Google re-direct: infected

[brinkmann]

I think I may have been infected by google-redirect, am getting redirected to some random marketing pages from a google search and from other sites. I am also getting random pop-ups, on IE and Firefox.

I have run a Malwarebytes scan; I attach the two files, as stated in your guide.

I apologise from for the torrent programme, I will unistall immediately at your instructions.

I would be grateful for any assistance, thanks.

Attach.txt

DDS.txt

[MrCharlie]

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

http://forums.malwar...showtopic=97700

----------------------------------------

Then........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[brinkmann]

Thanks for replying. P-2-P's uninstalled.

Report:

RogueKiller V8.0.3 [09/13/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Geraint [Admin rights]

Mode : Scan -- Date : 09/18/2012 21:27:09

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

72.29.93.243 www.google-analytics.com.

72.29.93.243 ad-emea.doubleclick.net.

72.29.93.243 www.statcounter.com.

64.27.10.42 www.google-analytics.com.

64.27.10.42 ad-emea.doubleclick.net.

64.27.10.42 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD753LJ ATA Device +++++

--- User ---

[MBR] 9bec5b53d4f538d29e782d0336f03306

[bSP] 229d36670a442efe1966c29086e3648f : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 249899 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 512000000 | Size: 465402 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[MrCharlie]

Run RogueKiller again and click Scan

When the scan completes ..............

Click Fix Host on the right hand column under Options

Please read the directions carefully so you don't end up deleting something that is good!!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Next.........

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
  
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  
• Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.
  

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[brinkmann]

2 files attached

TDSSKiller.2.8.10.0_18.09.2012_21.42.29_log.txt

TDSSKiller.2.8.10.0_18.09.2012_21.45.05_log.txt

[MrCharlie]

Is there any improvement?? MrC

[brinkmann]

Firefox seems to be working fine, on IE facebook and youtube are loading, but not fully, but have not seen a pop up yet after 15 minutes. I'll see how it goes tomorrow and report back? Thanks

[brinkmann]

Just as I posted the above, a small pop up came up on Firefox for a slot machine game, no not fixed yet

[MrCharlie]

Please create a new system restore point before you run ComboFix.

If after running ComboFix you can't connect to the internet, please use that system restore point and that will correct the problem.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[brinkmann]

I ran combofix, but it ran all night, did not end and there was no report. Pc was then slow with no internet, so I restored to pre combofix. Restore was a 'catastrophic failure 0X08000FFFF'. Pc now appears ok, but can'tconnect to internet. I must have done something wrong?

[MrCharlie]

Is this a wireless network?

See if you can restore the registry by double clicking on erdnt.exe

C:\Windows\ERDNT\hiv-backup\erdnt.exe

Reboot and let me know, MrC

[brinkmann]

I restored, but there were a lot of error messages about not being able to back up files.

I have Ethernet broadband.

The PC is being crippled by processes running in the background, like CCC.exe, physical memory usage is at 96%, CPU usage at 72%, without opening any programmes after reboot.

[MrCharlie]

It stands for “Catalyst Control Center”, part of your video card.

Was the connection restored? MrC

[brinkmann]

No connection. It appears enabled, but does not recognise the network? It works fine with wireless to my phone.

[MrCharlie]

Look through this guide and see if any of it works:

http://www.dummies.com/how-to/content/how-to-repair-a-network-connection-in-windows-7.html

MrC

[brinkmann]

The problem is identified by troubleshooter as Local area connection doesn't have valid IP configuration. PC bartely functions now, so slow. Save me MrC!

[MrCharlie]

Download and install Complete Internet Repair (it will just install to a folder)

http://www.datum-for...ownloads/?did=4

Open up the folder and run CIntRep.exe

Put a check in the first 4 boxes

Now Hit Go

When done > Reboot

See if it works now.

MrC

[brinkmann]

No still doesn't work

[brinkmann]

The physical memory and CPU are so high its difficult to do anything now and I have to reboot a lot as things freeze. Why has this happened, is it caused by the virus? I'm very worried about losing files. Thanks.

[brinkmann]

Update: I am advised by my internet provider that the routers Ethernet is broken, they are sending me a new router. Is there anything I can do until I receive it? Thanks.

[MrCharlie]

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[brinkmann]

OTL logfile created on: 19/09/2012 22:27:58 - Run 1

OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Geraint\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 0.25 Gb Available Physical Memory | 6.25% Memory free

8.00 Gb Paging File | 1.53 Gb Available in Paging File | 19.14% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 244.04 Gb Total Space | 24.06 Gb Free Space | 9.86% Space Free | Partition Type: NTFS

Drive F: | 454.49 Gb Total Space | 452.59 Gb Free Space | 99.58% Space Free | Partition Type: NTFS

Computer Name: GERAINT-PC | User Name: Geraint | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/19 22:27:28 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Geraint\Desktop\OTL.exe

PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Geraint\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/02/14 22:43:04 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe

PRC - [2011/01/03 23:20:54 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2010/11/24 18:59:22 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010/07/20 17:59:02 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe

PRC - [2010/07/15 18:06:43 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010/03/07 16:57:42 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2008/06/03 12:25:38 | 000,110,647 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\Ir.exe

PRC - [2008/05/30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\EPG Services\System\EPGService.exe

PRC - [2008/05/15 16:30:36 | 000,688,128 | ---- | M] (Hauppauge Inc.) -- C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe

PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/08/18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/08/06 23:17:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2010/07/20 17:59:02 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)

SRV - [2010/07/15 18:06:43 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/03/07 16:57:42 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/06/02 16:55:26 | 000,823,296 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Program Files (x86)\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)

SRV - [2008/05/30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files (x86)\WinTV\EPG Services\System\EPGService.exe -- (EPGService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/09/12 20:51:36 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)

DRV:64bit: - [2011/05/11 18:50:34 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)

DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/07/15 18:06:41 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)

DRV:64bit: - [2009/08/18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/10 04:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/05 10:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/05/22 15:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/14 02:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009/05/05 05:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2008/07/28 20:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)

DRV:64bit: - [2008/04/19 00:27:30 | 000,214,528 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88bda.sys -- (HCW88BDA)

DRV:64bit: - [2008/04/19 00:27:04 | 000,015,872 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88rc5.sys -- (hcw88rc5)

DRV:64bit: - [2008/04/19 00:27:00 | 000,338,304 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88tse.sys -- (HCW88TSE)

DRV:64bit: - [2008/04/19 00:26:34 | 000,437,888 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88vid.sys -- (hcw88vid)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 27 0A 4F CC 9A CA 01 [binary data]

IE - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found

IE - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\..\SearchScopes,DefaultScope = {66F1835E-34C6-4AB6-BC47-E98A78F29623}

IE - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\..\SearchScopes\{66F1835E-34C6-4AB6-BC47-E98A78F29623}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7ADFA_enGB454

IE - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledAddons: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.15.1.0

FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.1

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.36.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.6.0.10

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/03 23:20:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/06 23:17:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/11 09:03:14 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/06 23:17:22 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/11 09:03:14 | 000,000,000 | ---D | M]

[2010/01/29 19:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geraint\AppData\Roaming\Mozilla\Extensions

[2012/08/22 13:30:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geraint\AppData\Roaming\Mozilla\Firefox\Profiles\wjgfkev2.default\extensions

[2012/08/22 13:30:45 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Geraint\AppData\Roaming\Mozilla\Firefox\Profiles\wjgfkev2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

[2010/02/20 16:45:07 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Geraint\AppData\Roaming\Mozilla\Firefox\Profiles\wjgfkev2.default\extensions\battlefieldheroespatcher@ea.com

[2010/02/20 16:41:47 | 000,000,000 | ---D | M] (InstantAction.com Game Launcher) -- C:\Users\Geraint\AppData\Roaming\Mozilla\Firefox\Profiles\wjgfkev2.default\extensions\iaplayer@instantaction.com

[2012/07/11 09:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/08/06 23:17:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/05/03 22:29:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/07/11 09:03:12 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/07/11 09:03:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/07/11 09:03:12 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/07/11 09:03:12 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/07/11 09:03:12 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2012/07/11 09:03:12 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

CHR - default_search_provider: suggest_url =

CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2012/09/19 00:01:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [EPGServiceTool] C:\Program Files (x86)\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - Startup: C:\Users\Geraint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Geraint\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O1364bit: - gopher Prefix: missing

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab (Battlefield Heroes Updater)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantaction.com/download/iaplayer.cab (InstantAction Game Launcher)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989585D5-D26E-47C5-9D66-E5F25CED6951}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{997753B4-D0A9-42D1-918E-C913C3485A66}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE012F8D-9C2D-44F7-814D-5DC18C937EE0}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/19 22:25:54 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Geraint\Desktop\OTL.exe

[2012/09/19 20:13:33 | 000,000,000 | ---D | C] -- C:\Users\Geraint\Desktop\Complete Internet Repair

[2012/09/19 09:29:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/09/19 09:18:59 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/09/18 23:59:36 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/09/18 23:53:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/09/18 23:53:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/09/18 23:53:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/09/18 23:52:59 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/09/18 23:52:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/09/18 23:52:17 | 004,753,249 | R--- | C] (Swearware) -- C:\Users\Geraint\Desktop\ComboFix.exe

[2012/09/18 21:42:09 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Geraint\Desktop\tdsskiller.exe

[2012/09/18 21:22:13 | 000,000,000 | ---D | C] -- C:\Users\Geraint\Desktop\RK_Quarantine

[2012/09/18 18:09:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Geraint\Desktop\dds.scr

[2012/09/18 18:00:23 | 000,000,000 | ---D | C] -- C:\Users\Geraint\AppData\Roaming\Malwarebytes

[2012/09/18 18:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/09/18 18:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/09/18 18:00:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/18 18:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/09/16 13:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite

[2012/09/16 13:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software

[2012/09/16 13:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software

[2012/09/16 13:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs

[2012/09/16 13:46:44 | 000,000,000 | ---D | C] -- C:\Users\Geraint\AppData\Roaming\NCH Software

[2012/08/27 15:22:53 | 000,000,000 | ---D | C] -- C:\Users\Geraint\Documents\TY

========== Files - Modified Within 30 Days ==========

[2012/09/19 22:34:24 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/19 22:34:22 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/19 22:27:28 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Geraint\Desktop\OTL.exe

[2012/09/19 22:24:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/19 22:24:35 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/19 20:43:05 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/09/19 20:43:05 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/09/19 20:43:05 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/09/19 20:02:32 | 000,650,870 | ---- | M] () -- C:\Users\Geraint\Desktop\comintrep.exe

[2012/09/19 17:47:42 | 000,006,576 | ---- | M] () -- C:\bootsqm.dat

[2012/09/19 12:11:52 | 000,007,628 | ---- | M] () -- C:\Users\Geraint\AppData\Local\Resmon.ResmonCfg

[2012/09/19 00:01:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/09/18 23:52:28 | 004,753,249 | R--- | M] (Swearware) -- C:\Users\Geraint\Desktop\ComboFix.exe

[2012/09/18 23:10:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/09/18 21:44:15 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/09/18 21:42:13 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Geraint\Desktop\tdsskiller.exe

[2012/09/18 21:26:10 | 001,378,816 | ---- | M] () -- C:\Users\Geraint\Desktop\RogueKiller(1).exe

[2012/09/18 18:09:37 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Geraint\Desktop\dds.scr

[2012/09/18 18:00:01 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/18 17:44:26 | 095,176,936 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2012/09/18 16:48:28 | 000,001,441 | ---- | M] () -- C:\Users\Geraint\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/09/18 16:46:59 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/09/18 16:46:57 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2012/09/16 13:46:49 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Express Scribe.lnk

[2012/09/13 23:47:53 | 000,078,224 | ---- | M] () -- C:\Users\Geraint\AppData\Local\soulseek-client.dat

[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/04 21:05:30 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/09/19 20:02:43 | 000,650,870 | ---- | C] () -- C:\Users\Geraint\Desktop\comintrep.exe

[2012/09/19 17:47:42 | 000,006,576 | ---- | C] () -- C:\bootsqm.dat

[2012/09/19 12:11:52 | 000,007,628 | ---- | C] () -- C:\Users\Geraint\AppData\Local\Resmon.ResmonCfg

[2012/09/18 23:53:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/09/18 23:53:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/09/18 23:53:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/09/18 23:53:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/09/18 23:53:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/09/18 21:26:09 | 001,378,816 | ---- | C] () -- C:\Users\Geraint\Desktop\RogueKiller(1).exe

[2012/09/18 18:00:01 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/18 16:46:59 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/09/18 16:46:57 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2012/09/16 13:46:49 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe.lnk

[2012/09/16 13:46:49 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Express Scribe.lnk

[2012/08/08 16:50:59 | 000,078,224 | ---- | C] () -- C:\Users\Geraint\AppData\Local\soulseek-client.dat

[2012/02/26 15:23:41 | 000,003,584 | ---- | C] () -- C:\Users\Geraint\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/02 21:22:34 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll

[2012/01/02 21:22:34 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll

[2012/01/02 21:22:14 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll

[2010/04/26 22:36:45 | 000,396,518 | ---- | C] () -- C:\Users\Geraint\madFlac-1.8.zip

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2011/01/19 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\.minecraft

[2012/02/21 00:27:51 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\Abvent

[2012/02/21 00:31:51 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\Abvent_Artlantis4

[2010/05/16 14:55:55 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\Amazon

[2011/09/21 21:34:27 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\Azureus

[2010/06/15 21:26:00 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\Digital Distribution Networks Ltd

[2012/09/19 22:25:47 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\Dropbox

[2012/03/31 13:43:42 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\Ebly

[2012/04/17 18:22:33 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\Graphisoft

[2010/11/29 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\ICAClient

[2012/04/17 18:20:40 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\Install.GS

[2012/04/04 19:14:35 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\Kanauw

[2012/07/09 22:14:33 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\Spotify

[2012/01/02 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\ubi.com

[2012/09/18 21:20:30 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\uTorrent

[2011/11/18 16:05:00 | 000,000,000 | ---D | M] -- C:\Users\Geraint\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

[brinkmann]

OTL Extras logfile created on: 19/09/2012 22:27:58 - Run 1

OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Geraint\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 0.25 Gb Available Physical Memory | 6.25% Memory free

8.00 Gb Paging File | 1.53 Gb Available in Paging File | 19.14% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 244.04 Gb Total Space | 24.06 Gb Free Space | 9.86% Space Free | Partition Type: NTFS

Drive F: | 454.49 Gb Total Space | 452.59 Gb Free Space | 99.58% Space Free | Partition Type: NTFS

Computer Name: GERAINT-PC | User Name: Geraint | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{050236A2-90F3-4D08-A41B-C39106CF8CF1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{098D467D-A8D2-4F50-BB28-4E9B7BACD37F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{0CFFD6A8-9669-4795-808E-1B1A60914DAD}" = lport=137 | protocol=17 | dir=in | app=system |

"{0E4DFA89-C192-4D3D-B94A-2F93EBB656CA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{145AB1E6-10F8-4B8F-8A8B-F50DF54AA392}" = lport=139 | protocol=6 | dir=in | app=system |

"{147993DC-5148-46D2-A65F-F3058A6B25FF}" = rport=139 | protocol=6 | dir=out | app=system |

"{1CF6E97B-8A33-4DBB-A6C6-CDABE78D5ACC}" = rport=137 | protocol=17 | dir=out | app=system |

"{1F9574A0-FFD2-4997-8703-FD06A9B8B0C6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{289DC59E-CCD0-407F-8305-C1CF960E942F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{2FEFFC6D-A2A5-47D0-ACD2-CD269A2B9522}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{31B2981E-9DE4-4FD5-9F0A-BEC1C730CD3D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{34DF0DE0-94BD-4552-B693-2FDC1C67112D}" = rport=10243 | protocol=6 | dir=out | app=system |

"{3831A98A-624D-439C-80EF-D73AE1B5BD45}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{54245F76-4942-41DD-A5EA-10195B7A9397}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{545D576E-CF66-4947-9A1D-BB1E804A2280}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{62931BA4-1C88-4852-B427-35CE824C3146}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{6A20C9CB-B168-4022-8C5E-8F9F07EE8A60}" = lport=10243 | protocol=6 | dir=in | app=system |

"{6CE9F3AD-0D80-4E27-8A4A-9F9A2D4618BD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{6F167703-A5EA-4D78-B378-3133EC5E1AE9}" = rport=445 | protocol=6 | dir=out | app=system |

"{93E0CC63-D9F3-410F-B55F-4034A3E0F3BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9468AFBE-2AD4-49ED-96FC-39342E449832}" = lport=445 | protocol=6 | dir=in | app=system |

"{9C2996A6-EFDD-4712-A356-0A99CF637204}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{A95E7894-836D-42AD-8255-8D18B851EB0B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{ADE87BCB-B7DA-4248-8EFB-F1110FCA2A4F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{AF8608B4-E5CB-4484-BD25-50984E286A79}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B17A2E49-DA29-48A4-93F0-BFA9F74E4BAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B213EA9F-4F7C-4250-9B5E-17028C889350}" = lport=138 | protocol=17 | dir=in | app=system |

"{C9FDBBDA-6988-4836-B5D1-9C0DD2C860F2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{ED727B01-45FD-418B-86D0-BBE6AEC25F7A}" = rport=138 | protocol=17 | dir=out | app=system |

"{EE1D46D8-0929-4431-AD5C-190540461290}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{F69DF5C9-A3AF-478B-BA79-BEB64E4D3A76}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F85B55B5-1E3A-4F73-9336-59076155F913}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FC4B9075-5C05-4913-BBAD-EA866B872013}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{FD79A6C1-758A-4891-AF8F-8168EA2B8A17}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{077E3CCA-588D-4250-9F15-9BD0F2DF5BBC}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |

"{0F83C41B-4C15-47AE-BD9F-1CB5AAEDE672}" = protocol=17 | dir=in | app=c:\users\geraint\appdata\roaming\dropbox\bin\dropbox.exe |

"{1390D5F7-5752-45FB-8515-5FA9C2A9E92B}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |

"{20C49699-5616-48B2-9710-101E45909D87}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{29DA9659-8E60-414F-925A-B1D844AA7C00}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{2CF1E7D6-1EC7-4602-B70A-90CA358DD372}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |

"{2FCC4C12-7DE6-451D-94C0-BDEDDD2BFC14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{33585406-7B70-482B-9150-DF9508269350}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{399E12DD-6060-4276-93E2-12607A67E332}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3F0B692A-2F97-4351-AC84-5C723F6AACA9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{40645780-3875-4EB3-9C35-35E1E9F84DA8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{41590782-6D78-4B8F-BAF6-CA9992523030}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |

"{4A68EC59-FB6E-4676-A8D8-A96A68DEBFB6}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |

"{4DE1ED57-B020-47B5-8797-DDDD67D1A894}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{4FB2BA3D-77F6-42F4-B625-0FA12455AF71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4FB3949E-6A74-465E-9256-E765940F60CC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{51E6DF81-1B10-4C58-9B62-4FAF9D007742}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |

"{6104D155-A05F-47E3-819A-185A463DD111}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{6700F865-0C90-4D6A-91DA-E3E4006BDBF7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{6C2BC450-3E92-44CC-891A-B7F0B9133F1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6CAEF3E0-E444-4891-B059-D7443FE515F8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6E58628B-1928-4451-A474-B2F201F71ECC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{739BC2CC-E067-49F9-ACAF-6FA869FB9515}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{7BF9B6C1-91CF-4A2F-B221-38E60FAB8D18}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{8623EB33-6EDE-4593-81B0-8150948C189C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{89C3A4AC-30C4-4748-8FE9-976D32512463}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{908493F7-D4B8-4F4D-BA21-E481B852493B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{9213FB2A-E015-479F-9267-2744BC96731F}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{92A06C61-265A-4F29-A90D-4789C39612BB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{9C4D5E2A-5824-4DFF-8D6C-7EA391CD0EB2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{9ECE04E1-CFAA-4CE6-B3F0-1FF9B65573C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{9F91F0FF-7F2E-4DC7-9C1D-11CC0D832DF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{A774FEE0-2A7E-48B9-A5EB-5F21ECC47C91}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |

"{B0AFB70F-5614-4019-BEAE-08782D4BCD88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{B153F82F-6676-4A0E-A588-1EECBCBE4FAF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{BA2D9DB8-516E-4A4F-AAA3-F01ED3A7956E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{BBF3CE25-CFF5-4922-897B-4015FCD608EB}" = protocol=6 | dir=out | app=system |

"{C0725D8C-58C0-4DBA-AF41-DE7990547C16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C1AFAF64-C694-4ECB-ADBB-1F032CA3C437}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C79ACF84-FC52-4822-94FB-D475BE0F83F1}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |

"{CAD08F71-5DBC-4600-BF98-1D663A81CA9D}" = protocol=6 | dir=in | app=c:\users\geraint\appdata\roaming\dropbox\bin\dropbox.exe |

"{CC4EF6A6-AB99-47F3-A133-34DC4AB27E6C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{CC55E8CA-6DC6-4A8D-82FF-81ADC2F72F77}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |

"{CEDE1497-97EF-4AB9-9A9B-741B31805A56}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{D6EB6599-F4A3-4843-8DDE-D3ABD200464B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{DCADE909-AE4E-4BB7-8B49-8B65DDDFC5C7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E79E636D-1A24-4612-B43C-E3C4C7FDF6DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F7C68682-DBD2-4A9F-A7E8-5B59A2DDC200}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{F95CB322-13A7-444C-930D-471807F93D2B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"TCP Query User{0A60B33B-7594-4FF0-A2A4-85F23B5AB85A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{120BA38D-E5CF-4EF4-9661-163A88CD91B5}C:\users\geraint\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\geraint\appdata\roaming\spotify\spotify.exe |

"TCP Query User{146DE6B7-0179-4059-83EA-414F995131E8}C:\program files (x86)\soulseekqt\soulseekqt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekqt\soulseekqt.exe |

"TCP Query User{7950FD8F-3DE9-4363-B86B-8DC7DE25BB77}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |

"TCP Query User{7F53EA44-6B2B-428D-8740-A9E7C1767B1F}C:\program files\graphisoft\archicad 15\licensefilegenerator.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 15\licensefilegenerator.exe |

"TCP Query User{9B9EAF23-1A08-4F16-AB2C-7CE6C9198F4E}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |

"TCP Query User{AC956375-67D5-49E1-82D2-309E6A0D3A88}C:\users\geraint\appdata\roaming\kanauw\igen.exe" = protocol=6 | dir=in | app=c:\users\geraint\appdata\roaming\kanauw\igen.exe |

"TCP Query User{C770B3F1-C9B6-44C4-8481-BC521A7B4494}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

"TCP Query User{CB8691CB-F5A3-4AEA-9383-9239DCBCCF6A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"TCP Query User{D2453F8B-7B93-4E7D-8804-8D32237AB73F}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

"TCP Query User{E0C83AA2-6FF4-42C5-9536-133E5C576480}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"TCP Query User{EFD56917-9EA4-4636-8C31-E9C83E0ACCB7}C:\program files\artlantis studio 4\qtsocketserver.exe" = protocol=6 | dir=in | app=c:\program files\artlantis studio 4\qtsocketserver.exe |

"TCP Query User{F7F8E950-BE9D-4EED-BDBC-1F296CE1B03A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |

"UDP Query User{206603DF-FD25-4386-91D6-CB91E200CACD}C:\program files\artlantis studio 4\qtsocketserver.exe" = protocol=17 | dir=in | app=c:\program files\artlantis studio 4\qtsocketserver.exe |

"UDP Query User{3B26B472-A751-41F8-9004-015056AF276A}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"UDP Query User{5FDA92ED-1420-442F-ADD6-83ACE77A0F86}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

"UDP Query User{7C849A92-5BDC-4695-8951-6CE7CBD7987F}C:\program files (x86)\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\dawn of war\w40k.exe |

"UDP Query User{94C67F12-E08F-4A9A-8865-0031B7F7B6B7}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |

"UDP Query User{94F018F6-E829-419A-9127-CCE075D76B1C}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |

"UDP Query User{A0CCA66D-3B55-4976-8A35-63EAB06274F2}C:\program files (x86)\soulseekqt\soulseekqt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekqt\soulseekqt.exe |

"UDP Query User{A966F7DC-19D6-49E2-88F4-5DBA7091A06E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"UDP Query User{AF987409-9F23-4382-87DF-985BB3604DD3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{BA61AE2B-B2A3-4762-8BDA-195E07269E16}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

"UDP Query User{C3BAF996-138B-4570-84EF-D12E4E4EA906}C:\program files\graphisoft\archicad 15\licensefilegenerator.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 15\licensefilegenerator.exe |

"UDP Query User{C8233A2E-F933-4BFC-9A82-6CCE91AF34D3}C:\users\geraint\appdata\roaming\kanauw\igen.exe" = protocol=17 | dir=in | app=c:\users\geraint\appdata\roaming\kanauw\igen.exe |

"UDP Query User{EA171F79-FBC4-47A2-829D-862B7F31C730}C:\users\geraint\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\geraint\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0ADCC771-E663-00D5-C381-C152F0F4D391}" = ATI AVIVO64 Codecs

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{2729DB28-1CDC-EB41-A806-35D0AA7A8A72}" = ATI Catalyst Install Manager

"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{904977E6-32FF-CBF5-1A45-533967D3A472}" = ccc-utility64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2

"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1

"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04C283E4-7FB0-417C-26DD-4AF656A0DECA}" = Catalyst Control Center Graphics Full New

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{13C24BBC-F194-C886-C993-93CDA31EF5EE}" = CCC Help Turkish

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18550D66-9E2F-E996-4374-922CE5136D2B}" = CCC Help English

"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2491C25B-5BDF-139A-20BC-C081DCBF653D}" = CCC Help German

"{2585FE80-3666-B768-93B2-A7585C4BB2B1}" = ccc-core-static

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{27A07F33-EADC-8971-6D13-6263D4E90809}" = CCC Help Finnish

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{32ABC0EB-8F69-B431-49F5-5C1150E7B7C7}" = Catalyst Control Center Graphics Previews Common

"{39AF8F9C-FAF2-2012-C5A2-8AD0B6DE3B95}" = CCC Help Hungarian

"{3B2A1453-E69E-5F62-AA11-AB09A4E962AD}" = Catalyst Control Center InstallProxy

"{3BCE3FDF-4A7A-FBAC-65B3-F517DF651076}" = CCC Help Swedish

"{46157EFF-B576-CA93-0DE0-41B6B5406432}" = CCC Help Italian

"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5592EAD5-22E8-9AEC-0A8F-19D0EDFD88F0}" = Catalyst Control Center Graphics Light

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C62F4FE-E4FB-7193-C1B4-B6A8A557BFDE}" = CCC Help Danish

"{5EA4D0FB-6988-A40B-BC17-10D5F2D70225}" = CCC Help Greek

"{63B3C1C7-CE1A-F2A8-229F-8ED4BE8AF38B}" = Catalyst Control Center Core Implementation

"{6469F22F-63C7-527E-32EE-F8DCB8E711A8}" = CCC Help Spanish

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73688255-C643-AFBA-C1AA-8849599838C7}" = CCC Help French

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{80081D11-89C4-F3A5-68D0-024498FBC7BF}" = CCC Help Chinese Traditional

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes

"{8DD28683-B0FB-3562-8AC1-B3E478E6A3E0}" = CCC Help Polish

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles

"{8F1DA256-8440-A54D-914D-BAE11062F354}" = CCC Help Russian

"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{994A45A7-506C-B1A2-C1E4-CE5CA33D3653}" = CCC Help Thai

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A10F7877-4276-416C-9F22-CB56C0CB2700}" = Medieval - Total War - Gold Edition

"{A176E83C-9514-A97E-7536-9BDEAC180198}" = CCC Help Norwegian

"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com

"{B7988138-1065-5B78-3C8A-98A53EE9EF6D}" = CCC Help Chinese Standard

"{B9A7A351-6C55-697A-8919-9BF7EFED05B3}" = Catalyst Control Center Graphics Full Existing

"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C6B29F03-4D97-3B4E-D906-70958E6B1448}" = HydraVision

"{CA97E53B-2E94-6602-2956-C2D37B91ECE3}" = CCC Help Portuguese

"{CC6E0CC3-0C86-B773-4D82-8188FB91E62E}" = CCC Help Korean

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4C7DAB9-6623-4D86-9B9A-C9F8903BA4D2}" = MediaImpression 2.0 for PENTAX

"{D6421134-78C3-8E9D-1512-5BA1B2088DCF}" = CCC Help Dutch

"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center

"{DA9C6CBF-8955-966B-3A87-62AFA677C292}" = CCC Help Czech

"{DB30B278-35EF-2836-B6EC-37639BBBF215}" = Catalyst Control Center HydraVision Full

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E899BF79-446D-C365-81D7-901D30C58206}" = CCC Help Japanese

"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin

"{F08C8A50-8061-2B2A-C0F9-F0715740DE4A}" = Catalyst Control Center Graphics Previews Vista

"{FAE94B77-CBC4-AA4D-676B-1588EFA5C1CE}" = Catalyst Control Center Localization All

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"8461-7759-5462-8226" = Vuze

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9

"AVG9Uninstall" = AVG Free 9.0

"DivX 5.0.2 Bundle" = DivX 5.0.2 Bundle

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Google Chrome" = Google Chrome

"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources

"Hauppauge WinTV" = Hauppauge WinTV

"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service

"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote

"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler

"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"InstallShield_{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles

"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility

"Karen's Clipboard Viewer" = Karen's Clipboard Viewer

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400

"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"PunkBusterSvc" = PunkBuster Services

"RealPlayer 12.0" = RealPlayer

"Scribe" = Express Scribe

"Spotify" = Spotify

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3668696257-3386386667-2392577921-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 28/10/2011 17:22:50 | Computer Name = Geraint-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".

Dependent

Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/10/2011 17:22:55 | Computer Name = Geraint-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".

Dependent

Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/10/2011 19:30:12 | Computer Name = Geraint-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 30/10/2011 17:57:33 | Computer Name = Geraint-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 31/10/2011 15:03:53 | Computer Name = Geraint-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 02/11/2011 16:12:01 | Computer Name = Geraint-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 03/11/2011 16:17:35 | Computer Name = Geraint-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,

time stamp: 0x4ce79912 Faulting module name: Flash11c.ocx, version: 11.0.1.152, time

stamp: 0x4e7d1782 Exception code: 0xc0000005 Fault offset: 0x001b0b5c Faulting process

id: 0x8f8 Faulting application start time: 0x01cc9a5ad98c9527 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\Macromed\Flash\Flash11c.ocx Report Id: dd7598f1-0658-11e1-b57c-002618e8326c

Error - 05/11/2011 08:33:23 | Computer Name = Geraint-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 07/11/2011 17:24:39 | Computer Name = Geraint-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".

Dependent

Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 07/11/2011 17:24:52 | Computer Name = Geraint-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\plugins\rmxrend.dll".

Dependent

Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 08/11/2011 15:15:12 | Computer Name = Geraint-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

[ Media Center Events ]

Error - 25/07/2011 17:08:25 | Computer Name = Geraint-PC | Source = MCUpdate | ID = 0

Description = 22:08:21 - Error connecting to the internet. 22:08:21 - Unable

to contact server..

Error - 16/09/2011 13:44:18 | Computer Name = Geraint-PC | Source = MCUpdate | ID = 0

Description = 18:44:18 - Error connecting to the internet. 18:44:18 - Unable

to contact server..

Error - 16/09/2011 13:44:53 | Computer Name = Geraint-PC | Source = MCUpdate | ID = 0

Description = 18:44:40 - Error connecting to the internet. 18:44:40 - Unable

to contact server..

Error - 23/09/2011 12:53:24 | Computer Name = Geraint-PC | Source = MCUpdate | ID = 0

Description = 17:53:24 - Error connecting to the internet. 17:53:24 - Unable

to contact server..

Error - 23/09/2011 12:54:05 | Computer Name = Geraint-PC | Source = MCUpdate | ID = 0

Description = 17:53:53 - Error connecting to the internet. 17:53:53 - Unable

to contact server..

Error - 04/10/2011 03:16:37 | Computer Name = Geraint-PC | Source = MCUpdate | ID = 0

Description = 08:16:36 - Error connecting to the internet. 08:16:36 - Unable

to contact server..

Error - 23/10/2011 14:26:20 | Computer Name = Geraint-PC | Source = MCUpdate | ID = 0

Description = 19:26:20 - Error connecting to the internet. 19:26:20 - Unable

to contact server..

Error - 23/10/2011 14:27:01 | Computer Name = Geraint-PC | Source = MCUpdate | ID = 0

Description = 19:26:49 - Error connecting to the internet. 19:26:49 - Unable

to contact server..

Error - 20/11/2011 11:28:12 | Computer Name = Geraint-PC | Source = MCUpdate | ID = 0

Description = 15:28:12 - Error connecting to the internet. 15:28:12 - Unable

to contact server..

Error - 20/11/2011 11:28:45 | Computer Name = Geraint-PC | Source = MCUpdate | ID = 0

Description = 15:28:19 - Error connecting to the internet. 15:28:19 - Unable

to contact server..

[ System Events ]

Error - 19/09/2012 17:52:49 | Computer Name = Geraint-PC | Source = Service Control Manager | ID = 7023

Description = The IPsec Policy Agent service terminated with the following error:

%%10044

Error - 19/09/2012 17:52:49 | Computer Name = Geraint-PC | Source = Service Control Manager | ID = 7023

Description = The IPsec Policy Agent service terminated with the following error:

%%10044

Error - 19/09/2012 17:52:50 | Computer Name = Geraint-PC | Source = Service Control Manager | ID = 7023

Description = The IPsec Policy Agent service terminated with the following error:

%%10044

Error - 19/09/2012 17:52:50 | Computer Name = Geraint-PC | Source = Service Control Manager | ID = 7023

Description = The IPsec Policy Agent service terminated with the following error:

%%10044

Error - 19/09/2012 17:52:50 | Computer Name = Geraint-PC | Source = Service Control Manager | ID = 7023

Description = The IPsec Policy Agent service terminated with the following error:

%%10044

Error - 19/09/2012 17:52:50 | Computer Name = Geraint-PC | Source = Service Control Manager | ID = 7023

Description = The IPsec Policy Agent service terminated with the following error:

%%10044

Error - 19/09/2012 17:52:50 | Computer Name = Geraint-PC | Source = Service Control Manager | ID = 7023

Description = The IPsec Policy Agent service terminated with the following error:

%%10044

Error - 19/09/2012 17:52:50 | Computer Name = Geraint-PC | Source = Service Control Manager | ID = 7023

Description = The IPsec Policy Agent service terminated with the following error:

%%10044

Error - 19/09/2012 17:52:50 | Computer Name = Geraint-PC | Source = Service Control Manager | ID = 7023

Description = The IPsec Policy Agent service terminated with the following error:

%%10044

Error - 19/09/2012 17:52:50 | Computer Name = Geraint-PC | Source = Service Control Manager | ID = 7023

Description = The IPsec Policy Agent service terminated with the following error:

%%10044

< End of report >

[MrCharlie]

Not much showing.....

Please do this:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  
  :OTL
  IE - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
  O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
  O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
  O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  :Commands
  [EMPTYJAVA]
  [emptytemp]
  [EMPTYFLASH]
  

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  

MrC

[brinkmann]

All processes killed

Error: Unable to interpret <:OTL IE - HKU\S-1-5-21-3668696257-3386386667-2392577921-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. :Commands [EMPTYJAVA] [emptytemp] [EMPTYFLASH]> in the current context!

OTL by OldTimer - Version 3.2.64.0 log created on 09202012_101441

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Performance better today, physical memory down to 32% from 98%