92 replies to this topic

[OCD]

Hi fellfromgrace,

 

  let me know the results.

 

 

[fellfromgrace]

Hi OCD,

seems to be running as well as can be expected. Word is still doing it's funny thing at the start when I open a saved document but that's livable with. What's next? :-)

[OCD]

Hi fellfromgrace,

Your log appears to be clean.

We have a few items to take care of before we get to the All Clean Speech.

=========================

Clean up with OTL:

• Right-click OTL.exe select "Run as Administrator" to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

=========================

Removing/Uninstalling AdwCleaner:

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Click on the Uninstall button.
• Click Yes when asked are you sure you want to uninstall.
• Both AdwCleaner.exe, its folder and all logs will be removed.

=========================

You can now delete any tools and/or logs remaining on your desktop.

=========================

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Impliment what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

• NoScript
• AdBlockPlus

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

• Avast Free Antivirus
• Avira Free Antivirus 2013
• PC Tools AntiVirus Free
• Ad-Aware Free Antivirus +

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

• Online Armor Free
• Agnitum Outpost Firewall Free
• Comodo Firewall

Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

[fellfromgrace]

Hu OCD, I could not find OTL on the desktop (!?) so had to download it again after disabling my isp's protection in order to get on the site ... when I ran Fix it said 'No fix provided, click OK to load it from a file or Cancel to Cancel' This is odd as I ran it before and it was all OK ...

 

so I ran a scan - and tried again with the same result. Here's what the scan said:

 

OTL Extras logfile created on: 17/11/2013 12:50:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lorna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 52.34% Memory free
7.99 Gb Paging File | 5.12 Gb Available in Paging File | 64.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.44 Gb Total Space | 270.24 Gb Free Space | 59.99% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 333.37 Gb Free Space | 71.58% Space Free | Partition Type: NTFS
Drive E: | 254.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LORNA-PC | User Name: Lorna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Value error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FB98A1-7AF9-46DA-870E-B3E179CE55A5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0A37EBFD-4C01-4323-BBD7-D212EB87C91B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D23B282-2882-4D6B-B34C-C809FBDB29EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0E8B587E-8654-49E1-ADD9-5A6126327F9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{109092A7-9655-42A4-BE06-1E4293F9D2BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{175CC621-2FC3-4E9A-8A3B-8688346CBA8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1AB91F7A-C8C3-4F1B-90E2-0DF59D760C39}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2456651F-140F-41DB-AE77-FD4C437211B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{285DA852-E50B-4CD6-A2AF-A67C16058365}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F22710D-5CDC-42CB-8492-66DE3A6C1D8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{327F1DA6-D344-4488-B593-D5455C2CC737}" = rport=10243 | protocol=6 | dir=out | app=system |
"{36B71C93-50A9-4F48-BF8E-7569CFD30A5C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{40D98898-C72B-48A9-9001-AA1EA67D641E}" = lport=137 | protocol=17 | dir=in | app=system |
"{6B75E5BC-8C35-4758-A8B9-670E1F4D590B}" = rport=138 | protocol=17 | dir=out | app=system |
"{6CD889C3-ADC0-4253-A003-13D5A86433E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E491A19-0544-4E98-8CCB-FEDFDAC391BA}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F3FDE23-CB59-40E2-99DC-248E18C6AD35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F63FA6D-D92E-43F1-9736-08F1DA4C0ED6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{990019A1-389A-4131-8ED1-75C68E987E3B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{999B8C11-E1E9-48B0-B131-51BF04F48763}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AAA4096A-8218-492F-867B-6DBBFF09D244}" = lport=139 | protocol=6 | dir=in | app=system |
"{AFDF5C9D-EF74-429B-9DDA-9E4A52576469}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4D7A118-7027-45E5-82C6-7DDA4005F457}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8ACFC35-CE78-4145-97F9-3CBB5905ACA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C242A725-DF66-4D6B-A25D-B69DFEC85D60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5299320-4AFA-44FD-A254-D0ACE41376CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D00F6322-F81F-48FE-A42C-689480474DF6}" = lport=138 | protocol=17 | dir=in | app=system |
"{D60C093C-775D-44FB-AA6D-5FAA2E4AB678}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DADE18E9-DEFD-4BE3-AFCF-7D5B3440B6FA}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD1C5633-85CA-4F5D-9761-7C44D8785AB1}" = rport=139 | protocol=6 | dir=out | app=system |
"{EC3E75AD-21E1-4969-9906-E6FFDDE263DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E663DF1-5CC7-49F9-B4F2-DE4EC2CDF538}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F9493B2-954A-45C2-A962-D64D963598B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0FE74F0C-38DE-4447-9C5F-A7F1C895A49C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{17355C71-1C6A-4F7A-8DCB-76D5074EC64E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19B926AF-F118-4E2D-A0D5-C54FC4933C29}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{24F886AC-2564-49A6-89B6-1C9DA4C959E8}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{3439C0E9-1858-4AFC-B720-4D3F0F01045D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{35CDDABE-97DD-4AD8-821E-EEEB6CEF9103}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FBBCB08-A755-4D39-A53F-895873691A91}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{4316C09F-0F43-489A-B7F3-8E3B9B5A77CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{439578B7-4ED0-4CF8-8AB8-880B24B1A4F0}" = protocol=17 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe |
"{4C0574E3-F9E2-453F-977D-3571B658121D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4FF09CFE-451B-44A1-94E3-5D177B5026A7}" = protocol=17 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{5AE9766C-EC17-454E-8FAA-3F3A5806AE5F}" = protocol=6 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{64FAC652-19ED-4637-86F6-E87D29048500}" = protocol=6 | dir=out | app=system |
"{65189FD5-E420-4929-89DC-C2432B37F088}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{658D211A-36E4-456B-9DE6-B38E6BF5B7E1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6756D2C8-D447-4C27-992D-1671AB2C3B21}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{69C7DF42-A0B7-4CBF-BFD9-C5402896D6E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E739B8C-F5DE-44CC-8156-3C2DC7FBF9E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{727199DC-71F7-4C6F-9C5A-F2D8EBFFBFC0}" = protocol=6 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe |
"{7928CA9C-B0CE-4A93-92AC-D6D67FF39CD8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AC87AB6-F04D-4E76-A450-665B8B5DDD80}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{7D537CD3-E95A-48C2-92C2-0362143919F4}" = protocol=6 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{9C1B4A8A-2198-4CB1-8A6A-233778D9C76E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2D0DBED-F7DE-49E0-98DB-F40E792C4A74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AD7E18DA-5144-4307-BA47-6F910D52F525}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE1F3226-FB2F-458F-863C-92CE34467DBD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF5AE95C-5779-49FC-A95F-A19EB426F5D2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C38F1B2D-5541-4443-B546-983E13B9D4FF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C4F6DDF6-0527-4A4C-86DB-FD1661B27A3B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C97E426B-9C46-428A-BA44-247A11D73F7C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB269071-FD26-4B3D-A1F0-ED82D4F8FF34}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CE7E3F2C-374E-434B-8097-6F85E818F921}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{D8442974-63BC-40C7-9F42-2A2EB91307D4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF1E12D1-625A-434C-8AF2-ADBACA066882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA239201-9796-4433-8FAD-6D2F7FBC6256}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{EEE8BE16-4EBD-4E1F-BC9F-8CDFD7739918}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF398F74-BF9D-4889-A8D1-65612570EE45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F512C44E-C797-4A64-852D-559A86C114ED}" = protocol=17 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{FECBDD97-A918-4925-8F49-4671A74E4771}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}" = HP Officejet Pro 8000 A809 Series
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"A5B98551C6BA1C24D2FDDFB2E1764339D449F74D" = Windows Driver Package - Intel (NETw5v64) net  (09/15/2009 13.0.0.107)
"B540836D57069F83653778772EE56C5408F1B192" = Windows Driver Package - Intel (NETw5s64) net  (09/15/2009 13.0.0.107)
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 4.2.3.183
"GIMP-2_is1" = GIMP 2.6.12
"HitmanPro37" = HitmanPro 3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"novaPDF Pro v5_is1" = novaPDF Pro v5 (novaPDF Professional Desktop 5.5  printer)
"NVIDIA Drivers" = NVIDIA Drivers
"PDFtypewriter Printer Driver" = PDFtypewriter Printer Driver
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FAEAEC8-F458-4AE2-89B8-BF680FD245D5}" = 8000A809_eDocs
"{1000ACF5-0BCF-4FC0-B4F5-F044317F9155}" = ProductContext
"{10B1D4F7-6568-48F7-92FD-74D616CD061E}" = Serif CraftArtist Wedding Days Collection
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1439B98F-681E-4D51-BB90-D04474E4C6EA}" = Serif Digital Scrapbook Artist 2
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15879CF1-46AD-4A19-B362-E3A939C65BA9}" = DaisyTrail Summer Fun Digikit
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BB1AF9-981C-4539-9113-D2F88F031C1D}" = GeekBuddy
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2189194E-35E0-4597-BC93-63DC40EB9258}" = Serif Digital Scrapbook Artist Photobook, Basic
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25015AF4-F435-4605-A06F-BA91C0BF6087}" = Serif CraftArtist Scrapbooks Collection
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{26F8F39E-C228-4E3C-93A5-061FCCBFC914}" = Serif PagePlus Essentials
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{312F775B-EF9B-4456-83C8-4B4596677C13}" = Serif CraftArtist Baby Photos Collection
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{366584A4-1D35-49B2-97B3-C803DDFCC543}" = myPrintMileage (Officejet Pro 8000 A809)
"{3AD783E5-1DC6-4FDF-B913-C371657B7A6B}" = Acer Arcade Instant On
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EC9C9AB-28DA-411D-8EFE-E31AFAFA038A}" = Karen Gover, Turkish Delight Digikit
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Fingerprint Solution
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5ED5BC4D-CADC-4705-A230-D1FC80882252}" = PhotoTools 2.6.3 Free
"{5F9DDC8F-5D4D-4D63-BDB5-8DB3EE1432E4}" = Serif PagePlus Essentials Bonus Content Pack
"{61B3CAF9-0C8A-4390-AE72-D6B90FB71C17}" = Serif CraftArtist Professional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63CA71FE-85AB-49AE-8668-26951FBD95DC}" = Kaleidoscope Kreator 3
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4
"{76E2A1A0-CE72-48A0-8D8E-767A1B0C2191}" = PhotoFrame 4.6.3 Free
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C08721F-AC43-4198-A35B-93442DD10A26}" = Serif CraftArtist Greeting Cards Collection
"{7D336C6B-1C91-4AD4-B168-F1E1AC08D737}" = PDFtypewriter with PDF Printer Driver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92975DF9-EA36-4F36-A9AC-D412BC1D709E}" = Nuvoton EC Generic HID Driver
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FB13038-240D-427E-B27E-1796E5C0FA1A}" = DaisyTrail Vintage Sideshow Digikit
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B9830694-3D4A-40CC-AB27-5A8C9E160200}" = BPDSoftware
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BDE7CE44-145A-47E3-9A75-9FBD49D9B46B}" = 8000A809
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C5F7045B-193F-418C-A4DE-27F76F28841E}" = BPDSoftware_Ini
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF255306-5B68-401F-87BA-AA62BEA6888C}" = 8000A809_Help
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}" = PDFill PDF Tools (FREE)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F42516-EC12-4ECF-A3C3-5A79CD3CB5F5}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor 1.0.0.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12F5FD8-3C24-4594-9730-3F89C04A45AA}" = eCraftShop Pro
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFEDD205-43FE-4208-B682-0937E803E19E}_is1" = NexusFont 2.5 (ver 2.5.7.1562)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F840E2F3-138C-4307-83F7-D0A5DD75B6CE}" = Samsung SCX-4100 Series (TWAIN)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aniMate 2 DS3 2.0.0.7" = aniMate 2 DS3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comodo Dragon" = Comodo Dragon
"DAZ 3D Install Manager 1 1.0.1.90" = DAZ 3D Install Manager 1
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"Dazzling Reflections PE (Trial Version)_is1" = Dazzling Reflections PE v2.1
"DirPrintOK" = DirPrintOK
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"EaseUS Todo Backup Free 4.0_is1" = EaseUS Todo Backup Free 4.0
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn Disc Burning Software
"Filter Forge Freepack 1 - Metals_is1" = Filter Forge Freepack 1 - Metals 2.009
"Filter Forge Freepack 2 - Photo Effects_is1" = Filter Forge Freepack 2 - Photo Effects 2.009
"Filter Forge Freepack 3 - Frames_is1" = Filter Forge Freepack 3 - Frames 2.009
"Filter Forge Freepack 4 - Distortions_is1" = Filter Forge Freepack 4 - Distortions 1.015
"Filter Forge Freepack 5 - Hearts_is1" = Filter Forge Freepack 5 - Hearts 2.009
"Filter Forge Freepack 6 - Patterns_is1" = Filter Forge Freepack 6 - Patterns 2.009
"FrameFun_is1" = FrameFun 2.0.0.7
"FrameMaster" = FrameMaster 2.14
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GPL Ghostscript 8.57" = GPL Ghostscript 8.57
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GridMagic_is1" = GridMagic 3.3.0.201
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"Identity Card" = Identity Card
"IE Kaleidoscope" = IE Kaleidoscope
"Inkscape" = Inkscape 0.48.2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Acer Bio Protection
"Instant Eyedropper_is1" = Instant Eyedropper 1.75
"Kaleider_is1" = Kaleider 4.8.1
"LManager" = Launch Manager
"Make The Cut!" = Make The Cut!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0.1 (x86 en-GB)" = Mozilla Firefox 25.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"Plugin Commander Light 1.61_is1" = Plugin Commander Light 1.61
"Poser Debut_is1" = Poser Debut
"Rapport_msi" = Rapport
"Samsung SCX-4100 Series" = Samsung SCX-4100 Series
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Ulead ArtTexture.Plugin 1.0" = Ulead ArtTexture.Plugin 1.0
"Ulead FantasyWarp.Plugin 1.0" = Ulead FantasyWarp.Plugin 1.0
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"XnView_is1" = XnView 1.96.1
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dashlane" = Dashlane
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spoon.net Sandbox Manager 3.33" = Spoon.net Sandbox Manager 3.33
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17/11/2013 07:20:56 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 53269443
 
Error - 17/11/2013 07:20:57 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17/11/2013 07:20:57 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 53270707
 
Error - 17/11/2013 07:20:57 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 53270707
 
Error - 17/11/2013 07:20:59 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17/11/2013 07:21:02 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 53271924
 
Error - 17/11/2013 07:21:04 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 53271924
 
Error - 17/11/2013 07:21:05 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17/11/2013 07:21:05 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 53278710
 
Error - 17/11/2013 07:21:05 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 53278710
 
[ System Events ]
Error - 15/11/2013 14:35:46 | Computer Name = Lorna-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Live ID Sign-in Assistant service to connect.
 
Error - 15/11/2013 14:35:46 | Computer Name = Lorna-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Live ID Sign-in Assistant service failed to start due
to the following error:   %%1053
 
Error - 15/11/2013 14:37:08 | Computer Name = Lorna-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   CFRMD  UimBus  Uim_IM  Uim_VIM
 
Error - 15/11/2013 14:41:28 | Computer Name = Lorna-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
 .NET Framework NGEN v4.0.30319_X64 service to connect.
 
Error - 15/11/2013 16:42:51 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 15/11/2013 16:43:12 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 15/11/2013 16:53:12 | Computer Name = Lorna-PC | Source = DCOM | ID = 10000
Description =
 
Error - 16/11/2013 13:07:02 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 17/11/2013 07:20:42 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 17/11/2013 07:21:08 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
 
< End of report >
 

[OCD]

Hi fellfromgrace,

You were supposed to click the Clean-up button in OTL to remove it from your computer.

 

Let me know if you have any other questions.

[fellfromgrace]

oh dear! well, everythung done and read now thank you. Still getting the occasional fading and 'not responding' from Firefox and Word, but the firefox stuff could be my internet connection. Now this is running better I will get around to upgrading it and perhaps that will also help

 

then I have to try the other laptop ...

Edited by fellfromgrace, 19 November 2013 - 05:11 AM.

[OCD]

Hi fellfromgrace,
 

then I have to try the other laptop ...

Just go ahead and post the following logs for the laptop here.

=========================

Security Check

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

aswMBR

Download aswMBR.exe and save it to your desktop.

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• When asked if you want to download Avast's virus definitions please select Yes.
• Click Scan
• Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
• You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================
OTL

Download OTL to your desktop.

• Make sure all other windows are closed and to let it run uninterrupted.
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  
  %USERPROFILE%\..|smtmp;true;true;true /FP
  %temp%\smtmp\*.* /s >
  /md5start
  iexplore.*
  explorer.*
  winlogon.*
  dll
  zx.dll
  hlp.dat
  consrv.dll
  services.*
  /md5stop
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\Fonts\*.exe
  %systemroot%\system32\spool\prtprocs\w32x86\*.*
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.jpg
  %systemroot%\*.png
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %ALLUSERSPROFILE%\Favorites\*.*
  %APPDATA%\Microsoft\*.*
  %PROGRAMFILES%\*.*
  %APPDATA%\Update\*.*
  %systemroot%\*. /mp /s
  dir "%systemdrive%\*" /S /A:L /C
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  %PROGRAMFILES%\bak. /s
  %systemroot%\system32\bak. /s
  %ALLUSERSPROFILE%\Start Menu\*.lnk /x
  %systemroot%\system32\config\systemprofile\*.dat /x
  %systemroot%\*.config
  %systemroot%\system32\*.db
  %PROGRAMFILES%\Internet Explorer\*.dat
  %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
  %USERPROFILE%\Desktop\*.exe
  %PROGRAMFILES%\Common Files\*.*
  %systemroot%\*.src
  %systemroot%\install\*.*
  %systemroot%\system32\DLL\*.*
  %systemroot%\system32\HelpFiles\*.*
  %systemroot%\system32\rundll\*.*
  %systemroot%\winn32\*.*
  %systemroot%\Java\*.*
  %systemroot%\system32\test\*.*
  %systemroot%\system32\Rundll32\*.*
  %systemroot%\AppPatch\Custom\*.*
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  BASESERVICES
  DRIVES
  CREATERESTOREPOINT
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

=========================

In your next post please provide the following:

• checkup.txt
• aswMBR.txt
• attach MBR.zip
• OTL.txt
• Extras.txt

[fellfromgrace]

I cannot attach the file because it times out before I get to load the page which allows me to make an attchment (this laptop is crawling, or it is the site, or my internet connection. I will try again later)

[fellfromgrace]

Oh it says I am not permitted to uploa this kind of file when I try to upload the MBR.dat!

[OCD]

Hello fellfromgrace,
 
Please re-read the directions for aswMBR.
 
"You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well."

 

Complete the remainder of the steps and post the corresponding logs. If you still cannot upload the MBR.zip file, skip it and post the logs needed for review.

[fellfromgrace]

 MBR.zip   580bytes   172 downloads

 

Oops, sorry, got frustrated with having to restart due to slowing down to zero, I guess (that's my excuse anyway) :-)

so here it is

[OCD]

Hi fellfromgrace,

 

I need to see all the logs requested when they are available.

[fellfromgrace]

That's weird as I posted them up alkready but now I see they are not there any more! I will switch pc's and get onto it now, Also I note that when it starts IU get this message from Igfxtray.exe: The procedure entrty piunt LoadSTRINGW coykd not be located in the dynamic link library hccutuils,DLL. Will get the logs now

[fellfromgrace]

OK it is not posting the entry ith all logs on. I will post them up separately Checkup:

 Results of screen317's Security Check version 0.99.77  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Avira Desktop   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 11.9.900.117  

 Adobe Reader XI  

 Google Chrome 30.0.1599.101  

 Google Chrome 30.0.1599.69  

````````Process Check: objlist.exe by Laurent````````  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

[fellfromgrace]

as

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-11-19 21:23:21

-----------------------------

21:23:21.613    OS Version: Windows x64 6.1.7601 Service Pack 1

21:23:21.613    Number of processors: 8 586 0x2A07

21:23:21.614    ComputerName: LORNASAMSUNG-PC  UserName: Lorna Samsung

21:23:22.525    Initialize success

21:27:54.632    AVAST engine defs: 13111900

21:31:14.585    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:31:14.587    Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 953869MB BusType: 3

21:31:14.589    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

21:31:14.592    Disk 1 Vendor: SanDisk_ SSD_ Size: 7641MB BusType: 3

21:31:14.799    Disk 0 MBR read successfully

21:31:14.802    Disk 0 MBR scan

21:31:14.816    Disk 0 Windows 7 default MBR code

21:31:14.829    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

21:31:14.840    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       371712 MB offset 206848

21:31:14.846    Disk 0 Partition - 00     0F Extended LBA            557368 MB offset 761473024

21:31:14.875    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS        24688 MB offset 1902962688

21:31:14.955    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       557367 MB offset 761475072

21:31:15.164    Disk 0 scanning C:\Windows\system32\drivers

21:31:28.191    Service scanning

21:31:42.519    Modules scanning

21:31:42.525    Disk 0 trace - called modules:

21:31:42.562    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

21:31:42.567    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a6af790]

21:31:42.572    3 CLASSPNP.SYS[fffff88001b2c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007e7b050]

21:31:43.570    AVAST engine scan C:\Windows

21:31:45.947    AVAST engine scan C:\Windows\system32

21:35:45.638    AVAST engine scan C:\Windows\system32\drivers

21:36:08.986    AVAST engine scan C:\Users\Lorna Samsung

21:49:36.939    AVAST engine scan C:\ProgramData

21:53:34.452    Scan finished successfully

21:55:00.814    Disk 0 MBR has been saved successfully to "C:\Users\Lorna Samsung\Desktop\MBR.dat"

21:55:00.823    The log file has been saved successfully to "C:\Users\Lorna Samsung\Desktop\aswMBR.txt"

 

 

wMBR.txt