC Help Finnish"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{83F8B662-32C3-D1B6-8048-35ED4B94DC87}" = CCC Help Danish"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{94D44424-3A83-C25E-CB75-0703750714C2}" = Catalyst Control Center Localization All"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{954680D5-B7C6-E5BA-9B62-09A5AB1F8022}" = CCC Help Hungarian"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6"{95CEC285-7B63-3D66-0B3F-EF0D9116375C}" = CCC Help Spanish"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AB2E32E3-B0C3-592C-8093-308249A70C82}" = PX Profile Update"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager"{B1AEF127-E01A-40D8-3CDC-F4C76BF2A42B}" = CCC Help Polish"{B584C0FA-5037-C2DB-8399-A3153101B066}" = Catalyst Control Center Graphics Previews Common"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo"{C125CF1B-32B7-A63B-4DBE-72555A1D4730}" = CCC Help Italian"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader"{C2E21D9B-8AD7-588F-9BE9-70054C864D20}" = CCC Help Norwegian"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D6399FF6-7BDF-F604-E493-76B47CF59C15}" = CCC Help Swedish"{D79531DC-85D7-997F-4083-CE65505F1B7E}" = Catalyst Control Center Profiles Mobile"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio"{E7117563-58FF-5A50-664D-619DA8B5E3BF}" = CCC Help Chinese Standard"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch"{ED3D587B-9B2E-9F1F-723E-CE137F82CA85}" = ccc-core-static"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver"{F1DD6CD2-6734-4089-9EF5-441F51E083B6}" = HP SimplePass 2011"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display"{FB3F7ACE-1633-5A41-250A-FA00E95EE402}" = CCC Help Czech"{FC18709C-C93F-6BF7-904A-43B0125725ED}" = CCC Help English"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"ASIO4ALL" = ASIO4ALL"FL Studio 10" = FL Studio 10"IL Download Manager" = IL Download Manager"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10"MagicDisc 2.7.106" = MagicDisc 2.7.106"My HP Game Console" = HP Game Console"Office14.SingleImage" = Microsoft Office Home and Student 2010"TeamViewer 7" = TeamViewer 7"VLC media player" = VLC media player 1.1.4"WildTangent hp Master Uninstall" = HP Games"WinLiveSuite" = Windows Live Essentials"WinRAR archiver" = WinRAR 4.11 (32-bit)"WT087328" = Blackhawk Striker 2"WT087330" = Bounce Symphony"WT087343" = Dora's World Adventure"WT087361" = FATE"WT087362" = Final Drive Nitro"WT087394" = Penguins!"WT087395" = Poker Superstars III"WT087396" = Polar Bowler"WT087397" = Polar Golfer"WT087428" = Bejeweled 2 Deluxe"WT087453" = Chuzzle Deluxe"WT087501" = Plants vs. Zombies"WT087533" = Zuma Deluxe"WT089299" = Mystery P.I. - The London Caper"WT089300" = World Cup Cricket 20-20"WT089307" = Virtual Villagers 4 - The Tree of Life"WT089308" = Blasterball 3"WT089328" = Farm Frenzy"WT089359" = Cake Mania"WT089362" = Agatha Christie - Peril at End House"ZumoDrive" = HP CloudDrive========== Last 20 Event Log Errors ==========[ Application Events ]Error - 5/24/2012 7:26:29 AM | Computer Name = Tommy--HP | Source = Application Error | ID = 1000Description = Faulting application name: vlc.exe, version: 1.1.4.0, time stamp:0x4c76f9fe Faulting module name: vlc.exe, version: 1.1.4.0, time stamp: 0x4c76f9feException code: 0xc0000005 Fault offset: 0x00001749 Faulting process id: 0x10cc Faulting application start time: 0x01cd399fad3a0a9c Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exeFaulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: 4dc60a7e-a593-11e1-9563-cc52af793b13Error - 5/31/2012 7:40:59 AM | Computer Name = Tommy--HP | Source = Application Error | ID = 1000Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,time stamp: 0x4d76255d Faulting module name: Flash11e.ocx, version: 11.1.102.55,time stamp: 0x4eaf89fc Exception code: 0xc0000005 Fault offset: 0x000c9125 Faulting process id: 0x348 Faulting application start time: 0x01cd3f213d305673 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Report Id: 7d6100e5-ab15-11e1-b535-cc52af793b13Error - 6/7/2012 2:38:12 AM | Computer Name = Tommy--HP | Source = Application Error | ID = 1000Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,time stamp: 0x4d76255d Faulting module name: Flash11e.ocx, version: 11.1.102.55,time stamp: 0x4eaf89fc Exception code: 0xc0000005 Fault offset: 0x000c9125 Faulting process id: 0x18ec Faulting application start time: 0x01cd447763209a63 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Report Id: 59c58a31-b06b-11e1-b53d-cc52af793b13Error - 6/24/2012 6:27:30 AM | Computer Name = Tommy--HP | Source = Application Hang | ID = 1002Description = The program TGB_Dual.exe version 0.7.2048.96 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1014 Start Time: 01cd51f21a759a03 Termination Time: 0 Application