met police ransum. jpeg and pdf files wont open
- Thread starter richy
- Start date
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9D7C8411-0A4D-43BF-BA5E-30B37B65B3EB}\\DhcpNameServer| /E : value set successfully!
========== FILES ==========
File G:\Windows\SysNative\user32.dll successfully replaced with G:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
G:\Users\Richard\Desktop\cmd.bat deleted successfully.
G:\Users\Richard\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Richard
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66345 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6245303 bytes
->Flash cache emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6.00 mb
G:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 01202013_014705
Files\Folders moved on Reboot...
G:\Users\Richard\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9D7C8411-0A4D-43BF-BA5E-30B37B65B3EB}\\DhcpNameServer| /E : value set successfully!
========== FILES ==========
File G:\Windows\SysNative\user32.dll successfully replaced with G:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
G:\Users\Richard\Desktop\cmd.bat deleted successfully.
G:\Users\Richard\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Richard
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 66345 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6245303 bytes
->Flash cache emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6.00 mb
G:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 01202013_014705
Files\Folders moved on Reboot...
G:\Users\Richard\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL Extras logfile created on: 1/19/2013 4:02:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\Users\Richard\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.98 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 63.70% Memory free
7.96 Gb Paging File | 5.98 Gb Available in Paging File | 75.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 81.78 Gb Free Space | 83.75% Space Free | Partition Type: NTFS
Drive D: | 86.01 Gb Total Space | 13.85 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Drive F: | 650.19 Gb Total Space | 556.25 Gb Free Space | 85.55% Space Free | Partition Type: NTFS
Drive G: | 97.66 Gb Total Space | 6.03 Gb Free Space | 6.18% Space Free | Partition Type: NTFS
Drive J: | 1.89 Gb Total Space | 0.12 Gb Free Space | 6.37% Space Free | Partition Type: FAT
Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- G:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- G:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- G:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- G:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2379537864-1206443918-4236817830-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- "F:\My Program Files\firefox.exe" -osint -url "%1"
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "G:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "G:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "G:\Windows\System32\rundll32.exe" "G:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "G:\Windows\System32\rundll32.exe" "G:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
OTL by OldTimer - Version 3.2.69.0 Folder = G:\Users\Richard\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.98 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 63.70% Memory free
7.96 Gb Paging File | 5.98 Gb Available in Paging File | 75.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 81.78 Gb Free Space | 83.75% Space Free | Partition Type: NTFS
Drive D: | 86.01 Gb Total Space | 13.85 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Drive F: | 650.19 Gb Total Space | 556.25 Gb Free Space | 85.55% Space Free | Partition Type: NTFS
Drive G: | 97.66 Gb Total Space | 6.03 Gb Free Space | 6.18% Space Free | Partition Type: NTFS
Drive J: | 1.89 Gb Total Space | 0.12 Gb Free Space | 6.37% Space Free | Partition Type: FAT
Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- G:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- G:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- G:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- G:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2379537864-1206443918-4236817830-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- "F:\My Program Files\firefox.exe" -osint -url "%1"
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "G:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "G:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "G:\Windows\System32\rundll32.exe" "G:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "G:\Windows\System32\rundll32.exe" "G:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Try dividing the log into a few repliesOTL Extras logfile created on: 1/19/2013 4:02:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\Users\Richard\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.98 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 63.70% Memory free
7.96 Gb Paging File | 5.98 Gb Available in Paging File | 75.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 81.78 Gb Free Space | 83.75% Space Free | Partition Type: NTFS
Drive D: | 86.01 Gb Total Space | 13.85 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Drive F: | 650.19 Gb Total Space | 556.25 Gb Free Space | 85.55% Space Free | Partition Type: NTFS
Drive G: | 97.66 Gb Total Space | 6.03 Gb Free Space | 6.18% Space Free | Partition Type: NTFS
Drive J: | 1.89 Gb Total Space | 0.12 Gb Free Space | 6.37% Space Free | Partition Type: FAT
Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- G:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- G:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- G:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- G:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2379537864-1206443918-4236817830-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- "F:\My Program Files\firefox.exe" -osint -url "%1"
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "G:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "G:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "G:\Windows\System32\rundll32.exe" "G:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "G:\Windows\System32\rundll32.exe" "G:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "G:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "G:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049AB641-4ABA-4236-9B2A-DAF8536C55EB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06E584C3-0067-4A81-914E-A39583AD7192}" = rport=445 | protocol=6 | dir=out | app=system |
"{094AF82A-14BC-4B53-91CA-9EE836C3AB8F}" = rport=1701 | protocol=17 | dir=out | app=system |
"{10618537-8D33-495C-A093-C0EE65516D5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1464B432-D479-4CD6-A210-77594FDE998D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{2EB10174-5BB2-4DE2-BBE4-0712F674998B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{306C29FA-6500-44F8-AC69-9096ECB2F2A1}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{3579F916-728A-4F9C-A03C-AAB3ADB15914}" = lport=138 | protocol=17 | dir=in | app=system |
"{35DC6ADC-243F-4C91-BEA7-73A408DCBB07}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36E66109-FA4B-494F-8FB3-389F528C29A6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{491A69B3-C05C-4E26-B779-3A0DA300A3F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{583DF51E-FC80-4E8F-9079-0429A5878766}" = rport=139 | protocol=6 | dir=out | app=system |
"{59EACFA4-B5EF-418A-A038-DB54E8D3AA97}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{62411E4C-4510-4993-AB37-A0E27D1132A9}" = lport=1701 | protocol=17 | dir=in | app=system |
"{6503F5D4-E955-4B7C-A290-C06577CB775E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6DAEEC27-98D2-466E-A54F-C220635B7FC7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=g:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{6E6CC87F-D963-47BC-AD41-8587E6920A5B}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E7FEE7B-198A-4FC6-9077-562F5EC2EA2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{726ADD9C-4801-4F32-9C2F-EBB2E945C878}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{78D02680-740D-434B-B9A5-6C424FF736AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91B8DAB5-177A-4409-AE87-4B36210C044A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5299067-B027-40C7-8BD5-0A8276DE520D}" = lport=1723 | protocol=6 | dir=in | app=system |
"{A6A8420B-E7F8-42FE-B58D-4DA7F6AD880E}" = lport=137 | protocol=17 | dir=in | app=system |
"{AD224E01-8AE4-41A4-A92B-D57D30B7AE19}" = rport=1723 | protocol=6 | dir=out | app=system |
"{BAA04EB8-97A3-42F4-BFA6-BCE4F74DC726}" = lport=139 | protocol=6 | dir=in | app=system |
"{CB9DB777-7930-4351-9D20-CFD39C79FF60}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{D1FC91AE-03C4-4946-8794-8821F3FDEC0B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2D8A386-0BFE-4992-80A8-24E0ACE45B24}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D77BDC63-FAA9-462D-A141-0DA5CFE25906}" = rport=138 | protocol=17 | dir=out | app=system |
"{E801C66B-FCCD-4864-9EE4-2B7C2F15918D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F4924C59-D815-42F1-A1C9-E2AF09E3C41B}" = rport=137 | protocol=17 | dir=out | app=system |
"{F81A0587-3CD1-4ACB-A452-748F3B7AF97E}" = lport=3389 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019C38AA-BC2A-40A1-B756-4DDB7B9E309A}" = protocol=6 | dir=in | app=f:\my program files\avgemca.exe |
"{0A4EBEE8-B463-4C2D-BAB0-D78C206534C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BF45F35-3F7C-4F0C-8C5B-DF69D709BEE2}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{15A81889-B5E2-47DA-B014-AFAD5B7B3928}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15B3C8EB-A517-46E6-A1A7-564C44877E24}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{17BA2CC2-296D-4C84-A5BB-C762F8073B7A}" = protocol=6 | dir=in | app=g:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{1D4A4B36-D3D8-4EBA-9A46-8355AEBB2881}" = protocol=6 | dir=in | app=g:\program files (x86)\avg\avg2013\avgemca.exe |
"{1D91346A-B5B3-4012-BA0C-12AD5CE41CAC}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{2043EC90-6F20-45F9-992E-05E4F24DB2EB}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{23F0A7CA-1DFF-4DEA-96DB-F30D71291D05}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{258EFE1F-10CA-45FB-A190-4E93C18C3007}" = protocol=6 | dir=in | app=g:\program files (x86)\jump desktop\jumpwinclient.exe |
"{27A0F42D-991E-447E-9479-4CF557FC1E69}" = protocol=6 | dir=out | app=system |
"{281F123F-6099-430C-B0DB-CE9405FE74FF}" = dir=in | app=g:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{28886C34-B4A3-4938-AD4E-D27FCEF86572}" = protocol=6 | dir=in | app=g:\program files (x86)\jump desktop\jumpdesktop.exe |
"{2A4B80F0-EFCC-4FEA-B5BC-F3FF29445E35}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{2B3D0A8D-9123-4253-A490-C0568B5F9668}" = protocol=17 | dir=in | app=f:\my program files\avgemca.exe |
"{2C154974-0F85-4448-A4E6-157250B54F57}" = dir=in | app=g:\program files (x86)\hp\hp software update\hpwucli.exe |
"{3275F475-338B-4862-9331-FA2F9C99A3C2}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{33DCFFB0-F63A-4B6A-BCA5-0E533FF5EFF7}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{3CAC8BC4-4705-48F6-923A-26F2101FA8FE}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{3D604FEF-FB70-42FA-84D8-46074CE027C9}" = dir=in | app=g:\program files (x86)\itunes\itunes.exe |
"{43E75C9F-AAE1-493D-A6E6-90E35534E609}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{44B9216E-3232-4517-BA28-F9C55A4E49CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4866EDA9-2132-4B81-9E18-EFA42705FE31}" = protocol=6 | dir=in | app=g:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{54FCEC08-26B2-429F-8C31-133431F29794}" = protocol=17 | dir=in | app=f:\my program files\avgnsa.exe |
"{5AE64D63-CE0B-4284-92E6-A29627303C2B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5C0A9882-82D6-46E2-8185-6BF7452FDD36}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{63CBF493-5698-4626-BC20-AC5578827641}" = dir=in | app=g:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{66E1984A-7CE5-4CBF-8371-B82B9A772835}" = protocol=6 | dir=in | app=f:\my program files\avgnsa.exe |
"{677ADEC8-CA81-40EB-A078-521835E09538}" = protocol=6 | dir=in | app=g:\program files (x86)\jump desktop\jumpservice.exe |
"{6A2B6C8B-AB3E-4968-B9E2-2F1DF06DCDE9}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{6B6F3341-3D34-4659-ABB1-D64E0A14D05B}" = protocol=47 | dir=in | app=system |
"{6E92946E-2DA2-451D-8555-AB1412E4E09B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F2AEA64-089E-4468-99E2-4CFCE269EDAF}" = protocol=17 | dir=in | app=f:\my program files\avgmfapx.exe |
"{74400EBC-235E-4A8A-995C-B6357E9BCC44}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{74BB0569-1641-40DA-A080-2044EAA3CB93}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{7C304706-9769-4DB3-9FFD-6655DE1429DE}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\f1 2012\f1_2012.exe |
"{7F24B431-D7D6-405D-BD00-E6B0E795A70E}" = protocol=6 | dir=in | app=g:\program files\bonjour\mdnsresponder.exe |
"{7FAEA3DE-4C01-4073-B134-6F68A46F852C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81C9A7DD-DB58-4D40-A0D6-2A38A75F9914}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam.exe |
"{824AF8A2-10C9-4063-8EC4-A97C699C3A13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8494F143-DD60-4C81-A396-84B3FCA08936}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam.exe |
"{863AC0D1-4DFE-4030-9FA9-5841C7A2B633}" = protocol=17 | dir=in | app=g:\program files (x86)\jump desktop\jumpservice.exe |
"{86F80433-AB42-4610-AC11-844D26BA7A6F}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{874BC6A0-62D9-4603-9FE3-4F5632C00105}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{895FEB3E-D143-410E-A29A-9D75C5C9A832}" = protocol=17 | dir=in | app=f:\my program files\avgdiagex.exe |
"{8C46C2BA-9C88-4F30-B016-3032F47B63AB}" = protocol=17 | dir=in | app=g:\program files (x86)\jump desktop\jumpdesktop.exe |
"{8D05F59F-4114-4B51-9E0E-96C2BFC049CD}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{932A4CD8-FB92-439B-B194-E202B35CC131}" = protocol=6 | dir=in | app=g:\program files (x86)\avg\avg2013\avgnsa.exe |
"{93DAECE1-FD6B-44F7-BB92-B6F8D4872AD1}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\f1 2012\f1_2012.exe |
"{9B77ED12-97E0-46CA-8FB2-B2D647380DBE}" = protocol=17 | dir=in | app=f:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{A8C974AF-86CE-421B-A14A-4322B95AD8EE}" = protocol=6 | dir=in | app=f:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{AF8652CF-7C86-46FC-B7B9-F8CDA0EFD023}" = protocol=6 | dir=in | app=f:\my program files\avgmfapx.exe |
"{B21ECE36-EE40-4850-AA36-888D9946E349}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B2287DFA-3C08-42FA-970B-8BD457B9014A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B3FFC402-DC42-4AA4-9C33-C2C283F4FD79}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8FC8B88-91F5-48FE-94D6-F7D3C170C897}" = protocol=17 | dir=in | app=f:\my program files\avgmfapx.exe |
"{B9784C8D-9E79-41B2-9362-4D6722B49398}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{BB9ED98F-2C98-4814-B3C2-57782883A4F9}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{BDD88D6F-8E02-4835-A2E5-4AEBD51602CB}" = protocol=17 | dir=in | app=g:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{C1093082-5125-48EB-A488-472489E13654}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{C5649E3D-7F2E-4FA2-920E-B7830A912C11}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{C5733D02-3046-467E-8821-8AEEBD0EB6F7}" = protocol=6 | dir=in | app=g:\users\richard\appdata\roaming\dropbox\bin\dropbox.exe |
"{C9EF3958-B405-472E-B796-3537B1D9DF62}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CBF2C7FA-7FF9-4197-8C6A-BC1DDEB25D2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE44FC61-8875-4F15-866B-AF96F8A20CF7}" = protocol=6 | dir=in | app=f:\my program files\avgmfapx.exe |
"{D1C3DCFE-F9BA-439C-8112-C3B6A84D4E01}" = protocol=47 | dir=out | app=system |
"{D2870B90-7D84-49FA-87D3-707C17F17DEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB3D5C9D-32CD-4566-9069-AC3FFA2B6B61}" = protocol=6 | dir=in | app=g:\program files (x86)\bonjour\mdnsresponder.exe |
"{E16280DB-922A-4A52-9709-480A62C6CD84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E165CF22-B4B0-4A84-848D-373E1CD516C1}" = protocol=17 | dir=in | app=g:\program files (x86)\jump desktop\jumpwinclient.exe |
"{E2E5B2AC-1A74-4FD6-AB72-E40C44F59649}" = protocol=17 | dir=in | app=g:\users\richard\appdata\roaming\dropbox\bin\dropbox.exe |
"{E4ECCA89-6785-41A4-987C-911AF3646749}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E630ACD5-5E43-4BB5-AB9B-B7F3F62F6A1A}" = protocol=17 | dir=in | app=g:\program files (x86)\avg\avg2013\avgemca.exe |
"{E75035E3-7C72-4DC0-B020-B361D450331E}" = protocol=17 | dir=in | app=g:\program files (x86)\avg\avg2013\avgnsa.exe |
"{E8538F5F-616B-4B22-883F-13884AAF3826}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E87BCE00-09AC-41FF-BABB-4363AC4551A2}" = protocol=17 | dir=in | app=g:\program files\bonjour\mdnsresponder.exe |
"{EA4E5F08-1495-4132-8532-898C1C6B2855}" = protocol=17 | dir=in | app=g:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{F93474BB-2E17-4177-9FD4-8BC25B442056}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{FB236919-502E-4DD3-AF60-EC201B52393D}" = protocol=6 | dir=in | app=f:\my program files\avgdiagex.exe |
"{FD6654E6-E9F8-4215-B36C-F349661203BB}" = protocol=17 | dir=in | app=g:\program files (x86)\bonjour\mdnsresponder.exe |
"{FD88A243-F0BC-4E37-89AD-D99D23D02790}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"TCP Query User{24C47843-C26E-4183-85DB-BE38109EE61E}G:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=g:\program files (x86)\relevantknowledge\rlvknlg.exe |
"TCP Query User{BDF2E20E-43E9-497F-8408-6F3F4E09496C}G:\users\richard\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=g:\users\richard\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C2187F1B-61FE-43EF-A5C0-5406B463B478}G:\users\richard\downloads\utorrent.exe" = protocol=6 | dir=in | app=g:\users\richard\downloads\utorrent.exe |
"TCP Query User{CD632A01-17FC-4702-8BB6-1828BEAF4673}G:\program files (x86)\steam\steamapps\richerson123\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\richerson123\team fortress 2\hl2.exe |
"TCP Query User{F367A18D-FC65-4E1D-9BFC-802A54781251}G:\users\richard\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=g:\users\richard\appdata\roaming\spotify\spotify.exe |
"TCP Query User{FE2892D6-891A-4860-9FAD-B7C2AFC20196}G:\users\richard\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=g:\users\richard\appdata\local\akamai\netsession_win.exe |
"UDP Query User{15D26CE5-CC65-40FF-B963-C55C2DA9E143}G:\users\richard\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=g:\users\richard\appdata\local\akamai\netsession_win.exe |
"UDP Query User{3D66C25F-DDF1-4D3F-BED2-1E49F0CF4DED}G:\program files (x86)\steam\steamapps\richerson123\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\richerson123\team fortress 2\hl2.exe |
"UDP Query User{4ED8AFB1-5BDC-4BEC-AEA7-920DBB5A32E1}G:\users\richard\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=g:\users\richard\appdata\roaming\spotify\spotify.exe |
"UDP Query User{A9642959-D4EA-4F55-AB5E-A56C90DE3888}G:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=g:\program files (x86)\relevantknowledge\rlvknlg.exe |
"UDP Query User{C068D53E-34D1-4D49-84DE-0028251163FB}G:\users\richard\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=g:\users\richard\appdata\local\akamai\netsession_win.exe |
"UDP Query User{DB1AD4CB-465F-437B-A762-964966A8BC30}G:\users\richard\downloads\utorrent.exe" = protocol=17 | dir=in | app=g:\users\richard\downloads\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5783F2D7-A028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2012
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}" = SpyHunter
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2013
"DWG TrueView 2012" = DWG TrueView 2012
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17B17327-36D2-4549-B854-1A0C5920BE43}" = BlackBerry Desktop Software 7.0
"{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{547C9628-C490-48AB-94F4-7F2495562930}" = PDF to DWG Converter
"{5D434AC5-4DB8-4996-95A3-E34FD26D46B8}" = PDF to DWG Converter
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65739FA2-0444-4AB2-B598-872406539EBD}" = pdfforge Toolbar v6.6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EE1AAAD8-7F7A-4DBB-9221-DDDFDBAC1545}" = Jump Desktop
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HandBrake" = HandBrake 0.9.6
"HP Photo Creations" = HP Photo Creations
"Matroska Pack" = Matroska Pack
"MKV Player_is1" = MKV Player 2.0.1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Rockstar Games Social Club" = Rockstar Games Social Club
"SLABCOMM&10C4&EA60" = Junsi USB to UART Bridge(Windows XP/2003/Vista/7) (Driver Removal)
"Steam App 110800" = L.A. Noire: The Complete Edition
"Steam App 208500" = F1 2012
"Steam App 440" = Team Fortress 2
"Steam App 55230" = Saints Row: The Third
"Steam App 8930" = Sid Meier's Civilization V
"VLC media player" = VLC media player 2.0.3
"WinArchiver Virtual Drive" = WinArchiver Virtual Drive
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2379537864-1206443918-4236817830-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/19/2013 7:13:14 AM | Computer Name = Richard-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 1/19/2013 7:14:27 AM | Computer Name = Richard-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/19/2013 7:53:35 AM | Computer Name = Richard-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 1/19/2013 7:55:04 AM | Computer Name = Richard-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/19/2013 8:30:35 AM | Computer Name = Richard-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.
System
Error: A system shutdown is in progress. .
Error - 1/19/2013 8:57:35 AM | Computer Name = Richard-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 1/19/2013 8:58:56 AM | Computer Name = Richard-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/19/2013 9:41:31 AM | Computer Name = Richard-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "g:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: G:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: G:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 1/19/2013 11:55:06 AM | Computer Name = Richard-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 1/19/2013 11:56:05 AM | Computer Name = Richard-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 1/19/2012 3:26:11 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 19:26:11 - Error connecting to the internet. 19:26:11 - Unable
to contact server..
Error - 1/19/2012 3:26:45 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 19:26:41 - Error connecting to the internet. 19:26:41 - Unable
to contact server..
Error - 1/19/2012 4:27:15 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 20:27:15 - Error connecting to the internet. 20:27:15 - Unable
to contact server..
Error - 1/19/2012 4:27:45 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 20:27:44 - Error connecting to the internet. 20:27:44 - Unable
to contact server..
Error - 2/23/2012 3:00:35 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 19:00:35 - Error connecting to the internet. 19:00:35 - Unable
to contact server..
Error - 2/23/2012 3:00:57 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 19:00:52 - Error connecting to the internet. 19:00:52 - Unable
to contact server..
[ System Events ]
Error - 1/19/2013 8:23:27 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 1/19/2013 8:57:22 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 1/19/2013 8:57:24 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 1/19/2013 8:57:41 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).
Error - 1/19/2013 8:57:41 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 1/19/2013 10:49:14 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 1/19/2013 11:54:28 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 1/19/2013 11:54:30 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 1/19/2013 11:55:09 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).
Error - 1/19/2013 11:55:09 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = G:\Users\Richard\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.98 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 63.70% Memory free
7.96 Gb Paging File | 5.98 Gb Available in Paging File | 75.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 81.78 Gb Free Space | 83.75% Space Free | Partition Type: NTFS
Drive D: | 86.01 Gb Total Space | 13.85 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Drive F: | 650.19 Gb Total Space | 556.25 Gb Free Space | 85.55% Space Free | Partition Type: NTFS
Drive G: | 97.66 Gb Total Space | 6.03 Gb Free Space | 6.18% Space Free | Partition Type: NTFS
Drive J: | 1.89 Gb Total Space | 0.12 Gb Free Space | 6.37% Space Free | Partition Type: FAT
Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- G:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- G:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- G:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- G:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2379537864-1206443918-4236817830-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- "F:\My Program Files\firefox.exe" -osint -url "%1"
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "G:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "G:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "G:\Windows\System32\rundll32.exe" "G:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "G:\Windows\System32\rundll32.exe" "G:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "G:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "G:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049AB641-4ABA-4236-9B2A-DAF8536C55EB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06E584C3-0067-4A81-914E-A39583AD7192}" = rport=445 | protocol=6 | dir=out | app=system |
"{094AF82A-14BC-4B53-91CA-9EE836C3AB8F}" = rport=1701 | protocol=17 | dir=out | app=system |
"{10618537-8D33-495C-A093-C0EE65516D5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1464B432-D479-4CD6-A210-77594FDE998D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{2EB10174-5BB2-4DE2-BBE4-0712F674998B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{306C29FA-6500-44F8-AC69-9096ECB2F2A1}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{3579F916-728A-4F9C-A03C-AAB3ADB15914}" = lport=138 | protocol=17 | dir=in | app=system |
"{35DC6ADC-243F-4C91-BEA7-73A408DCBB07}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36E66109-FA4B-494F-8FB3-389F528C29A6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{491A69B3-C05C-4E26-B779-3A0DA300A3F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{583DF51E-FC80-4E8F-9079-0429A5878766}" = rport=139 | protocol=6 | dir=out | app=system |
"{59EACFA4-B5EF-418A-A038-DB54E8D3AA97}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{62411E4C-4510-4993-AB37-A0E27D1132A9}" = lport=1701 | protocol=17 | dir=in | app=system |
"{6503F5D4-E955-4B7C-A290-C06577CB775E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6DAEEC27-98D2-466E-A54F-C220635B7FC7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=g:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{6E6CC87F-D963-47BC-AD41-8587E6920A5B}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E7FEE7B-198A-4FC6-9077-562F5EC2EA2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{726ADD9C-4801-4F32-9C2F-EBB2E945C878}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{78D02680-740D-434B-B9A5-6C424FF736AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91B8DAB5-177A-4409-AE87-4B36210C044A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5299067-B027-40C7-8BD5-0A8276DE520D}" = lport=1723 | protocol=6 | dir=in | app=system |
"{A6A8420B-E7F8-42FE-B58D-4DA7F6AD880E}" = lport=137 | protocol=17 | dir=in | app=system |
"{AD224E01-8AE4-41A4-A92B-D57D30B7AE19}" = rport=1723 | protocol=6 | dir=out | app=system |
"{BAA04EB8-97A3-42F4-BFA6-BCE4F74DC726}" = lport=139 | protocol=6 | dir=in | app=system |
"{CB9DB777-7930-4351-9D20-CFD39C79FF60}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{D1FC91AE-03C4-4946-8794-8821F3FDEC0B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2D8A386-0BFE-4992-80A8-24E0ACE45B24}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D77BDC63-FAA9-462D-A141-0DA5CFE25906}" = rport=138 | protocol=17 | dir=out | app=system |
"{E801C66B-FCCD-4864-9EE4-2B7C2F15918D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F4924C59-D815-42F1-A1C9-E2AF09E3C41B}" = rport=137 | protocol=17 | dir=out | app=system |
"{F81A0587-3CD1-4ACB-A452-748F3B7AF97E}" = lport=3389 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019C38AA-BC2A-40A1-B756-4DDB7B9E309A}" = protocol=6 | dir=in | app=f:\my program files\avgemca.exe |
"{0A4EBEE8-B463-4C2D-BAB0-D78C206534C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BF45F35-3F7C-4F0C-8C5B-DF69D709BEE2}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{15A81889-B5E2-47DA-B014-AFAD5B7B3928}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15B3C8EB-A517-46E6-A1A7-564C44877E24}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{17BA2CC2-296D-4C84-A5BB-C762F8073B7A}" = protocol=6 | dir=in | app=g:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{1D4A4B36-D3D8-4EBA-9A46-8355AEBB2881}" = protocol=6 | dir=in | app=g:\program files (x86)\avg\avg2013\avgemca.exe |
"{1D91346A-B5B3-4012-BA0C-12AD5CE41CAC}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{2043EC90-6F20-45F9-992E-05E4F24DB2EB}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{23F0A7CA-1DFF-4DEA-96DB-F30D71291D05}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{258EFE1F-10CA-45FB-A190-4E93C18C3007}" = protocol=6 | dir=in | app=g:\program files (x86)\jump desktop\jumpwinclient.exe |
"{27A0F42D-991E-447E-9479-4CF557FC1E69}" = protocol=6 | dir=out | app=system |
"{281F123F-6099-430C-B0DB-CE9405FE74FF}" = dir=in | app=g:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{28886C34-B4A3-4938-AD4E-D27FCEF86572}" = protocol=6 | dir=in | app=g:\program files (x86)\jump desktop\jumpdesktop.exe |
"{2A4B80F0-EFCC-4FEA-B5BC-F3FF29445E35}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{2B3D0A8D-9123-4253-A490-C0568B5F9668}" = protocol=17 | dir=in | app=f:\my program files\avgemca.exe |
"{2C154974-0F85-4448-A4E6-157250B54F57}" = dir=in | app=g:\program files (x86)\hp\hp software update\hpwucli.exe |
"{3275F475-338B-4862-9331-FA2F9C99A3C2}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{33DCFFB0-F63A-4B6A-BCA5-0E533FF5EFF7}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{3CAC8BC4-4705-48F6-923A-26F2101FA8FE}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{3D604FEF-FB70-42FA-84D8-46074CE027C9}" = dir=in | app=g:\program files (x86)\itunes\itunes.exe |
"{43E75C9F-AAE1-493D-A6E6-90E35534E609}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{44B9216E-3232-4517-BA28-F9C55A4E49CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4866EDA9-2132-4B81-9E18-EFA42705FE31}" = protocol=6 | dir=in | app=g:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{54FCEC08-26B2-429F-8C31-133431F29794}" = protocol=17 | dir=in | app=f:\my program files\avgnsa.exe |
"{5AE64D63-CE0B-4284-92E6-A29627303C2B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5C0A9882-82D6-46E2-8185-6BF7452FDD36}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{63CBF493-5698-4626-BC20-AC5578827641}" = dir=in | app=g:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{66E1984A-7CE5-4CBF-8371-B82B9A772835}" = protocol=6 | dir=in | app=f:\my program files\avgnsa.exe |
"{677ADEC8-CA81-40EB-A078-521835E09538}" = protocol=6 | dir=in | app=g:\program files (x86)\jump desktop\jumpservice.exe |
"{6A2B6C8B-AB3E-4968-B9E2-2F1DF06DCDE9}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{6B6F3341-3D34-4659-ABB1-D64E0A14D05B}" = protocol=47 | dir=in | app=system |
"{6E92946E-2DA2-451D-8555-AB1412E4E09B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F2AEA64-089E-4468-99E2-4CFCE269EDAF}" = protocol=17 | dir=in | app=f:\my program files\avgmfapx.exe |
"{74400EBC-235E-4A8A-995C-B6357E9BCC44}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{74BB0569-1641-40DA-A080-2044EAA3CB93}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{7C304706-9769-4DB3-9FFD-6655DE1429DE}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\f1 2012\f1_2012.exe |
"{7F24B431-D7D6-405D-BD00-E6B0E795A70E}" = protocol=6 | dir=in | app=g:\program files\bonjour\mdnsresponder.exe |
"{7FAEA3DE-4C01-4073-B134-6F68A46F852C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81C9A7DD-DB58-4D40-A0D6-2A38A75F9914}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam.exe |
"{824AF8A2-10C9-4063-8EC4-A97C699C3A13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8494F143-DD60-4C81-A396-84B3FCA08936}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam.exe |
"{863AC0D1-4DFE-4030-9FA9-5841C7A2B633}" = protocol=17 | dir=in | app=g:\program files (x86)\jump desktop\jumpservice.exe |
"{86F80433-AB42-4610-AC11-844D26BA7A6F}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{874BC6A0-62D9-4603-9FE3-4F5632C00105}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{895FEB3E-D143-410E-A29A-9D75C5C9A832}" = protocol=17 | dir=in | app=f:\my program files\avgdiagex.exe |
"{8C46C2BA-9C88-4F30-B016-3032F47B63AB}" = protocol=17 | dir=in | app=g:\program files (x86)\jump desktop\jumpdesktop.exe |
"{8D05F59F-4114-4B51-9E0E-96C2BFC049CD}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{932A4CD8-FB92-439B-B194-E202B35CC131}" = protocol=6 | dir=in | app=g:\program files (x86)\avg\avg2013\avgnsa.exe |
"{93DAECE1-FD6B-44F7-BB92-B6F8D4872AD1}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\f1 2012\f1_2012.exe |
"{9B77ED12-97E0-46CA-8FB2-B2D647380DBE}" = protocol=17 | dir=in | app=f:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{A8C974AF-86CE-421B-A14A-4322B95AD8EE}" = protocol=6 | dir=in | app=f:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{AF8652CF-7C86-46FC-B7B9-F8CDA0EFD023}" = protocol=6 | dir=in | app=f:\my program files\avgmfapx.exe |
"{B21ECE36-EE40-4850-AA36-888D9946E349}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B2287DFA-3C08-42FA-970B-8BD457B9014A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B3FFC402-DC42-4AA4-9C33-C2C283F4FD79}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8FC8B88-91F5-48FE-94D6-F7D3C170C897}" = protocol=17 | dir=in | app=f:\my program files\avgmfapx.exe |
"{B9784C8D-9E79-41B2-9362-4D6722B49398}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{BB9ED98F-2C98-4814-B3C2-57782883A4F9}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{BDD88D6F-8E02-4835-A2E5-4AEBD51602CB}" = protocol=17 | dir=in | app=g:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{C1093082-5125-48EB-A488-472489E13654}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{C5649E3D-7F2E-4FA2-920E-B7830A912C11}" = dir=in | app=g:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{C5733D02-3046-467E-8821-8AEEBD0EB6F7}" = protocol=6 | dir=in | app=g:\users\richard\appdata\roaming\dropbox\bin\dropbox.exe |
"{C9EF3958-B405-472E-B796-3537B1D9DF62}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CBF2C7FA-7FF9-4197-8C6A-BC1DDEB25D2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE44FC61-8875-4F15-866B-AF96F8A20CF7}" = protocol=6 | dir=in | app=f:\my program files\avgmfapx.exe |
"{D1C3DCFE-F9BA-439C-8112-C3B6A84D4E01}" = protocol=47 | dir=out | app=system |
"{D2870B90-7D84-49FA-87D3-707C17F17DEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB3D5C9D-32CD-4566-9069-AC3FFA2B6B61}" = protocol=6 | dir=in | app=g:\program files (x86)\bonjour\mdnsresponder.exe |
"{E16280DB-922A-4A52-9709-480A62C6CD84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E165CF22-B4B0-4A84-848D-373E1CD516C1}" = protocol=17 | dir=in | app=g:\program files (x86)\jump desktop\jumpwinclient.exe |
"{E2E5B2AC-1A74-4FD6-AB72-E40C44F59649}" = protocol=17 | dir=in | app=g:\users\richard\appdata\roaming\dropbox\bin\dropbox.exe |
"{E4ECCA89-6785-41A4-987C-911AF3646749}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E630ACD5-5E43-4BB5-AB9B-B7F3F62F6A1A}" = protocol=17 | dir=in | app=g:\program files (x86)\avg\avg2013\avgemca.exe |
"{E75035E3-7C72-4DC0-B020-B361D450331E}" = protocol=17 | dir=in | app=g:\program files (x86)\avg\avg2013\avgnsa.exe |
"{E8538F5F-616B-4B22-883F-13884AAF3826}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E87BCE00-09AC-41FF-BABB-4363AC4551A2}" = protocol=17 | dir=in | app=g:\program files\bonjour\mdnsresponder.exe |
"{EA4E5F08-1495-4132-8532-898C1C6B2855}" = protocol=17 | dir=in | app=g:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{F93474BB-2E17-4177-9FD4-8BC25B442056}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{FB236919-502E-4DD3-AF60-EC201B52393D}" = protocol=6 | dir=in | app=f:\my program files\avgdiagex.exe |
"{FD6654E6-E9F8-4215-B36C-F349661203BB}" = protocol=17 | dir=in | app=g:\program files (x86)\bonjour\mdnsresponder.exe |
"{FD88A243-F0BC-4E37-89AD-D99D23D02790}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"TCP Query User{24C47843-C26E-4183-85DB-BE38109EE61E}G:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=g:\program files (x86)\relevantknowledge\rlvknlg.exe |
"TCP Query User{BDF2E20E-43E9-497F-8408-6F3F4E09496C}G:\users\richard\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=g:\users\richard\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C2187F1B-61FE-43EF-A5C0-5406B463B478}G:\users\richard\downloads\utorrent.exe" = protocol=6 | dir=in | app=g:\users\richard\downloads\utorrent.exe |
"TCP Query User{CD632A01-17FC-4702-8BB6-1828BEAF4673}G:\program files (x86)\steam\steamapps\richerson123\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steamapps\richerson123\team fortress 2\hl2.exe |
"TCP Query User{F367A18D-FC65-4E1D-9BFC-802A54781251}G:\users\richard\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=g:\users\richard\appdata\roaming\spotify\spotify.exe |
"TCP Query User{FE2892D6-891A-4860-9FAD-B7C2AFC20196}G:\users\richard\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=g:\users\richard\appdata\local\akamai\netsession_win.exe |
"UDP Query User{15D26CE5-CC65-40FF-B963-C55C2DA9E143}G:\users\richard\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=g:\users\richard\appdata\local\akamai\netsession_win.exe |
"UDP Query User{3D66C25F-DDF1-4D3F-BED2-1E49F0CF4DED}G:\program files (x86)\steam\steamapps\richerson123\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steamapps\richerson123\team fortress 2\hl2.exe |
"UDP Query User{4ED8AFB1-5BDC-4BEC-AEA7-920DBB5A32E1}G:\users\richard\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=g:\users\richard\appdata\roaming\spotify\spotify.exe |
"UDP Query User{A9642959-D4EA-4F55-AB5E-A56C90DE3888}G:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=g:\program files (x86)\relevantknowledge\rlvknlg.exe |
"UDP Query User{C068D53E-34D1-4D49-84DE-0028251163FB}G:\users\richard\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=g:\users\richard\appdata\local\akamai\netsession_win.exe |
"UDP Query User{DB1AD4CB-465F-437B-A762-964966A8BC30}G:\users\richard\downloads\utorrent.exe" = protocol=17 | dir=in | app=g:\users\richard\downloads\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5783F2D7-A028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2012
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}" = SpyHunter
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2013
"DWG TrueView 2012" = DWG TrueView 2012
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17B17327-36D2-4549-B854-1A0C5920BE43}" = BlackBerry Desktop Software 7.0
"{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{547C9628-C490-48AB-94F4-7F2495562930}" = PDF to DWG Converter
"{5D434AC5-4DB8-4996-95A3-E34FD26D46B8}" = PDF to DWG Converter
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65739FA2-0444-4AB2-B598-872406539EBD}" = pdfforge Toolbar v6.6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EE1AAAD8-7F7A-4DBB-9221-DDDFDBAC1545}" = Jump Desktop
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HandBrake" = HandBrake 0.9.6
"HP Photo Creations" = HP Photo Creations
"Matroska Pack" = Matroska Pack
"MKV Player_is1" = MKV Player 2.0.1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Rockstar Games Social Club" = Rockstar Games Social Club
"SLABCOMM&10C4&EA60" = Junsi USB to UART Bridge(Windows XP/2003/Vista/7) (Driver Removal)
"Steam App 110800" = L.A. Noire: The Complete Edition
"Steam App 208500" = F1 2012
"Steam App 440" = Team Fortress 2
"Steam App 55230" = Saints Row: The Third
"Steam App 8930" = Sid Meier's Civilization V
"VLC media player" = VLC media player 2.0.3
"WinArchiver Virtual Drive" = WinArchiver Virtual Drive
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2379537864-1206443918-4236817830-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/19/2013 7:13:14 AM | Computer Name = Richard-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 1/19/2013 7:14:27 AM | Computer Name = Richard-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/19/2013 7:53:35 AM | Computer Name = Richard-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 1/19/2013 7:55:04 AM | Computer Name = Richard-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/19/2013 8:30:35 AM | Computer Name = Richard-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.
System
Error: A system shutdown is in progress. .
Error - 1/19/2013 8:57:35 AM | Computer Name = Richard-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 1/19/2013 8:58:56 AM | Computer Name = Richard-PC | Source = WinMgmt | ID = 10
Description =
Error - 1/19/2013 9:41:31 AM | Computer Name = Richard-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "g:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: G:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: G:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 1/19/2013 11:55:06 AM | Computer Name = Richard-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 1/19/2013 11:56:05 AM | Computer Name = Richard-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 1/19/2012 3:26:11 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 19:26:11 - Error connecting to the internet. 19:26:11 - Unable
to contact server..
Error - 1/19/2012 3:26:45 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 19:26:41 - Error connecting to the internet. 19:26:41 - Unable
to contact server..
Error - 1/19/2012 4:27:15 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 20:27:15 - Error connecting to the internet. 20:27:15 - Unable
to contact server..
Error - 1/19/2012 4:27:45 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 20:27:44 - Error connecting to the internet. 20:27:44 - Unable
to contact server..
Error - 2/23/2012 3:00:35 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 19:00:35 - Error connecting to the internet. 19:00:35 - Unable
to contact server..
Error - 2/23/2012 3:00:57 PM | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = 19:00:52 - Error connecting to the internet. 19:00:52 - Unable
to contact server..
[ System Events ]
Error - 1/19/2013 8:23:27 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 1/19/2013 8:57:22 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 1/19/2013 8:57:24 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 1/19/2013 8:57:41 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).
Error - 1/19/2013 8:57:41 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 1/19/2013 10:49:14 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 1/19/2013 11:54:28 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 1/19/2013 11:54:30 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 1/19/2013 11:55:09 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).
Error - 1/19/2013 11:55:09 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).
< End of report >
Fiery
Level 1
- Jan 11, 2011
- 2,007
Ok, this may or may not end the way we wish. Since the malware may use random keys to encrypt your files, we may or may not be able to get your files back since the only way is to use the right key. You can only try:
http://www.pandasecurity.com/homeusers/support/card?id=1675&IdIdioma=1
http://www.sophos.com/en-us/support/knowledgebase/117669.aspx
What was the ransom virus name that you saw?
For future reference, remember to backup your files and install sufficient protection on your PC.
I don't think system restore will help since your personal files are encrypted. There may be nothing we could do to save your files, unfortunately.
http://www.pandasecurity.com/homeusers/support/card?id=1675&IdIdioma=1
http://www.sophos.com/en-us/support/knowledgebase/117669.aspx
What was the ransom virus name that you saw?
For future reference, remember to backup your files and install sufficient protection on your PC.
I don't think system restore will help since your personal files are encrypted. There may be nothing we could do to save your files, unfortunately.
Hi Fiery
No joy with either program, the file sizes of the encrypted files are slightly different to the originals. The virus name was "Win32Filecoder.AO.Gen" .
Thanks for trying to help, I need to back everything up regularly in the future. What do most people use? external hard drive?
No joy with either program, the file sizes of the encrypted files are slightly different to the originals. The virus name was "Win32Filecoder.AO.Gen" .
Thanks for trying to help, I need to back everything up regularly in the future. What do most people use? external hard drive?
Fiery
Level 1
- Jan 11, 2011
- 2,007
Win32Filecoder.AO.Gen is a very generic name used by the antivirus, so I can't tell what is the specific infection that you got. You mentioned that it was a police ransomware, was it a Department of Justice or FBI or Yorkshire police? It will help me research your infection if you can give me a name
Fiery
Level 1
- Jan 11, 2011
- 2,007
Are these some of the files that are encrypted?
G:\Users\Richard\Desktop\113 whatford timber 4.7.12.pdf
G:\Users\Richard\Desktop\076 irion mongery direct 20.8.12.pdf
G:\Users\Richard\Desktop\113 metals 4 u 17.7.12.pdf
G:\Users\Richard\Desktop\113 rowse electrical 16.07.12.pdf
G:\Users\Richard\Desktop\113 whatford timber 4.7.12.pdf
G:\Users\Richard\Desktop\076 irion mongery direct 20.8.12.pdf
G:\Users\Richard\Desktop\113 metals 4 u 17.7.12.pdf
G:\Users\Richard\Desktop\113 rowse electrical 16.07.12.pdf
Fiery
Level 1
- Jan 11, 2011
- 2,007
Unfortunately, I don't think there is a decryptor at the moment that can retrieve those files. You can google some more possible decryptors (Though I think we have tried most of it). I regret to say that there's nothing I can do to help you any further at this point but to give you some suggestions on preventing future infections.
Keep your system updated
I also recommend you to switch your antivirus program to a better one. Here are some suggestions:
In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.
Other steps that you may want to do to further protect your system/files:
Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.
Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.
Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.
Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.
Keep your system updated
- Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
- Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
- Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here
I also recommend you to switch your antivirus program to a better one. Here are some suggestions:
- avast! 7 Home Edition - Don't use it with Online Armor
- Avira AntiVir Personal
- BitDefender Antivirus Free Edition
- Microsoft Security Essentials
In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.
- Online Armor
- Comodo Firewall - If you are an advance user
- ZoneAlarm Free Firewall
- PC Tool Firewall Plus
Other steps that you may want to do to further protect your system/files:
- Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
- Backup important files regulary to an external hard-drive or USB
Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.
Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.
Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
- KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
- AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
- NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
- Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites
Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.
Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.
Similar threads
- Locked
- Locked