Path: G:\Nintendo\Pokemon\TGBDUE-7_2053-0_96\TGB_Dual.exeReport Id: 313184ae-bde7-11e1-94d8-cc52af793b13 Error - 6/26/2012 3:59:47 AM | Computer Name = Tommy--HP | Source = Application Error | ID = 1000Description = Faulting application name: svchost.exe_FontCache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: fntcache.dll, version: 6.1.7600.16763, time stamp: 0x4d5f625b Exception code: 0x40000015 Fault offset: 0x000000000003d086Faulting process id: 0x22c Faulting application start time: 0x01cd536895f631a1 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\fntcache.dllReport Id: e538f8b7-bf64-11e1-bc81-cc52af793b13Error - 6/26/2012 4:59:29 AM | Computer Name = Tommy--HP | Source = Application Error | ID = 1000Description = Faulting application name: svchost.exe_FontCache, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: fntcache.dll, version: 6.1.7600.16763, time stamp: 0x4d5f625b Exception code: 0x40000015 Fault offset: 0x000000000003d086Faulting process id: 0x544 Faulting application start time: 0x01cd5371a89707f5 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\fntcache.dllReport Id: 3c3e9284-bf6d-11e1-bc81-cc52af793b13Error - 7/3/2012 1:38:36 AM | Computer Name = Tommy--HP | Source = MySQL | ID = 100Description =Error - 7/3/2012 1:38:36 AM | Computer Name = Tommy--HP | Source = MySQL | ID = 100Description =Error - 7/3/2012 1:38:36 AM | Computer Name = Tommy--HP | Source = MySQL | ID = 100Description =Error - 7/4/2012 4:17:20 AM | Computer Name = Tommy--HP | Source = MsiInstaller | ID = 10005Description =[ Hewlett-Packard Events ]Error - 9/27/2011 9:43:57 AM | Computer Name = Tommy--HP | Source = Hewlett-Packard | ID = 0Description = en-AU Exception has been thrown by the target of an invocation. mscorlib at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks) at System.Delegate.DynamicInvokeImpl(Object[] args) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)Object reference not set to an instance of an object.Error - 10/10/2011 2:29:13 AM | Computer Name = Tommy--HP | Source = Hewlett-Packard | ID = 0Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101110052902.xml File not created by asset agentError - 11/13/2011 6:12:06 AM | Computer Name = Tommy--HP | Source = Hewlett-Packard | ID = 0Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111113091204.xml File not created by asset agent[ HP Wireless Assistant Events ]Error - 9/10/2011 12:47:33 PM | Computer Name = Tommy--HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()Error - 9/10/2011 12:47:40 PM | Computer Name = Tommy--HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()Error - 9/10/2011 12:48:48 PM | Computer Name = Tommy--HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()Error - 9/10/2011 12:49:45 PM | Computer Name = Tommy--HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()Error - 9/10/2011 12:50:53 PM | Computer Name = Tommy--HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()Error - 9/10/2011 12:51:00 PM | Computer Name = Tommy--HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()Error - 9/10/2011 12:52:08 PM | Computer Name = Tommy--HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()Error - 9/10/2011 12:52:16 PM | Computer Name = Tommy--HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()Error - 9/10/2011 12:53:24 PM | Computer Name = Tommy--HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()Error - 9/10/2011 12:53:32 PM | Computer Name = Tommy--HP | Source = HP WA Service | ID = 0Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()[ System Events ]Error - 7/26/2012 6:02:18 AM | Computer Name = Tommy--HP | Source = Service Control Manager | ID = 7022Description = The Windows Update service hung on starting.Error - 7/27/2012 6:17:45 AM | Computer Name = Tommy--HP | Source = BROWSER | ID = 8032Description =Error - 7/28/2012 1:57:42 AM | Computer Name = Tommy--HP | Source = BROWSER | ID = 8032Description =Error - 7/28/2012 3:18:18 AM | Computer Name = Tommy--HP | Source = BROWSER | ID = 8032Description =Error - 7/29/2012 5:42:02 AM | Computer Name = Tommy--HP | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk2\DR2.Error - 7/29/2012 6:11:44 PM | Computer Name = Tommy--HP | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\DR4.Error - 7/29/2012 6:11:45 PM | Computer Name = Tommy--HP | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\DR4.Error - 7/29/2012 6:11:45 PM | Computer Name = Tommy--HP | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\DR4.Error - 7/29/2012 6:11:46 PM | Computer Name = Tommy--HP | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\DR4.Error - 8/3/2012 5:11:55 AM | Computer Name = Tommy--HP | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk2\DR2.< End of report > Link to post Share on other sites More sharing options...
Maniac Posted August 5, 2012 ID:580977 Share Posted August 5, 2012 Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109217&tt=280612_7_&babsrc=SP_ss&mntrId=a883be400000000000008ca98265595d[2012/07/02 15:11:14 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.comO2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.O4 - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found[2012/07/02 15:10:37 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\Babylon:filesC:\Program Files (x86)\YontooC:\Program Files (x86)\uTorrentipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]Then click the Run Fix button at the topLet the program run unhindered, reboot the PC when it is donePlease post the OTL fix log in your next reply. Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles Link to post Share on other sites More sharing options...
TomyB Posted August 6, 2012 Author ID:581292 Share Posted August 6, 2012 ok. On a side note, will I be able to reinstall uTorrent by the end of this?All processes killedError: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}I> in the current context!Error: Unable to interpret <E - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109217&tt=280612_7_&babsrc=SP_ss&mntrId=a883be400000000000008ca98265595d[2012/07/02 15:11:14 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.comO2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.O4 - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found[2012/07/02 15:10:37 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\Babylon:filesC:\Program > in the current context!Error: Unable to interpret <Files (x86)\YontooC:\Program Files (x86)\uTorrentipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context!OTL by OldTimer - Version 3.2.56.0 log created on 08062012_160617Files\Folders moved on Reboot...PendingFileRenameOperations files...Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
Maniac Posted August 6, 2012 ID:581324 Share Posted August 6, 2012 ok. On a side note, will I be able to reinstall uTorrent by the end of this?We do not suggest that.http://forums.malwarebytes.org/index.php?showtopic=97700Your script was not working, because should looks like in OTL like this here::OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109217&tt=280612_7_&babsrc=SP_ss&mntrId=a883be400000000000008ca98265595d[2012/07/02 15:11:14 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.comO2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.O4 - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found[2012/07/02 15:10:37 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\Babylon:filesC:\Program Files (x86)\YontooC:\Program Files (x86)\uTorrentipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]Every entrie should be on a new line. Link to post Share on other sites More sharing options...
TomyB Posted August 7, 2012 Author ID:581731 Share Posted August 7, 2012 I asumed you wanted me to copy the code into OTL and to run a fix. If this is the case, here is the results of the fix procedure.All processes killedError: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678IE - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}I> in the current context!Error: Unable to interpret <E - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109217&tt=280612_7_&babsrc=SP_ss&mntrId=a883be400000000000008ca98265595d[2012/07/02 15:11:14 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.comO2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.O4 - HKU\S-1-5-21-1677838086-1244034719-3675916251-1001..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found[2012/07/02 15:10:37 | 000,000,000 | ---D | M] -- C:\Users\Tommy-\AppData\Roaming\Babylon:filesC:\Program > in the current context!Error: Unable to interpret <Files (x86)\YontooC:\Program Files (x86)\uTorrentipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context!OTL by OldTimer - Version 3.2.56.0 log created on 08072012_191756Files\Folders moved on Reboot...PendingFileRenameOperations files...Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
Maniac Posted August 7, 2012 ID:581757 Share Posted August 7, 2012 Yes, but take a look how is your script again. I said that every entry i.e. this entrie::OTLOn the second line, under the first line should be this entrie:IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}And so on.Did you understand me now? Link to post Share on other sites More sharing options...
TomyB Posted August 13, 2012 Author ID:584544 Share Posted August 13, 2012 I am afraid your services may no longer be required, as I may have, somehow, resolved the problem. Link to post Share on other sites More sharing options...
Maniac Posted August 14, 2012 ID:584902 Share Posted August 14, 2012 Thanks for letting me know! Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 14, 2012 ID:584971 Share Posted August 14, 2012 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts