Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Smitfraud -C Generic

Started by Seran , Jan 26 2012 03:47 AM

Please log in to reply

#1
Seran

Posted 26 January 2012 - 03:47 AM

Member

Member
37 posts

Ok. I've tried many different things to try and get rid of this [bleep]. I'm all washed up now and I want some professional help. Please, help me get rid of this guy! Here is my OTL and it also came with something called "Extras.txt" which I don't know what that is, but here it is anyways....

OTL.TXT

OTL logfile created on: 1/26/2012 03:39:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 74.47% Memory free
8.16 Gb Paging File | 7.33 Gb Available in Paging File | 89.80% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 54.35 Gb Free Space | 23.34% Space Free | Partition Type: NTFS
Drive F: | 221.45 Gb Total Space | 25.17 Gb Free Space | 11.37% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 251.47 Gb Free Space | 84.36% Space Free | Partition Type: NTFS

Computer Name: AWESOME | User Name: Martin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/26 03:38:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
PRC - [2011/12/31 22:58:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/09 15:56:13 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/10/09 15:56:13 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/10/09 15:56:13 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/10/09 15:56:13 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/10/09 15:56:13 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/10/09 15:56:13 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/10/09 15:56:13 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/10/09 15:56:13 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/08 13:55:46 | 000,076,800 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\components\RadioWMPCoreGecko9.dll
MOD - [2011/12/31 22:58:03 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/15 22:47:17 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/20 21:35:00 | 000,247,400 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/05/02 01:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/18 22:39:22 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/05/25 00:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/11 04:10:34 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- f:\Program Files (x86)\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2010/04/05 13:55:01 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/24 17:23:04 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/06/30 02:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/06/22 20:47:58 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/04/29 12:40:54 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/03 01:54:56 | 001,486,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atinavrr.sys -- (ATIAVPCI)
DRV:64bit: - [2009/06/02 18:11:05 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 00:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/04/01 12:43:00 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/05 14:14:40 | 000,135,168 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SaiK0728.sys -- (SaiK0728)
DRV:64bit: - [2009/01/13 19:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 19:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 19:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/01/13 19:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/11/04 12:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune)
DRV:64bit: - [2008/08/14 05:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2008/04/22 07:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/02/29 02:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008/02/29 02:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008/02/29 02:16:20 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008/02/18 08:20:21 | 000,041,216 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2008/02/18 08:20:21 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2008/01/20 20:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/09/28 23:30:46 | 000,091,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2007/06/25 04:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV - [2011/03/13 20:37:55 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2010/04/01 00:35:46 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/03/28 17:52:23 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007/09/07 13:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9
FF - prefs.js..extensions.enabledItems: {0002ee26-8c11-49eb-9cdf-56eeffef664f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "http://radiobar.tool...spx?srch=ku&q="
FF - prefs.js..network.proxy.backup.ftp: "localhost"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "localhost"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Martin\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox [2010/09/07 14:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/31 22:58:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 17:34:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Martin\Program Files (x86)\DNA [2009/02/25 12:01:28 | 000,000,000 | ---D | M]

[2008/09/03 11:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Extensions
[2012/01/25 00:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions
[2012/01/09 02:32:35 | 000,000,000 | ---D | M] (HotSpot International Community Toolbar) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}
[2012/01/05 00:13:49 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/04/27 17:07:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/24 09:35:25 | 000,001,490 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\searchplugins\AIM Search.xml
[2009/02/25 12:31:58 | 000,000,682 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\searchplugins\ask.xml
[2011/02/11 19:08:19 | 000,002,572 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\searchplugins\askcom.xml
[2010/03/02 02:20:25 | 000,001,589 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\searchplugins\web-search.xml
[2012/01/24 23:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/22 17:02:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D69MVSBF.DEFAULT\EXTENSIONS\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D69MVSBF.DEFAULT\EXTENSIONS\[email protected]
[2011/12/31 22:58:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2009/08/24 09:35:25 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AIM Search.xml
[2011/10/05 19:00:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/03 17:24:24 | 000,002,280 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2011/11/13 19:50:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Entanglement = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: Poppit = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: 4chan Plus = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.3.2_0\

O1 HOSTS File: ([2012/01/25 05:51:26 | 000,441,049 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 15163 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe (Samsung Electronics Co. Ltd.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [SpybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA1127] command /c del "C:\Windows\svchost.exe_old" File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA1613] command /c del "C:\Windows\svchost.exe" File not found
O4 - HKLM..\RunOnce: [SpybotDeletingC5062] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC8678] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingB2446] command /c del "C:\Windows\svchost.exe" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB3808] command /c del "C:\Windows\svchost.exe_old" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingD4742] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD7653] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{570A8F11-512F-4F69-959F-B51B1B99A90B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{45c19b7f-31a8-11e1-a3dc-001fd0230d1c}\Shell - "" = AutoRun
O33 - MountPoints2\{45c19b7f-31a8-11e1-a3dc-001fd0230d1c}\Shell\AutoRun\command - "" = I:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/26 03:37:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012/01/25 05:59:15 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\omg
[2012/01/25 05:39:08 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2012/01/25 05:39:08 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2012/01/25 05:39:08 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2012/01/25 05:39:08 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2012/01/25 05:39:08 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2012/01/25 05:39:08 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2012/01/25 05:39:08 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2012/01/25 05:39:08 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2012/01/25 05:39:08 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2012/01/25 05:39:08 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2012/01/25 05:39:08 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2012/01/25 05:28:39 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\SmitfraudFix
[2012/01/25 05:27:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/01/24 17:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2012/01/24 00:03:36 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/01/24 00:03:06 | 000,000,000 | ---D | C] -- C:\Windows\Windows Defender Offline
[2012/01/20 20:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(24)
[2012/01/16 09:18:13 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{147F3C47-C3C8-415A-9D09-AA87B05DB04B}
[2012/01/16 09:17:58 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{C897CB32-FAA0-4B97-90F4-9C7B87C080BD}
[2012/01/11 19:54:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\SanctionedMedia
[2012/01/06 04:22:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2012/01/06 04:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/01/06 04:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series
[2012/01/02 08:59:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\PCPro
[2012/01/02 08:59:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\PC Cleaners
[2012/01/02 08:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/01/02 08:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleaners
[2012/01/02 08:30:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\DriverCure
[2012/01/02 08:30:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\SpeedyPC Software
[2012/01/02 08:29:00 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/02 03:34:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{49399A44-1A4F-4089-86BB-40988C4B4805}
[2012/01/02 03:34:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{B2D07F23-E548-4645-9C27-F60D7FDB4A35}
[2011/12/31 22:24:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\SWTOR
[2011/12/31 22:24:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\HeroBlade Logs
[2011/12/31 21:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/30 04:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/12/30 04:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/12/30 04:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/12/30 03:46:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\Adobe Photoshop CS5.1
[2011/12/30 03:45:20 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/30 03:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2011/12/29 03:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG
[2011/12/29 03:15:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Intelli-studio
[2011/12/29 03:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/26 03:38:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012/01/26 03:34:38 | 000,001,356 | ---- | M] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat
[2012/01/26 03:34:34 | 000,002,277 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/26 03:33:23 | 000,706,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/26 03:33:23 | 000,605,616 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/26 03:33:23 | 000,104,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/26 03:31:08 | 000,000,732 | ---- | M] () -- C:\Users\Martin\AppData\Local\d3d9caps64.dat
[2012/01/26 03:30:45 | 076,335,980 | ---- | M] () -- C:\Users\Martin\Desktop\2ey96l3h.exe.part
[2012/01/26 03:30:45 | 000,000,000 | ---- | M] () -- C:\Users\Martin\Desktop\2ey96l3h.exe
[2012/01/26 03:28:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/26 03:26:44 | 000,000,527 | ---- | M] () -- C:\Windows\wininit.ini
[2012/01/26 03:01:10 | 402,326,754 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/25 06:05:37 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 06:05:37 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 06:04:43 | 000,000,691 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\GetValue.vbs
[2012/01/25 06:04:43 | 000,000,035 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\SetValue.bat
[2012/01/25 06:04:42 | 000,001,976 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2012/01/25 06:01:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C981F5F3-A80C-4717-8C57-AC69E0E9BED3}.job
[2012/01/25 05:58:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2836959131-4068810153-2499601522-1000UA.job
[2012/01/25 05:51:26 | 000,441,049 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/25 05:23:02 | 001,872,472 | ---- | M] () -- C:\Users\Martin\Desktop\SmitfraudFix.exe
[2012/01/24 18:10:11 | 000,008,431 | ---- | M] () -- C:\ProgramData\22cd857d
[2012/01/23 03:32:36 | 000,000,272 | ---- | M] () -- C:\Users\Martin\AppData\Local\~AHjs55iiYfoKZz
[2012/01/23 03:32:36 | 000,000,168 | ---- | M] () -- C:\Users\Martin\AppData\Local\~AHjs55iiYfoKZzr
[2012/01/23 00:29:40 | 000,000,336 | ---- | M] () -- C:\Users\Martin\AppData\Local\AHjs55iiYfoKZz
[2012/01/19 12:29:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/19 11:50:31 | 000,440,236 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120125-055126.backup
[2012/01/18 16:58:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2836959131-4068810153-2499601522-1000Core.job
[2012/01/12 09:48:53 | 000,440,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120119-115031.backup
[2012/01/09 01:58:02 | 000,001,999 | ---- | M] () -- C:\Users\Martin\Desktop\Spybot - Search & Destroy.lnk
[2012/01/09 01:54:32 | 000,001,151 | ---- | M] () -- C:\Users\Martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/06 04:13:35 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2012/01/06 04:05:54 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2012/01/06 03:46:48 | 000,439,959 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120112-094853.backup
[2012/01/02 04:10:56 | 000,012,630 | -HS- | M] () -- C:\Users\Martin\AppData\Local\xlt745ig3wqn56yo7h712l8rwidbr1xs8xcjm
[2012/01/02 04:10:56 | 000,012,630 | -HS- | M] () -- C:\ProgramData\xlt745ig3wqn56yo7h712l8rwidbr1xs8xcjm
[2011/12/31 21:44:14 | 000,000,760 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/30 08:59:27 | 004,814,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/30 03:45:16 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/12/30 03:44:48 | 002,479,184 | ---- | M] () -- C:\Users\Martin\Desktop\AdobeDownloadAssistant.exe
[2011/12/29 02:22:52 | 001,033,030 | ---- | M] () -- C:\Users\Martin\Desktop\SAM_0023.JPG
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/26 03:30:45 | 000,000,000 | ---- | C] () -- C:\Users\Martin\Desktop\2ey96l3h.exe
[2012/01/26 03:30:43 | 070,044,524 | ---- | C] () -- C:\Users\Martin\Desktop\2ey96l3h.exe.part
[2012/01/26 03:01:10 | 402,326,754 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/25 05:39:08 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2012/01/25 05:39:08 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2012/01/25 05:39:08 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/01/25 05:29:34 | 000,000,691 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\GetValue.vbs
[2012/01/25 05:29:34 | 000,000,035 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\SetValue.bat
[2012/01/25 05:24:06 | 000,001,976 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2012/01/25 05:22:34 | 001,872,472 | ---- | C] () -- C:\Users\Martin\Desktop\SmitfraudFix.exe
[2012/01/24 23:12:48 | 000,000,527 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/24 17:59:31 | 000,008,431 | ---- | C] () -- C:\ProgramData\22cd857d
[2012/01/23 00:29:52 | 000,000,272 | ---- | C] () -- C:\Users\Martin\AppData\Local\~AHjs55iiYfoKZz
[2012/01/23 00:29:52 | 000,000,168 | ---- | C] () -- C:\Users\Martin\AppData\Local\~AHjs55iiYfoKZzr
[2012/01/23 00:29:40 | 000,000,336 | ---- | C] () -- C:\Users\Martin\AppData\Local\AHjs55iiYfoKZz
[2012/01/12 07:10:43 | 000,000,732 | ---- | C] () -- C:\Users\Martin\AppData\Local\d3d9caps64.dat
[2012/01/09 01:58:02 | 000,001,999 | ---- | C] () -- C:\Users\Martin\Desktop\Spybot - Search & Destroy.lnk
[2012/01/06 04:13:35 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2012/01/06 04:05:54 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2012/01/02 02:47:50 | 000,012,630 | -HS- | C] () -- C:\Users\Martin\AppData\Local\xlt745ig3wqn56yo7h712l8rwidbr1xs8xcjm
[2012/01/02 02:47:50 | 000,012,630 | -HS- | C] () -- C:\ProgramData\xlt745ig3wqn56yo7h712l8rwidbr1xs8xcjm
[2011/12/31 21:44:14 | 000,000,760 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/30 04:08:38 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
[2011/12/30 04:05:09 | 000,000,980 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/12/30 04:04:24 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/12/30 04:02:41 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/12/30 04:02:31 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/12/30 04:01:39 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/12/30 03:45:16 | 000,000,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/12/30 03:45:16 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/12/30 03:44:44 | 002,479,184 | ---- | C] () -- C:\Users\Martin\Desktop\AdobeDownloadAssistant.exe
[2011/12/29 03:17:15 | 001,033,030 | ---- | C] () -- C:\Users\Martin\Desktop\SAM_0023.JPG
[2011/11/15 22:38:15 | 000,001,356 | ---- | C] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/05/20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/01/26 09:45:32 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/23 20:41:22 | 000,000,291 | ---- | C] () -- C:\Windows\vtmb.ini
[2011/01/20 03:01:57 | 000,000,174 | ---- | C] () -- C:\Users\Martin\AppData\Local\RAExpertHistory.xml
[2011/01/20 03:01:20 | 000,000,174 | ---- | C] () -- C:\Users\Martin\AppData\Local\rahistory.xml
[2011/01/04 16:37:46 | 000,024,576 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/08 15:23:28 | 000,204,848 | ---- | C] () -- C:\Windows\SysWow64\gswin32c.exe
[2009/06/22 14:21:44 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/11 19:25:39 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2009/06/08 18:51:10 | 000,000,760 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\setup_ldm.iss
[2009/05/26 12:19:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/26 12:18:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/05/26 12:18:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/30 22:10:58 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/04/09 09:23:57 | 000,084,362 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/03/29 12:36:14 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/03/01 23:54:34 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2009/03/01 23:54:34 | 000,036,110 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat
[2008/09/29 18:41:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/25 15:52:38 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/09/19 00:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008/09/19 00:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2008/09/05 19:29:28 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2008/09/05 19:29:26 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008/09/05 19:29:14 | 000,000,328 | ---- | C] () -- C:\Windows\game.ini
[2008/09/03 08:58:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/09/02 21:05:14 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/21 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/09/23 06:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\SysWow64\cygxml2-2.dll
[2003/08/10 08:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\SysWow64\cygiconv-2.dll
[2003/08/08 18:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll

========== LOP Check ==========

[2009/02/10 04:23:36 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\acccore
[2009/12/08 21:06:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Amazon
[2008/09/27 12:41:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Bioshock
[2010/09/28 05:54:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Bioshock2
[2009/05/17 12:39:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Braid
[2012/01/06 04:14:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canon
[2011/12/30 03:45:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/10/31 14:50:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/05 18:15:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009/02/26 02:01:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DNA
[2012/01/02 08:30:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DriverCure
[2011/02/15 21:52:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FKRMonitor
[2009/02/18 23:20:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Games
[2012/01/12 06:36:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GlarySoft
[2010/12/07 20:07:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\gtk-2.0
[2008/09/03 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech
[2010/06/16 01:33:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LolClient
[2011/02/28 18:22:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MAGIX
[2010/08/31 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ManyCam
[2009/01/10 16:59:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org
[2009/04/07 02:06:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Opera
[2010/08/28 01:15:15 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Pamela
[2012/01/02 08:59:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PC Cleaners
[2012/01/02 09:05:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PCPro
[2012/01/02 08:30:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SpeedyPC Software
[2012/01/24 22:38:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SystemRequirementsLab
[2008/09/06 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\The Longest Journey
[2010/01/13 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Tropico 3 Demo
[2010/03/09 12:20:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ubisoft
[2011/04/18 04:12:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Unity
[2012/01/24 22:29:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\uTorrent
[2009/04/07 01:18:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Windows Live Writer
[2010/08/24 23:12:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\WNR
[2012/01/25 06:05:37 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/25 06:01:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C981F5F3-A80C-4717-8C57-AC69E0E9BED3}.job
[2011/05/13 17:09:16 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{3A203E6F-0710-43F9-A55E-2D9EBC8FF01A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

EXTRAS.TXT

OTL Extras logfile created on: 1/26/2012 03:39:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 74.47% Memory free
8.16 Gb Paging File | 7.33 Gb Available in Paging File | 89.80% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 54.35 Gb Free Space | 23.34% Space Free | Partition Type: NTFS
Drive F: | 221.45 Gb Total Space | 25.17 Gb Free Space | 11.37% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 251.47 Gb Free Space | 84.36% Space Free | Partition Type: NTFS

Computer Name: AWESOME | User Name: Martin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 95 C9 7F 53 31 DE C9 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files (x86)\BitTorrent\bittorrent.exe" = F:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"F:\Program Files (x86)\BitTorrent\bittorrent.exe" = F:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10902FDE-51C1-45DB-AD2C-A9C3B2C85A7E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{160588FB-14B3-48BE-8974-AEE99B21F6DF}" = lport=3390 | protocol=6 | dir=in | app=system |
"{268AC1CD-1CD0-4482-9B63-93BBE92C1799}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{284144D9-E367-4CA5-B7B4-9261F3D90DD7}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3BAE7D84-2BF9-417D-960B-D3BB6A5580B2}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{4147AE44-6B5B-4B4F-9117-ABB87F6E2C5E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{421D8A62-5EA8-408E-96B9-1F49608AD4BF}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{45D11F92-5E7F-4610-8CE2-0C5A487E28F9}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{4E847EC9-AE4F-499E-A7C0-A4E33F84C569}" = lport=10244 | protocol=6 | dir=in | app=system |
"{537DD25E-9490-463A-8EF2-6D25BC9AC7B0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5CFEB31F-C645-4897-AB1A-CFD10A1A88D9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D46A33D-F345-44C9-994E-0B3267E618DF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5DBAE06B-77E8-42D7-8BBC-74822508182B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5FB0830A-B010-413E-B21B-3465320D1190}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{645B9713-3A86-4D92-9389-480537645BF7}" = rport=10244 | protocol=6 | dir=out | app=system |
"{65845993-9152-4FD5-BC8E-016F3204D24F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6794EEEC-88B0-46B6-873B-0CF9A838990F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{713C0E1D-BD60-4CE8-A815-F014F6CD12D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{778FB25F-B2FE-43F7-BA53-8759B8286384}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{951DC60E-B518-433A-BF7A-B4B1E691831D}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{95D05515-D827-495B-BB16-E4897B6BD99E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{963B2576-B83E-4096-94F9-263B9EE9319B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99F030E9-992F-4243-8F3D-CBAC8FEBCCE0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9B09A3DE-31AB-432D-A3F5-B4848E86D909}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{9C9F8102-4A10-4BD6-960D-CDC706644161}" = lport=3390 | protocol=6 | dir=in | app=system |
"{9F351C98-7D9B-471D-99AF-3DE30954F4E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A08CB4F6-9DA7-40C5-926C-DD74D06704AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A1AE8DDE-ED4F-4350-ABEE-A28D946BD929}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4BD56D5-9BB7-4853-8212-AE207E7AFD6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A61F4965-5812-49CE-BA77-0CD37C5473A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD1C338E-A7A3-4E0C-AF4C-963D673314FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B98E8D08-9414-47A2-9FDF-164070B718AD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFE86FFF-20D6-4CCD-B17D-FB81556990FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C733126F-EFBA-462F-B2C8-71E0052B4E69}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C87261D1-5CD1-4AD4-86A0-D0C56FB5728A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3172787-976C-4E3D-97C9-7827D27C207A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD40B5C4-9B47-4082-A5B1-18E097C1865A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAE24003-B768-4C35-95DA-7CE6647D757F}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{F1CE3002-3787-4C34-B06C-D161D624C53D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2402C5D-A4AD-4B3E-9DEB-87A2D8BD92DE}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{F84500AC-D35A-4071-B637-FB17F0809316}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FA8C4602-829D-4911-8499-A6C4078C9481}" = rport=10244 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014732E0-D8DE-48CD-B82A-9F0B26F42B62}" = protocol=17 | dir=in | app=c:\program files (x86)\proxy switcher standard\proxyswitcher.exe |
"{04B8ABB3-D80A-4FF9-A848-7682BD909898}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
"{0BC05873-5E00-42C2-85C3-47663FEE3391}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
"{0D4E5735-7CAC-4CFA-9440-1C534B684DBC}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{0DBA745D-33DF-40FE-8FB9-F6600F01F635}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the longest journey\game.exe |
"{10A0FCF9-6CA4-4749-89BD-71ED573ABB17}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{12D9BBA2-C6FF-41C5-AAE5-44E98F008932}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{130D021D-7189-4A1C-BDF7-30233D36468E}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{137D98D3-1FAC-484E-A50D-81166DBE311A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{147F5DBF-5231-4985-B2ED-1E2AB21C2EAA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
"{149AFF27-2AD7-4CBE-9CE9-E731478547F8}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe |
"{14BC53A5-D762-452B-883B-B5CCF459B451}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{159382BD-8ED6-4ABF-8369-3339365CB25E}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
"{163C258E-E8F7-4381-81D3-FB03F0B5C244}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{19040C1A-E35A-4BF9-B3B5-A6C321F679BD}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{1BB2DCE7-E85F-4626-88C5-C40ADF18A4FC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DE61CBE-2DA9-4D82-8375-43F423CA6769}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F8EF1B4-7319-4281-86A3-6B6E917FE15D}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{21F35EF6-4DCE-400A-B306-E8D5C4EEC448}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{23420334-7AFC-45FD-B342-796D14695DA8}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2392AE28-EF28-4F33-9168-83FD4BA50096}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2659AA57-A8DA-46CF-AFCA-CDFFE36AA39D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28B45787-EDEF-4D73-9D70-2A1727AAA92E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{2D8FA5DA-B2A3-49AF-9C91-FF2C846D52C8}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{30A70AA4-4E5E-4FD7-B6A4-4F6B47B9DC05}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{31760F6D-B7D2-45D5-B2AA-3F003214F5CE}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-enus-downloader.exe |
"{31E22486-802B-4D84-B3DD-5EDB0A9DDD47}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{33CE82D0-AD51-41D0-8E7B-74357BDBFCD0}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{3715CEBF-EA00-4667-A1B1-69DD21237C30}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"{37F5938B-93CF-48D3-8ACB-86DC6AFD8B75}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3856EC51-B9E8-4D44-A105-B44B1FD899DA}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{38AA5C0D-0E4D-4B69-8550-0C20E98E38C0}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{3C970AD6-4624-44D4-BCBD-217586072CAA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3CB95592-9785-4236-B085-C165BE8B3499}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"{3DE9C696-EB74-4CC9-B279-C6C5D116116C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3DEB233E-C9D0-4E73-B59E-66EF668EF4FD}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\garrysmod\hl2.exe |
"{3DEF18C8-C720-436E-BB26-BC25EB8B5688}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{3EAA88D8-75AE-40BC-B0D0-F25A69DD5FF5}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the longest journey\game.exe |
"{3EBF0186-F695-4B27-B44F-73D2300BC318}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{3F12DA18-8A2E-42CB-A97F-19ACE4478A6D}" = protocol=17 | dir=in | app=f:\program files\ventrilo\ventrilo.exe |
"{4088B85D-69A6-4762-8AB1-A9865DCA725B}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike source\hl2.exe |
"{4167E077-71DD-46AD-945C-6F350FC8BDBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43A916D7-8546-449B-AB48-A7A06C0AC66F}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{445CE83D-AF6A-4DD8-8E38-F187F4D6C05A}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{44D9B262-48C9-4CD4-A0BC-CB6C83242A99}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike source\hl2.exe |
"{460D938A-3E63-407F-96E8-EBEA858A330F}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{47463E26-6004-4144-8E00-F7B269221857}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{478334CF-719C-49B5-9A07-79BC8498E0E5}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike\hl.exe |
"{4C18A33B-AABC-45D5-9529-A2493274901A}" = protocol=6 | dir=in | app=f:\program files\ventrilo\ventrilo.exe |
"{4E016C75-CBDE-430A-8D2E-49BC5B7C253F}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{4E81C7A8-272A-4BB0-8D5E-458D6E091436}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{541AC8A2-CE79-427C-96BD-8EDBE75432D2}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\stcc demo\config.exe |
"{5599C4DF-8283-4EE7-87F9-253410A1AF50}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{58D09247-1D19-4C9D-B6A3-8151526C343D}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{58F3D7E7-4308-4CB7-8EEB-058F616085C9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{593D5F06-5852-4411-BA4B-DFE92B0AAA4C}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{5DA3C74A-5BE3-482D-B247-48D606E7EA04}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5F80E4C7-6BCA-48A9-B170-BF1313C675AC}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{5F827731-382D-4EE4-B18D-253B2922349D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5FCDCE9F-9149-4489-8CE7-67111F967B0B}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{5FD69907-FA0D-4395-93B7-8C48D6EB59FC}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{617A1B48-BEF3-40F5-9AF5-6CEA415A05F0}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{63ED2B26-6E15-45EF-B13D-8A1A8A382375}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{65021D51-3967-4A35-A07B-1BC041BCDE01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66698C43-028D-4320-88B6-29681FC8554A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{67F656C4-7060-4556-8428-4FA333BB0A72}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{693DD1E5-E147-40FC-951D-FA34D495B354}" = protocol=17 | dir=in | app=c:\program files (x86)\id software\enemy territory - quake wars\etqw.exe |
"{6A14C9D0-FF19-44A0-953E-7980FF2E4C14}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yserver.exe |
"{6CF75216-A740-4D53-B2A4-74CBBB2CF755}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{6CFFAC40-CDC0-46A7-AB94-E5230E7D8523}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{6D7B2297-8DE8-4A32-8E85-56CD0900CBB1}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\r.u.s.e. free week end\ruse.exe |
"{6DA2171B-2387-466E-8033-06B4CAB02653}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\gun\gun.exe |
"{6E2E0517-8C1E-4161-9D6B-3B857186A7A1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{70663D43-839B-438E-B5CD-FE71269E273A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{70A2202B-5D98-4F81-A0FB-9DB1DCE291F8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{70A6A469-F97B-454A-AD7B-60382E019FC8}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{72692AE4-A835-43BA-81BB-F7E59022EAD9}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe |
"{729446E0-36AF-40AD-BA0F-2CD0A90A6A03}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{76E0101A-113B-4E79-83A1-053F444B01BC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{787E5C27-29FA-42C5-92DD-3402B18D0D91}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-enus-downloader.exe |
"{78A2E354-0815-4E53-9EA6-DAB1143E5B5B}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{7A7F40E8-58BB-4224-ADFC-143EE3B159ED}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7AE73FB0-9136-444E-8CB1-2F51EE0E17A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D81C720-72E5-451C-AF3A-2A91329EF9F3}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"{7FB5657E-EAE2-4359-BD7E-8CE3321A104E}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{7FE9DA86-BF48-4100-AFCD-80A6353F8BDB}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{80725982-D801-4A70-9379-F36F5DA0C277}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{81964403-6E9B-496D-88C8-D034181DB333}" = protocol=17 | dir=in | app=f:\program files (x86)\mass effect\binaries\masseffect.exe |
"{85CA8C04-D9A4-48C2-90DA-D03E7FE6368C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{85EC4BC0-0148-49B3-97AF-B9F75900E9D1}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{864D62DF-A590-478C-B49C-DC3F8BBDE265}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{89A2B304-BCDB-49F0-B003-89FDA3AC4AE3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{8B636194-17DE-4D33-8205-43834BAF510D}" = protocol=6 | dir=in | app=f:\program files (x86)\mass effect\masseffectlauncher.exe |
"{8BC640C0-7987-4467-8823-B788DEEDC936}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{8C5F7A76-D428-4212-82D0-0DCE650CFEC1}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{8D090E3B-41FD-4582-9B6B-1CB39B5C0EBF}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{8EE298C5-02CA-4265-90BF-55A0C9A68E36}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8EEF58FC-B807-4057-B16A-5F0C5774018D}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\stcc demo\stcc_demo_steam.exe |
"{8F038208-39A7-4840-A4DA-512E5DC75AA8}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{91358567-E479-40E9-B35E-E376A48DB28B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{919D262A-91EB-4C8B-B55E-E3AF7486FAD8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{91FC23D8-D512-406F-A68F-57ED5588E3EF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{949F4A84-B91A-468C-BB33-BFDD4738F1A8}" = protocol=17 | dir=in | app=f:\program files (x86)\ea games\the battle for middle-earth ™\game.dat |
"{963A7624-FFEB-47B9-BFEC-DB30C59DCCED}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{96E0225E-2498-4681-A120-A63A4E17C298}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{975AF6CC-218F-48F3-9EAE-F155C3632F70}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{9771F090-3BA9-4D5B-B14E-DC696A5050A3}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steam.exe |
"{992E40DE-E3F2-4D21-AE9E-5D4312435B6A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\stcc demo\config.exe |
"{9AC60182-98D3-41AE-B0CF-851D825D9E40}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord\config.exe |
"{9C7B560E-BBB7-43E3-96AC-F5F4E009C17A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0A64C00-A21C-4F04-8F32-DBCCA372BC71}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe |
"{A16AC6B9-5BA9-4CE0-99A2-F82E8F4B7F33}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A2B126BA-4C24-4911-9842-4DA4D472167C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A36DD0B4-DCCA-42EC-9B28-1308FA8E1B86}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"{A4301608-7C65-45EF-925F-E5B8473E8BE8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A6654B2F-F3E0-4104-8D2F-BAD3EF006B66}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{A678FA9C-6363-4302-BE61-B3CC8E749E85}" = protocol=6 | dir=in | app=c:\program files (x86)\id software\enemy territory - quake wars\etqwded.exe |
"{A9487EB4-2D2E-46E8-AC17-87BD2CDEFC6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB4FA445-B0E0-479C-B33C-6924721AB802}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\gun\gun.exe |
"{AB9BA9C0-C5D4-479E-AF03-731D27005445}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord\config.exe |
"{ABEB1AAA-A43A-4202-BD7C-3C17AAE641ED}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{ABF140FF-67D1-4388-A4C3-AF7DBC707395}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\r.u.s.e. free week end\ruse.exe |
"{ADE90486-BE7D-4129-8A2D-E60C32DEF093}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe |
"{AE3E9777-A5C6-48A4-B767-9F149D4EF649}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{AEA70EDD-6E17-43E6-95BC-3102ABF83E34}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{AEAE26FA-4918-47AD-B0E4-E79A63452595}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AFF438AD-CFDE-4991-90C6-81D5D3DAE457}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{B051D21C-E6AD-4D38-AF1C-C645093D91F3}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe |
"{B062BCBA-26BB-4871-A6AE-625136CF3950}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B21128B5-77E3-4CB8-B1FF-FDA04F2A868E}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{B52BEFE1-25CE-4709-9ED9-8F96E343B2B7}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{B6D98829-0464-446E-80A2-A8677A709DAE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B71C2DDD-4D39-4411-A42A-34D80D523F05}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\stcc demo\stcc_demo_steam.exe |
"{B8B24028-81F1-45B7-A846-8E8257D4F2B5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B92E5A80-03B3-4F9C-AF26-33C6D83FFD80}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{B9D665CA-C90F-406B-8C7F-9604A4EB768F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-enus-downloader.exe |
"{BA232B28-0C44-48FE-BC96-5C8AF1906401}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BB9F00A2-F6CF-4BF9-89B7-CAADA37C2EA6}" = protocol=17 | dir=in | app=c:\program files (x86)\id software\enemy territory - quake wars\etqwded.exe |
"{BC29BA05-0ECB-4423-8632-58680AEF96FB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BCC9CC81-6E35-4999-877A-8195479D97A3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{BD498686-2F71-41D6-93F5-9EC5C176B104}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
"{BDC64210-C9AB-4822-B7FD-4B40EA1611C3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{BF0D3DAD-80F2-4CCF-90AB-4D050EDE879D}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
"{BF328C55-F4A7-4641-BA4D-6E5A25061EEC}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steam.exe |
"{C189C870-44EC-456F-A9AF-A34B3166F369}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C3C8B382-8CE4-4481-B2C2-358B529CDF36}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{C572B594-E036-4E6F-9CA2-38D988E6788E}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{C57800D1-BD99-4B88-9389-39381427FA6A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{C7CB3087-09E8-43E0-AE23-171AEAA7EEF7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C8D49C94-59EB-423B-BDA1-26AD699F34BE}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{CDE50145-508F-4571-9F8C-BD128B138281}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{CEC0344A-3050-440F-B59D-19744B114184}" = protocol=6 | dir=in | app=f:\program files (x86)\ea games\the battle for middle-earth ™\game.dat |
"{D2C623CF-36A7-4CEE-BCF6-87FCA7CFC842}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{D2F85320-A3C3-4FB9-AE07-F5F9DBBE907B}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
"{D6D86B03-0420-4EBC-BE5D-0B3C95E40C25}" = protocol=6 | dir=in | app=c:\program files (x86)\id software\enemy territory - quake wars\etqw.exe |
"{D768E6EF-0E6E-4A56-B5F0-E2D0504C740F}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{D8C6914B-8E83-45C0-9147-9C23C4995970}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D9758458-A8E6-4017-AE84-3D0DD97C58EA}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life\hl.exe |
"{DA1DD0DE-E9CF-45D6-A66E-92781D64F3E7}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yserver.exe |
"{DABACD59-FD7A-47E5-A571-C5209522BF0A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\srcds.exe |
"{DB94FF5C-7B8A-4027-A4FF-A0B72CB2116B}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
"{DC6F8F4A-B63A-400F-A9E7-4C2046F3AFCB}" = protocol=6 | dir=in | app=c:\program files (x86)\proxy switcher standard\proxyswitcher.exe |
"{DCE69E6B-42B4-44AB-B355-354F75D284F4}" = dir=in | app=f:\program files (x86)\itunes\itunes.exe |
"{E049A076-C2C9-4E61-9B41-3A41463FCCD4}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe |
"{E35D6242-1138-480E-893B-F30B18A2CE1B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E375E268-0643-4887-B618-703C193EFEE3}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{E5713833-B060-4323-8980-641BA733A60E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{E734A9B2-6C28-4588-BA39-7FCFB9F0E51F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{E9E35039-4DB6-4A1B-A0D5-5C0F0A482CA4}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{EA6B69EF-17C7-4D2E-B413-70315304E480}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm |
"{EAE80008-6583-4298-A434-8F27264F1A75}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{EB89C727-B702-402E-A6FE-29A11B09BAE8}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{EBB47F75-82C3-4B07-9691-DDDD3145210C}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{EE2A3386-B8EA-47B1-8051-CBCE10F85150}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{EF860CA2-17A0-4827-9262-3C9397D77A20}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"{F07BC074-E493-4F38-8D85-993B70D68BD7}" = protocol=6 | dir=out | app=system |
"{F1BC6B30-6E27-4214-8877-0D09B4A928E3}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{F2DA8DCA-02CB-4DF7-9DB2-24EBF0ABC434}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{F409CEE8-B98E-4CBE-8AD0-DAC054E778A1}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life\hl.exe |
"{F523E687-72BB-447F-9A8E-D6149D8B067B}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{F5288469-4B52-4E0A-AD83-416910417D2A}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{F570A7F3-F615-45AE-B75B-4E7D3647498D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F5DBED18-10E9-40F9-A1A7-BE4DBB4709FE}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F5FB7E79-CE11-4330-BFCB-8B73FA7DFAD4}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{F654215D-716B-415F-800D-D3C5AB07EC95}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-enus-downloader.exe |
"{F66A12F3-691E-4962-932D-BCA00F9F7322}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\garrysmod\hl2.exe |
"{F6A43E8B-DE04-437C-9F50-27D9B7502DEA}" = protocol=17 | dir=in | app=f:\program files (x86)\mass effect\masseffectlauncher.exe |
"{F89BF783-3E53-459B-8C26-EC37AE4C6BDC}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\srcds.exe |
"{F95EC79F-FCE9-4B0B-B83F-D11CB015D805}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FA22155D-BA3E-4EF6-AC78-13DC87938AC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FB667402-5057-4048-AA2F-867D748CF8FE}" = protocol=6 | dir=in | app=f:\program files (x86)\mass effect\binaries\masseffect.exe |
"{FD1522F6-468E-4C47-989B-497DE1EEEF91}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\america's army 3 dedicated server\binaries\myrunserver.bat |
"{FE58FEEB-6141-4461-BBCC-5CA08A2B7E8A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FF23786F-1B30-405C-8DC0-74547B35CF3E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm |
"{FF42FB44-302B-44DB-B456-6949AF6BD8D1}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\america's army 3 dedicated server\binaries\myrunserver.bat |
"{FFCA173D-8F9A-4B7D-952D-77B6C712FD6C}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike\hl.exe |
"TCP Query User{025A9BD4-858C-4AA9-8A03-76E38FB74977}D:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=6 | dir=in | app=d:\program files\microsoft games\shadowrun\shadowrun.exe |
"TCP Query User{059500F5-2767-45E5-9FC9-56B6FFD7A950}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{0848DCD1-291D-4971-89E4-DF5F6CB9EB37}F:\program files (x86)\steam\steamapps\terror_strike2004\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life deathmatch source\hl2.exe |
"TCP Query User{0D824A08-4522-46B3-A579-4E6FD8ACE640}C:\program files (x86)\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-1.12.0-enus-downloader.exe |
"TCP Query User{102507D3-1788-42B5-958D-DCA66469BAA7}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{19344FBC-2F92-405F-9A6B-6679B469E2D6}F:\program files (x86)\ea games\the battle for middle-earth ™\patchget.dat" = protocol=6 | dir=in | app=f:\program files (x86)\ea games\the battle for middle-earth ™\patchget.dat |
"TCP Query User{1F0FB096-EE7F-45DB-9DD6-2B58CCA05EC2}F:\program files (x86)\steam\steamapps\terror_strike2004\half-life\hl.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life\hl.exe |
"TCP Query User{1F57A0F7-E62D-435D-9AA0-306951C01C19}F:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scda-offline\system\splintercell4.exe |
"TCP Query User{258C99DC-D657-42FC-9310-C739EB2BDE0D}C:\program files\schwab\sspro\sspro.exe" = protocol=6 | dir=in | app=c:\program files\schwab\sspro\sspro.exe |
"TCP Query User{2855470D-DA66-4A7F-81D4-84410EFD009B}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"TCP Query User{2DDDF108-459D-4EB8-A4CF-4EE0A8DF1310}F:\program files (x86)\steam\steamapps\terror_strike2004\insurgency\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\insurgency\hl2.exe |
"TCP Query User{2FD442B1-DA2A-47EA-9389-2CD6864225B8}F:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source dedicated server\srcds.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source dedicated server\srcds.exe |
"TCP Query User{30D8425F-AA00-4660-9399-12B04521EE97}C:\users\martin\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\martin\program files (x86)\dna\btdna.exe |
"TCP Query User{31867614-8C2C-436F-AA42-EA2F3A2EB5A6}F:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"TCP Query User{38E25E0F-5A7C-4E2D-9DCF-E77045976F67}F:\program files (x86)\steam\steamapps\common\tshb\hyperbol_demo.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\tshb\hyperbol_demo.exe |
"TCP Query User{398158F9-6C8D-4A22-88DA-F260F5F41252}F:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe |
"TCP Query User{3B8C097F-53C0-403D-B4F6-3AA197C04926}H:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=h:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{5213F376-CF97-47AF-82D6-57F68CF07D6C}F:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike source\hl2.exe |
"TCP Query User{541660E1-F76D-41D0-961C-68690916F87B}F:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe |
"TCP Query User{56223887-C7D5-4698-A84D-AF0A21761212}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{5794F631-AA8E-4182-955E-BDE7185E3E4B}F:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{5F422E12-C5BB-4607-B312-7B97F9FF87F6}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{5FBF9898-C2E4-431D-B86D-C0E959235466}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{60C6283E-54C5-43AD-A23C-65ABF36A6CF3}C:\program files (x86)\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe |
"TCP Query User{618E94BD-0ABD-4485-BD3A-4EB42DBE9266}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{63DC5515-E3B4-4C75-A8F8-FD2BD74731AB}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe |
"TCP Query User{6BA2FBD1-1A49-40B4-B7C6-7C30B4E1B75B}F:\program files (x86)\steam\steamapps\terror_strike2004\dystopia\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\dystopia\hl2.exe |
"TCP Query User{6CB50EE6-EE5B-4D73-8CB9-F3A51FA0FCB9}C:\users\martin\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\martin\downloads\downloader_starcraft_combo_enus.exe |
"TCP Query User{6E15E87A-AB72-4778-91DB-F9C29AA80B4E}F:\program files (x86)\steam\steamapps\common\left 4 dead demo\left4dead.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead demo\left4dead.exe |
"TCP Query User{6EE13B67-2A1B-4744-8B01-7B221B4449B9}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{7097A9BE-3FFA-4DF1-A934-5AE5318560F0}F:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe |
"TCP Query User{76780B4B-CBD5-4077-924F-1176CD45C478}C:\program files (x86)\net tools\nettools5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"TCP Query User{7DE69002-5F4B-48FD-A7B0-9480A5379EB0}F:\program files (x86)\steam\steamapps\terror_strike2004\eternal-silence\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\eternal-silence\hl2.exe |
"TCP Query User{8492964D-BEBE-4D95-92E1-9126D5F7AFE0}F:\program files (x86)\steam\steamapps\terror_strike2004\smashball\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\smashball\hl2.exe |
"TCP Query User{91AD109C-04FC-42B7-9960-4E054F3146EA}C:\program files (x86)\multiwinia\multiwinia.exe" = protocol=6 | dir=in | app=c:\program files (x86)\multiwinia\multiwinia.exe |
"TCP Query User{98972E02-D134-4670-AB4C-03229A18E509}F:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe |
"TCP Query User{99E5A9F7-1E3C-4D0D-B51F-7011A4D42665}F:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"TCP Query User{9EA9BB67-CF51-45BA-94C8-C07C29132EAD}F:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe |
"TCP Query User{A764DBAF-4F1C-49EE-BA3E-809E958143C6}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{AB7614CB-EF6C-4962-87C6-9DA65CF636FB}F:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"TCP Query User{AE385C42-E77D-4DF3-96E0-BEFE1DCE71E0}C:\users\martin\downloads\downloader_starcraft_combo_enus(2).exe" = protocol=6 | dir=in | app=c:\users\martin\downloads\downloader_starcraft_combo_enus(2).exe |
"TCP Query User{AF3DEAA8-F724-4D62-8C14-62948304375E}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{B52AA448-A854-4483-A846-DCD4AC854C5D}C:\program files (x86)\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe |
"TCP Query User{B8410D6C-CAA6-494D-AD3F-888E05A52F64}F:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=f:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{B8A26AEB-D39E-45EA-8F16-5A091A6D551D}F:\program files (x86)\steam\steamapps\common\assassin's creed 2\uplaybrowser.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\assassin's creed 2\uplaybrowser.exe |
"TCP Query User{BA43C2E4-4A4A-4C44-82DE-716B44405EE5}F:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe |
"TCP Query User{BAF7440C-C512-4FA8-90A6-D1FDDB472FB4}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{BB092845-A57E-4969-BB86-57B33C38549A}F:\program files (x86)\sierra\fear\fpupdate.exe" = protocol=6 | dir=in | app=f:\program files (x86)\sierra\fear\fpupdate.exe |
"TCP Query User{BC610624-26B2-40F5-A478-5E1919B05482}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{BE737120-A6BA-4CB8-8B71-17AD14FBF76C}F:\program files (x86)\steam\steamapps\terror_strike2004\diprip warm up\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\diprip warm up\hl2.exe |
"TCP Query User{C25D4FA1-9DAB-46F6-9F4A-EE84CC72EABC}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"TCP Query User{C51E3E38-5C82-46D0-B206-AB36532BCA87}F:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"TCP Query User{CB86DDF0-4872-4C1C-AF87-045EA17A0F29}F:\program files (x86)\steam\steamapps\terror_strike2004\source sdk base\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\source sdk base\hl2.exe |
"TCP Query User{D1209192-654C-4EA7-981C-0EA1D0016BE4}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{D38A4943-52CB-4F35-883A-3C0522844E3F}F:\program files (x86)\steam\steamapps\terror_strike2004\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life 2 deathmatch\hl2.exe |
"TCP Query User{D85A23B6-0701-4E38-AC50-A9A84304EE18}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{D86C7187-BC89-44D6-8184-0EA46347B31F}F:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"TCP Query User{DB29DE00-6BDB-4583-BB58-C62B49328317}C:\program files (x86)\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe |
"TCP Query User{F14A2D21-8F61-42CB-A0F6-98DF7650A701}F:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe |
"TCP Query User{F5C72F74-3C93-4D9F-AE6D-1E8E3ED59063}C:\program files (x86)\mediamall\settingsmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\settingsmanager.exe |
"UDP Query User{060C46D7-EBDB-45A8-8221-6844DBE92011}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{093F2F49-5DF5-4192-899A-50660717F457}F:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=f:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{0EE9A85F-B207-45DA-A609-24B9ABECC89B}C:\program files (x86)\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-1.12.0-enus-downloader.exe |
"UDP Query User{26C1B9DB-3A58-43F0-A809-FCF343696979}F:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe |
"UDP Query User{2806E026-0E89-477C-81BA-79D1D6CC69C6}C:\users\martin\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\martin\program files (x86)\dna\btdna.exe |
"UDP Query User{296432BD-CB98-41A6-A636-BD9A71B3F9A6}F:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike source\hl2.exe |
"UDP Query User{2C9D3740-E9E8-4450-BC11-FA6B76C08EF5}F:\program files (x86)\steam\steamapps\common\left 4 dead demo\left4dead.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead demo\left4dead.exe |
"UDP Query User{2D489F28-BDE3-4417-AA0C-422088B837F6}F:\program files (x86)\steam\steamapps\common\assassin's creed 2\uplaybrowser.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\assassin's creed 2\uplaybrowser.exe |
"UDP Query User{2FA4FF67-2C92-437A-BFA1-774E0B43805B}C:\program files (x86)\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe |
"UDP Query User{3394A4B9-D3D5-43A9-B0CB-DB9414F213F6}C:\program files (x86)\mediamall\settingsmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\settingsmanager.exe |
"UDP Query User{369D9583-62BB-422B-8A68-C47028C95F04}F:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"UDP Query User{429F02F5-E59E-430C-94E3-AA9FA23C9C0C}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{4F0CD134-7116-4C9F-A11A-0F5004109D50}C:\program files (x86)\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe |
"UDP Query User{55161082-14DA-4269-AA2A-0C884C6FA65D}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{5D6154E9-6A60-4FA9-A5CF-0CF9481A92B5}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{5E37C784-E72E-4F96-804E-D1E80EFB45B3}F:\program files (x86)\steam\steamapps\terror_strike2004\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life deathmatch source\hl2.exe |
"UDP Query User{60BC368D-2E80-44B5-9E8E-9A04EDF08BB1}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{62082973-5A53-4828-8B7B-D0A75E1A3589}F:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"UDP Query User{63034944-633E-4601-93B0-ED1D09202D8E}F:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe |
"UDP Query User{6884A1E2-FCA3-47CD-A463-8121E059B48A}F:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scda-offline\system\splintercell4.exe |
"UDP Query User{77895878-0C3A-484D-A030-4D984F3A8D03}D:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=17 | dir=in | app=d:\program files\microsoft games\shadowrun\shadowrun.exe |
"UDP Query User{7C4036AF-BA75-439B-98A0-23BFBCF00361}F:\program files (x86)\steam\steamapps\terror_strike2004\source sdk base\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\source sdk base\hl2.exe |
"UDP Query User{7D823FD0-9521-43D8-8F8E-8EB8F744139B}F:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source dedicated server\srcds.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source dedicated server\srcds.exe |
"UDP Query User{7DFCD4BF-435E-4D4A-BDC1-230A86B7FD9B}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{7EAF2842-F676-49FA-BDDA-EEDDEDE80F7B}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"UDP Query User{7EBE9F5D-937E-4822-990B-80E2E4227427}C:\program files (x86)\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe |
"UDP Query User{81094E36-0C95-45B8-A99A-2ACC956F656E}F:\program files (x86)\steam\steamapps\terror_strike2004\eternal-silence\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\eternal-silence\hl2.exe |
"UDP Query User{81A3901D-4978-478D-A538-EED0D1E03EA9}F:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe |
"UDP Query User{836CF3F6-1ED0-4FA6-A238-2623F072D0EB}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{857744C7-297E-479B-9EFF-060C2204E368}F:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{88A761FE-61F4-4871-99DB-1B840C8B1136}C:\program files\schwab\sspro\sspro.exe" = protocol=17 | dir=in | app=c:\program files\schwab\sspro\sspro.exe |
"UDP Query User{8BB4BB45-9066-4337-A8AF-28E728291970}F:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe |
"UDP Query User{8CD510ED-D963-4393-9565-6A1B31C46AE3}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{92294910-F8AE-4D51-B6C6-6E808393C97C}F:\program files (x86)\steam\steamapps\terror_strike2004\diprip warm up\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\diprip warm up\hl2.exe |
"UDP Query User{988B49B0-40A9-41F5-97AF-84C12AF48C5E}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{A5D5C6EA-65D9-4CCC-B937-31A6FE7965BF}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{AC6B26A1-ADDF-43A1-965E-00B994B4ECFE}F:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"UDP Query User{ACF6D9D7-702C-45C2-93F3-1FBDA7A041B9}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{AED4A286-6B48-4957-885C-D6496F1AE88B}F:\program files (x86)\steam\steamapps\common\tshb\hyperbol_demo.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\tshb\hyperbol_demo.exe |
"UDP Query User{B2ABB53A-BD11-4FBC-A364-688C40AB159F}C:\users\martin\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\martin\downloads\downloader_starcraft_combo_enus.exe |
"UDP Query User{B6A407B0-BE02-4494-88B4-FFF3B71A2CB9}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{C117F367-6566-4162-9958-0CE7CB00F294}C:\program files (x86)\multiwinia\multiwinia.exe" = protocol=17 | dir=in | app=c:\program files (x86)\multiwinia\multiwinia.exe |
"UDP Query User{C166DA5D-CCE0-4BF0-AF56-CEA48F8FCBD3}F:\program files (x86)\steam\steamapps\terror_strike2004\dystopia\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\dystopia\hl2.exe |
"UDP Query User{C46B4284-FDE7-4007-B333-063225658F9C}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{CD0F1165-3A38-430E-9E95-D6F508745EC2}F:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"UDP Query User{CE79A2A8-5875-4D9D-90D3-633A2CB8C892}F:\program files (x86)\ea games\the battle for middle-earth ™\patchget.dat" = protocol=17 | dir=in | app=f:\program files (x86)\ea games\the battle for middle-earth ™\patchget.dat |
"UDP Query User{D0291F12-F963-46A9-ADF9-7572CC3D839A}F:\program files (x86)\steam\steamapps\terror_strike2004\half-life\hl.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life\hl.exe |
"UDP Query User{D11E5F1E-605E-4D7F-B906-160EEB290274}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{DA986828-CB53-45D3-AEEE-9354ACF65B9D}F:\program files (x86)\steam\steamapps\terror_strike2004\smashball\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\smashball\hl2.exe |
"UDP Query User{DCFF1A3A-A853-4319-BE73-631758E5C95B}F:\program files (x86)\steam\steamapps\terror_strike2004\insurgency\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\insurgency\hl2.exe |
"UDP Query User{DFCBA3B8-779E-48D0-81D6-14CBA7F1F765}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe |
"UDP Query User{EBC2E53E-FE19-4209-9A70-7846071A9053}F:\program files (x86)\sierra\fear\fpupdate.exe" = protocol=17 | dir=in | app=f:\program files (x86)\sierra\fear\fpupdate.exe |
"UDP Query User{EE993C8F-B805-4E19-AFF6-A2395ECD78EE}F:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"UDP Query User{EEA8E0B2-4175-4BD6-8AD1-0C2887FDA50E}F:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe |
"UDP Query User{EFA90631-0564-477B-A201-7E4A4311664A}C:\program files (x86)\net tools\nettools5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"UDP Query User{F5DB384B-1D3B-4EF4-98C6-9B1A43328A92}F:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe |
"UDP Query User{F847F542-9E8B-4A8A-AFEE-F6C6AC3837AE}H:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=h:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{F8872B91-BD83-4739-9870-9388E5EFD864}F:\program files (x86)\steam\steamapps\terror_strike2004\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life 2 deathmatch\hl2.exe |
"UDP Query User{FAB1B8A4-6348-4688-8DBC-970460BAB3B8}C:\users\martin\downloads\downloader_starcraft_combo_enus(2).exe" = protocol=17 | dir=in | app=c:\users\martin\downloads\downloader_starcraft_combo_enus(2).exe |
"UDP Query User{FFB41587-DB56-4859-8CCE-D9783D7F20C1}F:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{315ADCE4-CCD6-49FC-BB26-D14E82E6AD7F}" = Saitek SD6 Programming Software 6.2.1.3
"{34280DB1-8558-4709-AB7E-62A572C03355}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"DriverAgent.exe" = DriverAgent by eSupport.com
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{664708B3-C730-11D5-ADE7-00B0D07D157A}" = StreetSmart Pro
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C3234E43-10BF-470E-BD2B-2E36EA29D11C}" = League of Legends
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIM_7" = AIM 7
"Canon MP495 series User Registration" = Canon MP495 series User Registration
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FairUse Wizard 2" = FairUse Wizard 2
"Fraps" = Fraps
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"GoldWave v5.20" = GoldWave v5.20
"Google Updater" = Google Updater
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"Intelli-studio" = SAMSUNG Intelli-studio
"ManyCam" = ManyCam 2.6.30 (remove only)
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 11.50.1074" = Opera 11.50
"Pamela" = Pamela Pro 4.6
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.24
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Solid YouTube FileBulldog Toolbar" = Solid YouTube FileBulldog Toolbar
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Steam App 10" = Counter-Strike
"Steam App 11450" = Overlord
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 1260" = Killing Floor SDK
"Steam App 12810" = Overlord II
"Steam App 130" = Half-Life: Blue Shift
"Steam App 13180" = America's Army 3 Dedicated Server
"Steam App 13210" = Unreal Tournament 3
"Steam App 15100" = Assassin's Creed
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 17505" = Zombie Panic! Source Dedicated Server
"Steam App 17525" = Synergy Dedicated Server
"Steam App 17535" = D.I.P.R.I.P. Dedicated Server
"Steam App 20" = Team Fortress Classic
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 22000" = World of Goo
"Steam App 240" = Counter-Strike: Source
"Steam App 24400" = King Arthur - The Role-playing Wargame
"Steam App 24740" = Burnout Paradise: The Ultimate Box
"Steam App 24980" = Mass Effect 2
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 5" = Dedicated Server
"Steam App 50" = Opposing Force
"Steam App 500" = Left 4 Dead
"Steam App 510" = Left 4 Dead Dedicated Server
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 6310" = The Longest Journey
"Steam App 8710" = STCC Demo Dedicated Server
"Steam App 8730" = GTR Evolution Demo Dedicated Server
"Steam App 8850" = BioShock 2
"SystemRequirementsLab" = System Requirements Lab
"The Sith Lords Restored Content Mod_is1" = TSLRCM 1.5
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.7
"VTFEdit_is1" = VTFEdit 1.2.5
"Warcraft III" = Warcraft III
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Smad" = SanctionedMedia
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/25/2012 07:43:39 | Computer Name = Awesome | Source = WinMgmt | ID = 10
Description =

Error - 1/25/2012 07:46:15 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/25/2012 07:46:15 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/25/2012 07:46:15 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/25/2012 07:46:15 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/25/2012 07:46:15 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/26/2012 05:02:12 | Computer Name = Awesome | Source = EventSystem | ID = 4609
Description =

Error - 1/26/2012 05:02:56 | Computer Name = Awesome | Source = WinMgmt | ID = 10
Description =

Error - 1/26/2012 05:29:05 | Computer Name = Awesome | Source = EventSystem | ID = 4609
Description =

Error - 1/26/2012 05:29:51 | Computer Name = Awesome | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 7/1/2011 04:17:07 | Computer Name = Awesome | Source = McrMgr | ID = 112
Description =

Error - 7/1/2011 20:24:31 | Computer Name = Awesome | Source = McrMgr | ID = 109
Description =

Error - 7/1/2011 20:34:54 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 20:36:18 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 20:37:08 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 20:39:09 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 23:14:15 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 23:14:46 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 23:27:47 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 23:53:23 | Computer Name = Awesome | Source = McrMgr | ID = 109
Description =

[ System Events ]
Error - 1/26/2012 05:29:51 | Computer Name = Awesome | Source = Service Control Manager | ID = 7001
Description =

Error - 1/26/2012 05:29:51 | Computer Name = Awesome | Source = Service Control Manager | ID = 7001
Description =

Error - 1/26/2012 05:29:51 | Computer Name = Awesome | Source = Service Control Manager | ID = 7003
Description =

Error - 1/26/2012 05:29:51 | Computer Name = Awesome | Source = Service Control Manager | ID = 7003
Description =

Error - 1/26/2012 05:29:51 | Computer Name = Awesome | Source = Service Control Manager | ID = 7003
Description =

Error - 1/26/2012 05:29:51 | Computer Name = Awesome | Source = Service Control Manager | ID = 7026
Description =

Error - 1/26/2012 05:30:44 | Computer Name = Awesome | Source = Service Control Manager | ID = 7001
Description =

Error - 1/26/2012 05:38:21 | Computer Name = Awesome | Source = DCOM | ID = 10005
Description =

Error - 1/26/2012 05:38:45 | Computer Name = Awesome | Source = DCOM | ID = 10005
Description =

Error - 1/26/2012 05:38:45 | Computer Name = Awesome | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.119.545.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

< End of report >

#2
RKinner

Posted 26 January 2012 - 04:38 PM

Malware Expert

Expert
24,625 posts

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Allow it to download and run Avast)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
Seran

Posted 26 January 2012 - 05:23 PM

Member

Topic Starter
Member
37 posts

Please delete this post.

Edited by Seran, 26 January 2012 - 06:06 PM.

#4
Seran

Posted 26 January 2012 - 06:01 PM

Member

Topic Starter
Member
37 posts

BTW! The combo fixer log never posted, it hanged there for like 20 minutes, dunno why. But I did run Spybot and it showed my computer as clean. Didn't find Smitfraud at all...

Here is the TDSSkiller Txt though...

16:36:25.0693 4068 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
16:36:26.0275 4068 ============================================================
16:36:26.0275 4068 Current date / time: 2012/01/26 16:36:26.0275
16:36:26.0275 4068 SystemInfo:
16:36:26.0275 4068
16:36:26.0275 4068 OS Version: 6.0.6002 ServicePack: 2.0
16:36:26.0275 4068 Product type: Workstation
16:36:26.0275 4068 ComputerName: AWESOME
16:36:26.0276 4068 UserName: Martin
16:36:26.0276 4068 Windows directory: C:\Windows
16:36:26.0276 4068 System windows directory: C:\Windows
16:36:26.0276 4068 Running under WOW64
16:36:26.0276 4068 Processor architecture: Intel x64
16:36:26.0276 4068 Number of processors: 2
16:36:26.0276 4068 Page size: 0x1000
16:36:26.0276 4068 Boot type: Normal boot
16:36:26.0276 4068 ============================================================
16:36:27.0510 4068 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:36:27.0523 4068 Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:36:27.0550 4068 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:36:27.0672 4068 Initialize success
16:36:38.0693 3352 ============================================================
16:36:38.0693 3352 Scan started
16:36:38.0693 3352 Mode: Manual; SigCheck; TDLFS;
16:36:38.0693 3352 ============================================================
16:36:40.0327 3352 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:36:40.0626 3352 ACPI - ok
16:36:40.0891 3352 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:36:41.0039 3352 adp94xx - ok
16:36:41.0161 3352 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:36:41.0237 3352 adpahci - ok
16:36:41.0352 3352 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:36:41.0419 3352 adpu160m - ok
16:36:41.0563 3352 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:36:41.0619 3352 adpu320 - ok
16:36:41.0822 3352 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
16:36:41.0971 3352 AFD - ok
16:36:42.0201 3352 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:36:42.0254 3352 agp440 - ok
16:36:42.0472 3352 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:36:42.0557 3352 aic78xx - ok
16:36:42.0766 3352 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
16:36:42.0834 3352 aliide - ok
16:36:42.0923 3352 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:36:42.0968 3352 amdide - ok
16:36:43.0030 3352 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
16:36:43.0117 3352 AmdK8 - ok
16:36:43.0394 3352 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:36:43.0439 3352 arc - ok
16:36:43.0662 3352 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:36:43.0719 3352 arcsas - ok
16:36:43.0854 3352 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:36:43.0960 3352 AsyncMac - ok
16:36:44.0131 3352 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
16:36:44.0167 3352 atapi - ok
16:36:44.0762 3352 ATIAVPCI (a87c69ea0319a6d1b5457290a7d62f75) C:\Windows\system32\DRIVERS\atinavrr.sys
16:36:45.0519 3352 ATIAVPCI - ok
16:36:45.0858 3352 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:36:45.0998 3352 blbdrive - ok
16:36:46.0138 3352 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:36:46.0291 3352 bowser - ok
16:36:46.0338 3352 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:36:47.0076 3352 BrFiltLo - ok
16:36:47.0253 3352 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:36:47.0357 3352 BrFiltUp - ok
16:36:47.0576 3352 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:36:48.0840 3352 Brserid - ok
16:36:49.0045 3352 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:36:49.0397 3352 BrSerWdm - ok
16:36:49.0672 3352 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:36:49.0926 3352 BrUsbMdm - ok
16:36:50.0112 3352 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:36:50.0339 3352 BrUsbSer - ok
16:36:50.0473 3352 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:36:50.0635 3352 BTHMODEM - ok
16:36:50.0897 3352 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
16:36:50.0966 3352 BVRPMPR5a64 - ok
16:36:51.0066 3352 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:36:51.0174 3352 cdfs - ok
16:36:51.0349 3352 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:36:51.0495 3352 cdrom - ok
16:36:51.0574 3352 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
16:36:51.0752 3352 circlass - ok
16:36:51.0957 3352 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:36:52.0079 3352 CLFS - ok
16:36:52.0339 3352 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:36:52.0374 3352 cmdide - ok
16:36:52.0448 3352 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
16:36:52.0588 3352 Compbatt - ok
16:36:52.0664 3352 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:36:52.0700 3352 crcdisk - ok
16:36:52.0850 3352 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:36:52.0932 3352 DfsC - ok
16:36:53.0044 3352 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:36:53.0091 3352 disk - ok
16:36:53.0327 3352 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
16:36:53.0460 3352 Dot4 - ok
16:36:53.0684 3352 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:36:53.0783 3352 Dot4Print - ok
16:36:53.0824 3352 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
16:36:53.0923 3352 dot4usb - ok
16:36:54.0064 3352 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:36:54.0140 3352 drmkaud - ok
16:36:54.0303 3352 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
16:36:54.0379 3352 DrvAgent64 - ok
16:36:54.0506 3352 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
16:36:54.0580 3352 DXGKrnl - ok
16:36:54.0725 3352 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:36:54.0868 3352 E1G60 - ok
16:36:55.0007 3352 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:36:55.0057 3352 Ecache - ok
16:36:55.0173 3352 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:36:55.0306 3352 elxstor - ok
16:36:55.0547 3352 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
16:36:55.0607 3352 ENTECH64 - ok
16:36:55.0694 3352 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
16:36:55.0782 3352 ErrDev - ok
16:36:55.0875 3352 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:36:55.0984 3352 exfat - ok
16:36:56.0074 3352 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:36:56.0187 3352 fastfat - ok
16:36:56.0220 3352 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:36:56.0303 3352 fdc - ok
16:36:56.0363 3352 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:36:56.0412 3352 FileInfo - ok
16:36:56.0466 3352 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:36:56.0557 3352 Filetrace - ok
16:36:56.0608 3352 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:36:56.0732 3352 flpydisk - ok
16:36:56.0835 3352 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:36:56.0930 3352 FltMgr - ok
16:36:57.0110 3352 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
16:36:57.0188 3352 Fs_Rec - ok
16:36:57.0236 3352 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:36:57.0279 3352 gagp30kx - ok
16:36:57.0345 3352 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
16:36:57.0385 3352 gdrv - ok
16:36:57.0498 3352 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:36:57.0524 3352 GEARAspiWDM - ok
16:36:57.0883 3352 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\Windows\system32\DRIVERS\hamachi.sys
16:36:57.0917 3352 hamachi - ok
16:36:57.0963 3352 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
16:36:58.0084 3352 HdAudAddService - ok
16:36:58.0309 3352 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:36:58.0509 3352 HDAudBus - ok
16:36:58.0667 3352 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:36:58.0773 3352 HidBth - ok
16:36:58.0826 3352 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
16:36:58.0921 3352 HidIr - ok
16:36:58.0968 3352 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
16:36:59.0103 3352 HidUsb - ok
16:36:59.0151 3352 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:36:59.0181 3352 HpCISSs - ok
16:36:59.0403 3352 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:36:59.0533 3352 HTTP - ok
16:36:59.0584 3352 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:36:59.0619 3352 i2omp - ok
16:36:59.0731 3352 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:36:59.0816 3352 i8042prt - ok
16:36:59.0877 3352 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:36:59.0939 3352 iaStorV - ok
16:36:59.0997 3352 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:37:00.0037 3352 iirsp - ok
16:37:00.0447 3352 IntcAzAudAddService (9297bc7fb61f58670ee176dd18f4dd92) C:\Windows\system32\drivers\RTKVHD64.sys
16:37:00.0605 3352 IntcAzAudAddService - ok
16:37:00.0784 3352 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
16:37:00.0852 3352 intelide - ok
16:37:00.0920 3352 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:37:01.0032 3352 intelppm - ok
16:37:01.0076 3352 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:37:01.0159 3352 IpFilterDriver - ok
16:37:01.0216 3352 IpInIp - ok
16:37:01.0537 3352 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:37:01.0622 3352 IPMIDRV - ok
16:37:01.0703 3352 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:37:01.0801 3352 IPNAT - ok
16:37:01.0851 3352 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:37:01.0932 3352 IRENUM - ok
16:37:01.0962 3352 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:37:01.0993 3352 isapnp - ok
16:37:02.0030 3352 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:37:02.0075 3352 iScsiPrt - ok
16:37:02.0393 3352 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:37:02.0436 3352 iteatapi - ok
16:37:02.0472 3352 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:37:02.0521 3352 iteraid - ok
16:37:02.0600 3352 JRAID (98e7d6164eba27ef25835f95910e622c) C:\Windows\system32\DRIVERS\jraid.sys
16:37:02.0694 3352 JRAID - ok
16:37:02.0724 3352 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:37:02.0755 3352 kbdclass - ok
16:37:02.0841 3352 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
16:37:02.0972 3352 kbdhid - ok
16:37:03.0025 3352 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
16:37:03.0109 3352 KSecDD - ok
16:37:03.0165 3352 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:37:03.0317 3352 ksthunk - ok
16:37:03.0386 3352 L8042Kbd (bbd9bbed0de036b2297e6434b26d1ae9) C:\Windows\system32\DRIVERS\L8042Kbd.sys
16:37:03.0412 3352 L8042Kbd - ok
16:37:03.0498 3352 LHidFilt (aa3d903c5a7538803f2400a8391f1881) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:37:03.0525 3352 LHidFilt - ok
16:37:03.0566 3352 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:37:03.0663 3352 lltdio - ok
16:37:03.0920 3352 LMouFilt (90b4b2b0b5f05abb9fb365405a7b825b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:37:03.0952 3352 LMouFilt - ok
16:37:04.0001 3352 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:37:04.0050 3352 LSI_FC - ok
16:37:04.0158 3352 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:37:04.0260 3352 LSI_SAS - ok
16:37:04.0297 3352 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:37:04.0336 3352 LSI_SCSI - ok
16:37:04.0375 3352 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:37:04.0497 3352 luafv - ok
16:37:04.0587 3352 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:37:04.0624 3352 LVPr2M64 - ok
16:37:04.0643 3352 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
16:37:04.0672 3352 LVPr2Mon - ok
16:37:04.0711 3352 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
16:37:04.0788 3352 LVRS64 - ok
16:37:04.0816 3352 LVUSBS64 - ok
16:37:05.0086 3352 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
16:37:05.0381 3352 LVUVC64 - ok
16:37:05.0556 3352 MagicTune (b3b7c5f26f3f8c7992350b7ede64f5c9) C:\Windows\system32\drivers\MTiCtwl.sys
16:37:05.0602 3352 MagicTune - ok
16:37:05.0667 3352 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:37:05.0707 3352 megasas - ok
16:37:05.0747 3352 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:37:05.0841 3352 MegaSR - ok
16:37:05.0895 3352 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:37:06.0029 3352 Modem - ok
16:37:06.0079 3352 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:37:06.0171 3352 monitor - ok
16:37:06.0222 3352 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:37:06.0301 3352 mouclass - ok
16:37:06.0365 3352 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:37:06.0527 3352 mouhid - ok
16:37:06.0666 3352 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:37:06.0705 3352 MountMgr - ok
16:37:06.0739 3352 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:37:06.0798 3352 MpFilter - ok
16:37:06.0835 3352 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:37:06.0971 3352 mpio - ok
16:37:07.0033 3352 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:37:07.0120 3352 MpNWMon - ok
16:37:07.0292 3352 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:37:07.0377 3352 mpsdrv - ok
16:37:07.0437 3352 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:37:07.0471 3352 Mraid35x - ok
16:37:07.0666 3352 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:37:07.0760 3352 MRxDAV - ok
16:37:07.0972 3352 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:37:08.0058 3352 mrxsmb - ok
16:37:08.0218 3352 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:37:08.0283 3352 mrxsmb10 - ok
16:37:08.0322 3352 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:37:08.0406 3352 mrxsmb20 - ok
16:37:08.0437 3352 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
16:37:08.0504 3352 msahci - ok
16:37:08.0663 3352 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:37:08.0701 3352 msdsm - ok
16:37:08.0747 3352 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:37:08.0879 3352 Msfs - ok
16:37:09.0023 3352 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:37:09.0055 3352 msisadrv - ok
16:37:09.0162 3352 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:37:09.0244 3352 MSKSSRV - ok
16:37:09.0289 3352 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:37:09.0384 3352 MSPCLOCK - ok
16:37:09.0406 3352 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:37:09.0492 3352 MSPQM - ok
16:37:09.0661 3352 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:37:09.0719 3352 MsRPC - ok
16:37:09.0769 3352 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:37:09.0801 3352 mssmbios - ok
16:37:09.0852 3352 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:37:09.0957 3352 MSTEE - ok
16:37:10.0013 3352 msvad_simple (c83829c280f0207677b7aaa151ef9c4d) C:\Windows\system32\drivers\povrtdev.sys
16:37:10.0040 3352 msvad_simple - ok
16:37:10.0060 3352 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:37:10.0098 3352 Mup - ok
16:37:10.0178 3352 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:37:10.0246 3352 NativeWifiP - ok
16:37:10.0419 3352 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:37:10.0569 3352 NDIS - ok
16:37:10.0594 3352 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:37:10.0664 3352 NdisTapi - ok
16:37:10.0704 3352 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:37:10.0795 3352 Ndisuio - ok
16:37:10.0839 3352 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:37:10.0926 3352 NdisWan - ok
16:37:11.0011 3352 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:37:11.0145 3352 NDProxy - ok
16:37:11.0185 3352 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:37:11.0270 3352 NetBIOS - ok
16:37:11.0298 3352 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:37:11.0405 3352 netbt - ok
16:37:11.0450 3352 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:37:11.0506 3352 nfrd960 - ok
16:37:11.0547 3352 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:37:11.0579 3352 NisDrv - ok
16:37:11.0731 3352 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:37:11.0808 3352 Npfs - ok
16:37:11.0836 3352 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:37:11.0948 3352 nsiproxy - ok
16:37:12.0019 3352 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:37:12.0203 3352 Ntfs - ok
16:37:12.0251 3352 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:37:12.0323 3352 Null - ok
16:37:13.0184 3352 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:37:15.0667 3352 nvlddmkm - ok
16:37:15.0860 3352 NwlnkFlt - ok
16:37:16.0019 3352 NwlnkFwd - ok
16:37:16.0093 3352 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
16:37:16.0202 3352 ohci1394 - ok
16:37:16.0348 3352 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
16:37:16.0445 3352 Parport - ok
16:37:16.0548 3352 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
16:37:16.0596 3352 partmgr - ok
16:37:16.0791 3352 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:37:16.0842 3352 pci - ok
16:37:16.0996 3352 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
16:37:17.0033 3352 pciide - ok
16:37:17.0194 3352 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:37:17.0291 3352 pcmcia - ok
16:37:17.0397 3352 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:37:17.0673 3352 PEAUTH - ok
16:37:17.0810 3352 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:37:17.0911 3352 PptpMiniport - ok
16:37:17.0948 3352 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
16:37:18.0048 3352 Processor - ok
16:37:18.0146 3352 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:37:18.0210 3352 PSched - ok
16:37:18.0321 3352 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:37:18.0428 3352 ql2300 - ok
16:37:18.0682 3352 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:37:18.0717 3352 ql40xx - ok
16:37:18.0785 3352 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:37:18.0879 3352 QWAVEdrv - ok
16:37:19.0054 3352 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:37:19.0168 3352 RasAcd - ok
16:37:19.0220 3352 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:37:19.0314 3352 Rasl2tp - ok
16:37:19.0477 3352 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:37:19.0539 3352 RasPppoe - ok
16:37:19.0632 3352 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:37:19.0696 3352 RasSstp - ok
16:37:19.0745 3352 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:37:19.0840 3352 rdbss - ok
16:37:19.0859 3352 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:37:19.0928 3352 RDPCDD - ok
16:37:19.0977 3352 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
16:37:20.0084 3352 rdpdr - ok
16:37:20.0119 3352 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:37:20.0225 3352 RDPENCDD - ok
16:37:20.0279 3352 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
16:37:20.0369 3352 RDPWD - ok
16:37:20.0510 3352 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys
16:37:20.0582 3352 RivaTuner64 - ok
16:37:20.0636 3352 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:37:20.0760 3352 rspndr - ok
16:37:20.0820 3352 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
16:37:21.0021 3352 RTL8169 - ok
16:37:21.0137 3352 SaiK0728 (86044d29e67b27f8bb80b381486bc1ed) C:\Windows\system32\DRIVERS\SaiK0728.sys
16:37:21.0237 3352 SaiK0728 - ok
16:37:21.0308 3352 SaiMini (adab3414e8864b77f4c68c96434b0043) C:\Windows\system32\DRIVERS\SaiMini.sys
16:37:21.0451 3352 SaiMini - ok
16:37:21.0479 3352 SaiNtBus (652ac63c3c9b6b6d5f9862ff2374b9da) C:\Windows\system32\drivers\SaiBus.sys
16:37:21.0545 3352 SaiNtBus - ok
16:37:21.0695 3352 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:37:21.0754 3352 sbp2port - ok
16:37:21.0845 3352 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:37:22.0031 3352 secdrv - ok
16:37:22.0352 3352 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
16:37:22.0483 3352 Serenum - ok
16:37:22.0542 3352 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
16:37:22.0691 3352 Serial - ok
16:37:22.0783 3352 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:37:22.0880 3352 sermouse - ok
16:37:23.0058 3352 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
16:37:23.0256 3352 sffdisk - ok
16:37:23.0314 3352 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:37:23.0405 3352 sffp_mmc - ok
16:37:23.0566 3352 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
16:37:23.0708 3352 sffp_sd - ok
16:37:23.0973 3352 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:37:24.0084 3352 sfloppy - ok
16:37:24.0371 3352 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:37:24.0403 3352 SiSRaid2 - ok
16:37:24.0463 3352 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:37:24.0505 3352 SiSRaid4 - ok
16:37:24.0572 3352 skfiltv (01acb9228c303de1fff82b807d28b2b0) C:\Windows\system32\drivers\skfiltv.sys
16:37:24.0637 3352 skfiltv - ok
16:37:24.0836 3352 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:37:24.0928 3352 Smb - ok
16:37:24.0968 3352 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:37:25.0024 3352 spldr - ok
16:37:25.0095 3352 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
16:37:25.0095 3352 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
16:37:25.0099 3352 sptd ( LockedFile.Multi.Generic ) - warning
16:37:25.0100 3352 sptd - detected LockedFile.Multi.Generic (1)
16:37:25.0274 3352 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:37:25.0417 3352 srv - ok
16:37:25.0567 3352 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:37:25.0675 3352 srv2 - ok
16:37:25.0710 3352 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:37:25.0805 3352 srvnet - ok
16:37:25.0869 3352 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:37:25.0899 3352 swenum - ok
16:37:25.0953 3352 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:37:25.0983 3352 Symc8xx - ok
16:37:26.0011 3352 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:37:26.0041 3352 Sym_hi - ok
16:37:26.0085 3352 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:37:26.0115 3352 Sym_u3 - ok
16:37:26.0177 3352 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
16:37:26.0253 3352 taphss - ok
16:37:26.0528 3352 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
16:37:26.0872 3352 Tcpip - ok
16:37:26.0983 3352 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
16:37:27.0097 3352 Tcpip6 - ok
16:37:27.0167 3352 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
16:37:27.0232 3352 tcpipreg - ok
16:37:27.0282 3352 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:37:27.0386 3352 TDPIPE - ok
16:37:27.0416 3352 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:37:27.0543 3352 TDTCP - ok
16:37:27.0646 3352 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:37:27.0748 3352 tdx - ok
16:37:27.0787 3352 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:37:27.0848 3352 TermDD - ok
16:37:27.0902 3352 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:37:27.0976 3352 tssecsrv - ok
16:37:28.0058 3352 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:37:28.0139 3352 tunmp - ok
16:37:28.0182 3352 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
16:37:28.0286 3352 tunnel - ok
16:37:28.0418 3352 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:37:28.0495 3352 uagp35 - ok
16:37:28.0581 3352 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:37:28.0680 3352 udfs - ok
16:37:28.0739 3352 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:37:28.0775 3352 uliagpkx - ok
16:37:28.0873 3352 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:37:28.0927 3352 uliahci - ok
16:37:29.0055 3352 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:37:29.0122 3352 UlSata - ok
16:37:29.0219 3352 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:37:29.0263 3352 ulsata2 - ok
16:37:29.0315 3352 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:37:29.0428 3352 umbus - ok
16:37:29.0467 3352 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
16:37:29.0536 3352 UMPass - ok
16:37:29.0617 3352 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:37:29.0685 3352 USBAAPL64 - ok
16:37:29.0747 3352 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
16:37:29.0840 3352 usbaudio - ok
16:37:29.0897 3352 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:37:29.0960 3352 usbccgp - ok
16:37:29.0995 3352 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
16:37:30.0090 3352 usbcir - ok
16:37:30.0152 3352 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
16:37:30.0210 3352 usbehci - ok
16:37:30.0261 3352 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
16:37:30.0357 3352 usbhub - ok
16:37:30.0428 3352 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
16:37:30.0590 3352 usbohci - ok
16:37:30.0820 3352 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
16:37:30.0913 3352 usbprint - ok
16:37:30.0989 3352 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
16:37:31.0063 3352 usbscan - ok
16:37:31.0172 3352 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:37:31.0262 3352 USBSTOR - ok
16:37:31.0301 3352 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:37:31.0380 3352 usbuhci - ok
16:37:31.0442 3352 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
16:37:31.0542 3352 usbvideo - ok
16:37:31.0657 3352 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:37:31.0829 3352 vga - ok
16:37:31.0956 3352 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:37:32.0041 3352 VgaSave - ok
16:37:32.0070 3352 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:37:32.0140 3352 viaide - ok
16:37:32.0174 3352 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:37:32.0212 3352 volmgr - ok
16:37:32.0292 3352 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:37:32.0366 3352 volmgrx - ok
16:37:32.0431 3352 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:37:32.0488 3352 volsnap - ok
16:37:32.0528 3352 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:37:32.0566 3352 vsmraid - ok
16:37:32.0607 3352 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:37:32.0735 3352 WacomPen - ok
16:37:32.0959 3352 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:37:33.0046 3352 Wanarp - ok
16:37:33.0054 3352 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:37:33.0114 3352 Wanarpv6 - ok
16:37:33.0213 3352 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:37:33.0254 3352 Wd - ok
16:37:33.0348 3352 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
16:37:33.0494 3352 Wdf01000 - ok
16:37:33.0605 3352 WmBEnum (14dc5897bc6c4e03c023ad80abb7f539) C:\Windows\system32\drivers\WmBEnum.sys
16:37:33.0638 3352 WmBEnum - ok
16:37:33.0690 3352 WmFilter (2de0a0cea49972c82c7e9d36bd4c1247) C:\Windows\system32\drivers\WmFilter.sys
16:37:33.0730 3352 WmFilter - ok
16:37:33.0763 3352 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
16:37:33.0835 3352 WmiAcpi - ok
16:37:33.0883 3352 WmVirHid (53c12ae1183f3f7787f1f1835001ccc0) C:\Windows\system32\drivers\WmVirHid.sys
16:37:33.0919 3352 WmVirHid - ok
16:37:33.0946 3352 WmXlCore (c807e470cca24f5e479da4872a7d2121) C:\Windows\system32\drivers\WmXlCore.sys
16:37:33.0978 3352 WmXlCore - ok
16:37:34.0169 3352 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
16:37:34.0236 3352 WpdUsb - ok
16:37:34.0268 3352 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:37:34.0377 3352 ws2ifsl - ok
16:37:34.0426 3352 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:37:34.0522 3352 WSDPrintDevice - ok
16:37:34.0599 3352 WSDScan (c48e6ef92be6bfef9ee2430c42eaf2bd) C:\Windows\system32\DRIVERS\WSDScan.sys
16:37:34.0686 3352 WSDScan - ok
16:37:34.0745 3352 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:37:34.0847 3352 WUDFRd - ok
16:37:34.0879 3352 MBR (0x1B8) (0cc5f3a208a7a4c2ec4e3166af187de4) \Device\Harddisk0\DR0
16:37:34.0899 3352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:37:34.0899 3352 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:37:35.0389 3352 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:37:35.0389 3352 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:37:35.0398 3352 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
16:37:35.0491 3352 \Device\Harddisk1\DR1 - ok
16:37:35.0497 3352 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
16:37:35.0610 3352 \Device\Harddisk2\DR2 - ok
16:37:35.0645 3352 Boot (0x1200) (309392275d769ab38ac0cc07502359df) \Device\Harddisk0\DR0\Partition0
16:37:35.0680 3352 \Device\Harddisk0\DR0\Partition0 - ok
16:37:35.0685 3352 Boot (0x1200) (5bc0df43816f32698388fae1357dc910) \Device\Harddisk1\DR1\Partition0
16:37:35.0686 3352 \Device\Harddisk1\DR1\Partition0 - ok
16:37:35.0690 3352 Boot (0x1200) (be1430a3a5f24a9c30ace10154116133) \Device\Harddisk2\DR2\Partition0
16:37:35.0692 3352 \Device\Harddisk2\DR2\Partition0 - ok
16:37:35.0693 3352 ============================================================
16:37:35.0693 3352 Scan finished
16:37:35.0693 3352 ============================================================
16:37:35.0711 1252 Detected object count: 3
16:37:35.0711 1252 Actual detected object count: 3
16:38:19.0676 1252 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:38:19.0677 1252 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:38:19.0863 1252 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:38:19.0864 1252 \Device\Harddisk0\DR0 - ok
16:38:19.0866 1252 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:38:19.0866 1252 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:38:19.0866 1252 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:38:32.0398 3892 Deinitialize success

Edited by Seran, 26 January 2012 - 06:07 PM.

#5
Seran

Posted 26 January 2012 - 06:07 PM

Member

Topic Starter
Member
37 posts

I'm still in the process of aswMBR scan.

#6
RKinner

Posted 26 January 2012 - 06:29 PM

Malware Expert

Expert
24,625 posts

But did you turn off Tea-Timer as I asked?

I don't need a play by play just post the logs when you get them. You will need to rerun TDSSKiller and let it Delete:

16:38:19.0866 1252 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:38:19.0866 1252 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#7
Seran

Posted 26 January 2012 - 06:36 PM

Member

Topic Starter
Member
37 posts

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-26 17:47:43
-----------------------------
17:47:43.628 OS Version: Windows x64 6.0.6002 Service Pack 2
17:47:43.628 Number of processors: 2 586 0x1706
17:47:43.629 ComputerName: AWESOME UserName: Martin
17:47:44.867 Initialize success
17:50:30.087 AVAST engine defs: 12012602
17:51:39.802 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-5
17:51:39.805 Disk 0 Vendor: ST3250310NS SN04 Size: 238474MB BusType: 3
17:51:39.808 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-6
17:51:39.811 Disk 1 Vendor: ST3250310NS SN04 Size: 238474MB BusType: 3
17:51:39.814 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2
17:51:39.816 Disk 2 Vendor: ST3320613AS CC2J Size: 305245MB BusType: 3
17:51:39.836 Disk 0 MBR read successfully
17:51:39.839 Disk 0 MBR scan
17:51:39.845 Disk 0 unknown MBR code
17:51:39.851 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 2048
17:51:39.858 Service scanning
17:51:40.644 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
17:51:40.748 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:51:41.350 Modules scanning
17:51:41.356 Disk 0 trace - called modules:
17:51:41.365 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80047bf2c0]<<spja.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:51:41.370 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cb84c0]
17:51:41.376 3 CLASSPNP.SYS[fffffa6000fd1c33] -> nt!IofCallDriver -> [0xfffffa800494d580]
17:51:41.381 5 acpi.sys[fffffa6000b7ffde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa800495c940]
17:51:41.386 \Driver\atapi[0xfffffa80049073c0] -> IRP_MJ_CREATE -> 0xfffffa80047bf2c0
17:51:42.088 AVAST engine scan C:\Windows
17:51:45.329 AVAST engine scan C:\Windows\system32
17:55:39.398 AVAST engine scan C:\Windows\system32\drivers
17:56:03.721 AVAST engine scan C:\Users\Martin
18:13:41.995 AVAST engine scan C:\ProgramData
18:28:42.205 Scan finished successfully
18:29:20.119 Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
18:29:20.128 The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"

#8
Seran

Posted 26 January 2012 - 06:38 PM

Member

Topic Starter
Member
37 posts

But did you turn off Tea-Timer as I asked?

I don't need a play by play just post the logs when you get them. You will need to rerun TDSSKiller and let it Delete:

16:38:19.0866 1252 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:38:19.0866 1252 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Oh ok. Sorry, I forgot about the Teatimer for TDSS... I did it for COmbo fix though. I'll do it one more time and post log.

#9
Seran

Posted 26 January 2012 - 06:52 PM

Member

Topic Starter
Member
37 posts

OTL logfile created on: 1/26/2012 18:30:59 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 41.76% Memory free
8.22 Gb Paging File | 5.79 Gb Available in Paging File | 70.41% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 52.66 Gb Free Space | 22.61% Space Free | Partition Type: NTFS
Drive F: | 221.45 Gb Total Space | 25.17 Gb Free Space | 11.37% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 251.47 Gb Free Space | 84.36% Space Free | Partition Type: NTFS

Computer Name: AWESOME | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/26 17:46:40 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Martin\Desktop\aswMBR.exe
PRC - [2012/01/26 03:38:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/31 22:58:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/04 14:44:24 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/08/04 14:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/05/25 00:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/05 13:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/07/24 17:23:04 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 03:00:00 | 000,077,824 | ---- | M] () -- F:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/08 13:55:46 | 000,076,800 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\components\RadioWMPCoreGecko9.dll
MOD - [2011/12/31 22:58:03 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/15 22:47:17 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/20 21:35:00 | 000,247,400 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010/12/21 05:16:42 | 000,498,760 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2008/05/02 03:00:00 | 000,077,824 | ---- | M] () -- F:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/05/02 01:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/18 22:39:22 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/05/25 00:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/11 04:10:34 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- f:\Program Files (x86)\Steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2010/04/05 13:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/24 17:23:04 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/06/30 02:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/06/22 20:47:58 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/04/29 12:40:54 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/03 01:54:56 | 001,486,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atinavrr.sys -- (ATIAVPCI)
DRV:64bit: - [2009/06/02 18:11:05 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 00:16:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/04/01 12:43:00 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/05 14:14:40 | 000,135,168 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SaiK0728.sys -- (SaiK0728)
DRV:64bit: - [2009/01/13 19:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 19:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 19:14:30 | 000,034,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/01/13 19:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/11/04 12:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune)
DRV:64bit: - [2008/08/14 05:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2008/04/22 07:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/02/29 02:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008/02/29 02:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008/02/29 02:16:20 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008/02/18 08:20:21 | 000,041,216 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2008/02/18 08:20:21 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2008/01/20 20:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/09/28 23:30:46 | 000,091,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2007/06/25 04:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV - [2011/03/13 20:37:55 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2010/04/01 00:35:46 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/03/28 17:52:23 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007/09/07 13:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9
FF - prefs.js..extensions.enabledItems: {0002ee26-8c11-49eb-9cdf-56eeffef664f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "http://radiobar.tool...spx?srch=ku&q="
FF - prefs.js..network.proxy.backup.ftp: "localhost"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "localhost"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Martin\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox [2010/09/07 14:25:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/31 22:58:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 17:34:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Martin\Program Files (x86)\DNA [2009/02/25 12:01:28 | 000,000,000 | ---D | M]

[2008/09/03 11:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Extensions
[2012/01/25 00:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions
[2012/01/09 02:32:35 | 000,000,000 | ---D | M] (HotSpot International Community Toolbar) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}
[2012/01/05 00:13:49 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/04/27 17:07:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/24 09:35:25 | 000,001,490 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\searchplugins\AIM Search.xml
[2009/02/25 12:31:58 | 000,000,682 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\searchplugins\ask.xml
[2011/02/11 19:08:19 | 000,002,572 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\searchplugins\askcom.xml
[2010/03/02 02:20:25 | 000,001,589 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\searchplugins\web-search.xml
[2012/01/24 23:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/22 17:02:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D69MVSBF.DEFAULT\EXTENSIONS\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D69MVSBF.DEFAULT\EXTENSIONS\[email protected]
[2011/12/31 22:58:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/09/03 18:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2009/08/24 09:35:25 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AIM Search.xml
[2011/10/05 19:00:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/13 19:50:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Entanglement = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\
CHR - Extension: Poppit = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: 4chan Plus = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.3.2_0\

O1 HOSTS File: ([2012/01/26 17:08:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe (Samsung Electronics Co. Ltd.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [SpybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk = C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{570A8F11-512F-4F69-959F-B51B1B99A90B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Martin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NCProTray.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk - C:\Program Files (x86)\Logitech\Ereg\eReg.exe - (Leader Technologies/Logitech)
MsConfig:64bit - StartUpFolder: C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Users\Martin\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: googletalk - hkey= - key= - C:\Users\Martin\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - F:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\RaidTool\xInsIDE.exe ()
MsConfig:64bit - StartUpReg: Logitech Vid - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LogitechCommunicationsManager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig:64bit - StartUpReg: LWS - hkey= - key= - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: ManyCam - hkey= - key= - C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - F:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.MP42 - C:\Windows\SysWow64\MPG4C32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\Windows\SysWow64\MPG4C32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\Windows\SysWow64\MPG4C32.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/26 17:46:12 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Martin\Desktop\aswMBR.exe
[2012/01/26 17:08:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/26 17:05:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/26 17:05:39 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\temp
[2012/01/26 16:48:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/26 16:48:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/26 16:48:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/26 16:48:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/26 16:48:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/26 16:46:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/26 16:45:11 | 004,391,143 | R--- | C] (Swearware) -- C:\Users\Martin\Desktop\ComboFix.exe
[2012/01/26 16:34:22 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Martin\Desktop\tdsskiller.exe
[2012/01/26 16:27:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/26 03:50:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\DoctorWeb
[2012/01/26 03:37:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012/01/25 05:59:15 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\omg
[2012/01/25 05:27:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/01/24 00:03:36 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/01/24 00:03:06 | 000,000,000 | ---D | C] -- C:\Windows\Windows Defender Offline
[2012/01/20 20:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(24)
[2012/01/16 09:18:13 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{147F3C47-C3C8-415A-9D09-AA87B05DB04B}
[2012/01/16 09:17:58 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{C897CB32-FAA0-4B97-90F4-9C7B87C080BD}
[2012/01/12 09:39:41 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/12 09:39:41 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/11 19:54:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\SanctionedMedia
[2012/01/11 06:00:34 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 06:00:33 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 06:00:33 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 06:00:33 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 06:00:27 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 06:00:25 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2012/01/11 06:00:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll
[2012/01/11 06:00:25 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll
[2012/01/11 06:00:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll
[2012/01/11 06:00:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll
[2012/01/11 06:00:21 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/01/11 05:59:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 05:59:58 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/06 04:22:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2012/01/06 04:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012/01/06 04:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP495 series
[2012/01/02 08:59:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\PCPro
[2012/01/02 08:59:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\PC Cleaners
[2012/01/02 08:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/01/02 08:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleaners
[2012/01/02 08:30:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\DriverCure
[2012/01/02 08:30:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\SpeedyPC Software
[2012/01/02 08:29:00 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/02 03:34:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{49399A44-1A4F-4089-86BB-40988C4B4805}
[2012/01/02 03:34:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{B2D07F23-E548-4645-9C27-F60D7FDB4A35}
[2011/12/31 22:24:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\SWTOR
[2011/12/31 22:24:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\HeroBlade Logs
[2011/12/31 21:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2011/12/30 04:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/12/30 04:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/12/30 04:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/12/30 03:46:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\Adobe Photoshop CS5.1
[2011/12/30 03:45:20 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/30 03:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2011/12/29 03:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG
[2011/12/29 03:15:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Intelli-studio
[2011/12/29 03:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung

========== Files - Modified Within 30 Days ==========

[2012/01/26 18:36:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C981F5F3-A80C-4717-8C57-AC69E0E9BED3}.job
[2012/01/26 18:29:20 | 000,000,512 | ---- | M] () -- C:\Users\Martin\Desktop\MBR.dat
[2012/01/26 17:58:07 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2836959131-4068810153-2499601522-1000UA.job
[2012/01/26 17:46:40 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Martin\Desktop\aswMBR.exe
[2012/01/26 17:14:16 | 000,706,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/26 17:14:16 | 000,606,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/26 17:14:16 | 000,104,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/26 17:08:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/26 17:07:54 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 17:07:54 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 17:07:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/26 16:58:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2836959131-4068810153-2499601522-1000Core.job
[2012/01/26 16:45:59 | 004,391,143 | R--- | M] (Swearware) -- C:\Users\Martin\Desktop\ComboFix.exe
[2012/01/26 16:36:14 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Martin\Desktop\tdsskiller.exe
[2012/01/26 16:14:43 | 000,000,619 | ---- | M] () -- C:\Windows\wininit.ini
[2012/01/26 04:56:42 | 000,000,732 | ---- | M] () -- C:\Users\Martin\AppData\Local\d3d9caps64.dat
[2012/01/26 04:23:36 | 000,000,691 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\GetValue.vbs
[2012/01/26 04:23:36 | 000,000,035 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\SetValue.bat
[2012/01/26 03:38:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012/01/26 03:34:38 | 000,001,356 | ---- | M] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat
[2012/01/26 03:34:34 | 000,002,277 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/26 03:01:10 | 402,326,754 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/24 18:10:11 | 000,008,431 | ---- | M] () -- C:\ProgramData\22cd857d
[2012/01/23 03:32:36 | 000,000,272 | ---- | M] () -- C:\Users\Martin\AppData\Local\~AHjs55iiYfoKZz
[2012/01/23 03:32:36 | 000,000,168 | ---- | M] () -- C:\Users\Martin\AppData\Local\~AHjs55iiYfoKZzr
[2012/01/23 00:29:40 | 000,000,336 | ---- | M] () -- C:\Users\Martin\AppData\Local\AHjs55iiYfoKZz
[2012/01/19 12:29:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/19 11:50:31 | 000,440,236 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120125-055126.backup
[2012/01/12 09:48:53 | 000,440,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120119-115031.backup
[2012/01/09 01:58:02 | 000,001,999 | ---- | M] () -- C:\Users\Martin\Desktop\Spybot - Search & Destroy.lnk
[2012/01/09 01:54:32 | 000,001,151 | ---- | M] () -- C:\Users\Martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/06 04:13:35 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2012/01/06 04:05:54 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2012/01/06 03:46:48 | 000,439,959 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120112-094853.backup
[2012/01/02 04:10:56 | 000,012,630 | -HS- | M] () -- C:\Users\Martin\AppData\Local\xlt745ig3wqn56yo7h712l8rwidbr1xs8xcjm
[2012/01/02 04:10:56 | 000,012,630 | -HS- | M] () -- C:\ProgramData\xlt745ig3wqn56yo7h712l8rwidbr1xs8xcjm
[2011/12/31 21:44:14 | 000,000,760 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/30 08:59:27 | 004,814,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/30 03:45:16 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/12/30 03:44:48 | 002,479,184 | ---- | M] () -- C:\Users\Martin\Desktop\AdobeDownloadAssistant.exe
[2011/12/29 02:22:52 | 001,033,030 | ---- | M] () -- C:\Users\Martin\Desktop\SAM_0023.JPG

========== Files Created - No Company Name ==========

[2012/01/26 18:29:20 | 000,000,512 | ---- | C] () -- C:\Users\Martin\Desktop\MBR.dat
[2012/01/26 16:48:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/26 16:48:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/26 16:48:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/26 16:48:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/26 16:48:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/26 03:01:10 | 402,326,754 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/25 05:39:08 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/01/25 05:29:34 | 000,000,691 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\GetValue.vbs
[2012/01/25 05:29:34 | 000,000,035 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\SetValue.bat
[2012/01/24 23:12:48 | 000,000,619 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/24 17:59:31 | 000,008,431 | ---- | C] () -- C:\ProgramData\22cd857d
[2012/01/23 00:29:52 | 000,000,272 | ---- | C] () -- C:\Users\Martin\AppData\Local\~AHjs55iiYfoKZz
[2012/01/23 00:29:52 | 000,000,168 | ---- | C] () -- C:\Users\Martin\AppData\Local\~AHjs55iiYfoKZzr
[2012/01/23 00:29:40 | 000,000,336 | ---- | C] () -- C:\Users\Martin\AppData\Local\AHjs55iiYfoKZz
[2012/01/12 07:10:43 | 000,000,732 | ---- | C] () -- C:\Users\Martin\AppData\Local\d3d9caps64.dat
[2012/01/09 01:58:02 | 000,001,999 | ---- | C] () -- C:\Users\Martin\Desktop\Spybot - Search & Destroy.lnk
[2012/01/06 04:13:35 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2012/01/06 04:05:54 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
[2012/01/02 02:47:50 | 000,012,630 | -HS- | C] () -- C:\Users\Martin\AppData\Local\xlt745ig3wqn56yo7h712l8rwidbr1xs8xcjm
[2012/01/02 02:47:50 | 000,012,630 | -HS- | C] () -- C:\ProgramData\xlt745ig3wqn56yo7h712l8rwidbr1xs8xcjm
[2011/12/31 21:44:14 | 000,000,760 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011/12/30 04:08:38 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
[2011/12/30 04:05:09 | 000,000,980 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/12/30 04:04:24 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/12/30 04:02:41 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/12/30 04:02:31 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/12/30 04:01:39 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/12/30 03:45:16 | 000,000,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/12/30 03:45:16 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/12/30 03:44:44 | 002,479,184 | ---- | C] () -- C:\Users\Martin\Desktop\AdobeDownloadAssistant.exe
[2011/12/29 03:17:15 | 001,033,030 | ---- | C] () -- C:\Users\Martin\Desktop\SAM_0023.JPG
[2011/11/15 22:38:15 | 000,001,356 | ---- | C] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/05/20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/01/26 09:45:32 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/23 20:41:22 | 000,000,291 | ---- | C] () -- C:\Windows\vtmb.ini
[2011/01/20 03:01:57 | 000,000,174 | ---- | C] () -- C:\Users\Martin\AppData\Local\RAExpertHistory.xml
[2011/01/20 03:01:20 | 000,000,174 | ---- | C] () -- C:\Users\Martin\AppData\Local\rahistory.xml
[2011/01/04 16:37:46 | 000,024,576 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/08 15:23:28 | 000,204,848 | ---- | C] () -- C:\Windows\SysWow64\gswin32c.exe
[2009/06/22 14:21:44 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/11 19:25:39 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2009/06/08 18:51:10 | 000,000,760 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\setup_ldm.iss
[2009/05/26 12:19:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/26 12:18:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/05/26 12:18:27 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/30 22:10:58 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/04/09 09:23:57 | 000,084,362 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/03/29 12:36:14 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/03/01 23:54:34 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2009/03/01 23:54:34 | 000,036,110 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat
[2008/09/29 18:41:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/25 15:52:38 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008/09/19 00:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008/09/19 00:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2008/09/05 19:29:28 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2008/09/05 19:29:26 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2008/09/05 19:29:14 | 000,000,328 | ---- | C] () -- C:\Windows\game.ini
[2008/09/03 08:58:52 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/09/02 21:05:14 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/21 00:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/09/23 06:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\SysWow64\cygxml2-2.dll
[2003/08/10 08:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\SysWow64\cygiconv-2.dll
[2003/08/08 18:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2009/02/10 04:23:36 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\acccore
[2011/12/30 04:20:29 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Adobe
[2009/12/08 21:06:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Amazon
[2012/01/26 03:34:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Apple Computer
[2008/09/27 12:41:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Bioshock
[2010/09/28 05:54:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Bioshock2
[2009/05/17 12:39:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Braid
[2012/01/06 04:14:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canon
[2011/12/30 03:45:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/10/31 14:50:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/05 18:15:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008/09/11 17:38:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\CyberLink
[2009/01/19 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DivX
[2009/02/26 02:01:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DNA
[2012/01/02 08:30:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DriverCure
[2010/11/09 21:20:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\dvdcss
[2011/02/15 21:52:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FKRMonitor
[2009/02/18 23:20:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Games
[2012/01/12 06:36:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GlarySoft
[2008/12/08 13:06:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Google
[2010/12/07 20:07:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\gtk-2.0
[2009/04/01 15:34:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Hamachi
[2008/09/03 15:41:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\HP
[2008/09/02 21:18:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\InstallShield
[2011/12/29 06:27:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Intelli-studio
[2008/09/03 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech
[2008/09/03 08:51:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Logitech
[2010/06/16 01:33:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LolClient
[2011/08/23 17:17:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Macromedia
[2011/02/28 18:22:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MAGIX
[2010/08/31 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ManyCam
[2006/11/02 09:07:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Media Center Programs
[2011/04/17 07:43:31 | 000,000,000 | --SD | M] -- C:\Users\Martin\AppData\Roaming\Microsoft
[2008/09/03 11:27:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mozilla
[2010/10/23 08:09:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\NVIDIA
[2009/01/10 16:59:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org
[2009/01/10 16:42:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org2
[2009/04/07 02:06:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Opera
[2010/08/28 01:15:15 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Pamela
[2012/01/02 08:59:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PC Cleaners
[2012/01/02 09:05:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PCPro
[2008/09/02 21:49:54 | 000,000,000 | RH-D | M] -- C:\Users\Martin\AppData\Roaming\SecuROM
[2012/01/26 18:34:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Skype
[2011/07/06 02:58:01 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\skypePM
[2012/01/02 08:30:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SpeedyPC Software
[2012/01/24 22:38:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SystemRequirementsLab
[2008/09/06 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\The Longest Journey
[2010/01/13 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Tropico 3 Demo
[2010/03/09 12:20:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ubisoft
[2011/04/18 04:12:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Unity
[2012/01/24 22:29:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\uTorrent
[2008/12/07 22:40:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ventrilo
[2012/01/15 19:08:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\vlc
[2009/04/07 01:18:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Windows Live Writer
[2009/06/02 17:58:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\WinRAR
[2010/08/24 23:12:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\WNR
[2010/02/11 02:33:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Yahoo!

< MD5 for: EXPLORER.EXE >
[2009/11/02 21:10:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=1B60E5C5EEB4732D74F06B5ADBF969D9 -- C:\Users\Martin\Favorites\Kiilki for 7\System Files x86\explorer.exe
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 00:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 20:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 00:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 23:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 20:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 20:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache86\svchost.exe
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\ERDNT\cache64\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 20:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/31 22:58:01 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/31 22:58:01 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/31 22:58:01 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2011/12/31 22:58:03 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/12/31 22:58:03 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/31 22:58:03 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/04/06 18:20:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/04/06 18:20:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/04/06 18:20:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/04/06 18:20:14 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/04/06 18:20:14 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand [2011/07/07 00:46:27 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand [2011/07/07 00:46:27 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser [2011/07/07 00:46:27 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe" [2011/07/07 00:46:27 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/06 18:20:01 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/06 18:20:01 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/06 18:20:01 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/04/06 18:20:14 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %PROGRAMFILES(X86)%\INTERNET EXPLORER\IEXPLORE.EXE [2011/04/06 18:20:14 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

OTL Extras logfile created on: 1/26/2012 18:30:59 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Martin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 41.76% Memory free
8.22 Gb Paging File | 5.79 Gb Available in Paging File | 70.41% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 52.66 Gb Free Space | 22.61% Space Free | Partition Type: NTFS
Drive F: | 221.45 Gb Total Space | 25.17 Gb Free Space | 11.37% Space Free | Partition Type: NTFS
Drive H: | 298.09 Gb Total Space | 251.47 Gb Free Space | 84.36% Space Free | Partition Type: NTFS

Computer Name: AWESOME | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\SysWow64\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\SysWow64\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 95 C9 7F 53 31 DE C9 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files (x86)\BitTorrent\bittorrent.exe" = F:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"F:\Program Files (x86)\BitTorrent\bittorrent.exe" = F:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10902FDE-51C1-45DB-AD2C-A9C3B2C85A7E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{160588FB-14B3-48BE-8974-AEE99B21F6DF}" = lport=3390 | protocol=6 | dir=in | app=system |
"{268AC1CD-1CD0-4482-9B63-93BBE92C1799}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{284144D9-E367-4CA5-B7B4-9261F3D90DD7}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3BAE7D84-2BF9-417D-960B-D3BB6A5580B2}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{4147AE44-6B5B-4B4F-9117-ABB87F6E2C5E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{421D8A62-5EA8-408E-96B9-1F49608AD4BF}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{45D11F92-5E7F-4610-8CE2-0C5A487E28F9}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{4E847EC9-AE4F-499E-A7C0-A4E33F84C569}" = lport=10244 | protocol=6 | dir=in | app=system |
"{537DD25E-9490-463A-8EF2-6D25BC9AC7B0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5CFEB31F-C645-4897-AB1A-CFD10A1A88D9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D46A33D-F345-44C9-994E-0B3267E618DF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5DBAE06B-77E8-42D7-8BBC-74822508182B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5FB0830A-B010-413E-B21B-3465320D1190}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{645B9713-3A86-4D92-9389-480537645BF7}" = rport=10244 | protocol=6 | dir=out | app=system |
"{65845993-9152-4FD5-BC8E-016F3204D24F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6794EEEC-88B0-46B6-873B-0CF9A838990F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{713C0E1D-BD60-4CE8-A815-F014F6CD12D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{778FB25F-B2FE-43F7-BA53-8759B8286384}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{951DC60E-B518-433A-BF7A-B4B1E691831D}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{95D05515-D827-495B-BB16-E4897B6BD99E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{963B2576-B83E-4096-94F9-263B9EE9319B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99F030E9-992F-4243-8F3D-CBAC8FEBCCE0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9B09A3DE-31AB-432D-A3F5-B4848E86D909}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{9C9F8102-4A10-4BD6-960D-CDC706644161}" = lport=3390 | protocol=6 | dir=in | app=system |
"{9F351C98-7D9B-471D-99AF-3DE30954F4E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A08CB4F6-9DA7-40C5-926C-DD74D06704AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A1AE8DDE-ED4F-4350-ABEE-A28D946BD929}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4BD56D5-9BB7-4853-8212-AE207E7AFD6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A61F4965-5812-49CE-BA77-0CD37C5473A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD1C338E-A7A3-4E0C-AF4C-963D673314FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B98E8D08-9414-47A2-9FDF-164070B718AD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFE86FFF-20D6-4CCD-B17D-FB81556990FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C733126F-EFBA-462F-B2C8-71E0052B4E69}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C87261D1-5CD1-4AD4-86A0-D0C56FB5728A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3172787-976C-4E3D-97C9-7827D27C207A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD40B5C4-9B47-4082-A5B1-18E097C1865A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAE24003-B768-4C35-95DA-7CE6647D757F}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{F1CE3002-3787-4C34-B06C-D161D624C53D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2402C5D-A4AD-4B3E-9DEB-87A2D8BD92DE}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{F84500AC-D35A-4071-B637-FB17F0809316}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FA8C4602-829D-4911-8499-A6C4078C9481}" = rport=10244 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014732E0-D8DE-48CD-B82A-9F0B26F42B62}" = protocol=17 | dir=in | app=c:\program files (x86)\proxy switcher standard\proxyswitcher.exe |
"{04B8ABB3-D80A-4FF9-A848-7682BD909898}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
"{0BC05873-5E00-42C2-85C3-47663FEE3391}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
"{0D4E5735-7CAC-4CFA-9440-1C534B684DBC}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{0DBA745D-33DF-40FE-8FB9-F6600F01F635}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the longest journey\game.exe |
"{10A0FCF9-6CA4-4749-89BD-71ED573ABB17}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{12D9BBA2-C6FF-41C5-AAE5-44E98F008932}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{130D021D-7189-4A1C-BDF7-30233D36468E}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{137D98D3-1FAC-484E-A50D-81166DBE311A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{147F5DBF-5231-4985-B2ED-1E2AB21C2EAA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord\overlord.exe |
"{149AFF27-2AD7-4CBE-9CE9-E731478547F8}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe |
"{14BC53A5-D762-452B-883B-B5CCF459B451}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{159382BD-8ED6-4ABF-8369-3339365CB25E}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
"{163C258E-E8F7-4381-81D3-FB03F0B5C244}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{19040C1A-E35A-4BF9-B3B5-A6C321F679BD}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{1BB2DCE7-E85F-4626-88C5-C40ADF18A4FC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DE61CBE-2DA9-4D82-8375-43F423CA6769}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F8EF1B4-7319-4281-86A3-6B6E917FE15D}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{21F35EF6-4DCE-400A-B306-E8D5C4EEC448}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{23420334-7AFC-45FD-B342-796D14695DA8}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2392AE28-EF28-4F33-9168-83FD4BA50096}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2659AA57-A8DA-46CF-AFCA-CDFFE36AA39D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28B45787-EDEF-4D73-9D70-2A1727AAA92E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{2D8FA5DA-B2A3-49AF-9C91-FF2C846D52C8}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{30A70AA4-4E5E-4FD7-B6A4-4F6B47B9DC05}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{31760F6D-B7D2-45D5-B2AA-3F003214F5CE}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-enus-downloader.exe |
"{31E22486-802B-4D84-B3DD-5EDB0A9DDD47}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{33CE82D0-AD51-41D0-8E7B-74357BDBFCD0}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{3715CEBF-EA00-4667-A1B1-69DD21237C30}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"{37F5938B-93CF-48D3-8ACB-86DC6AFD8B75}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3856EC51-B9E8-4D44-A105-B44B1FD899DA}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{38AA5C0D-0E4D-4B69-8550-0C20E98E38C0}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{3C970AD6-4624-44D4-BCBD-217586072CAA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3CB95592-9785-4236-B085-C165BE8B3499}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"{3DE9C696-EB74-4CC9-B279-C6C5D116116C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3DEB233E-C9D0-4E73-B59E-66EF668EF4FD}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\garrysmod\hl2.exe |
"{3DEF18C8-C720-436E-BB26-BC25EB8B5688}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{3EAA88D8-75AE-40BC-B0D0-F25A69DD5FF5}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the longest journey\game.exe |
"{3EBF0186-F695-4B27-B44F-73D2300BC318}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{3F12DA18-8A2E-42CB-A97F-19ACE4478A6D}" = protocol=17 | dir=in | app=f:\program files\ventrilo\ventrilo.exe |
"{4088B85D-69A6-4762-8AB1-A9865DCA725B}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike source\hl2.exe |
"{4167E077-71DD-46AD-945C-6F350FC8BDBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43A916D7-8546-449B-AB48-A7A06C0AC66F}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{445CE83D-AF6A-4DD8-8E38-F187F4D6C05A}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{44D9B262-48C9-4CD4-A0BC-CB6C83242A99}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike source\hl2.exe |
"{460D938A-3E63-407F-96E8-EBEA858A330F}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{47463E26-6004-4144-8E00-F7B269221857}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{478334CF-719C-49B5-9A07-79BC8498E0E5}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike\hl.exe |
"{4C18A33B-AABC-45D5-9529-A2493274901A}" = protocol=6 | dir=in | app=f:\program files\ventrilo\ventrilo.exe |
"{4E016C75-CBDE-430A-8D2E-49BC5B7C253F}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{4E81C7A8-272A-4BB0-8D5E-458D6E091436}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{541AC8A2-CE79-427C-96BD-8EDBE75432D2}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\stcc demo\config.exe |
"{5599C4DF-8283-4EE7-87F9-253410A1AF50}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{58D09247-1D19-4C9D-B6A3-8151526C343D}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{58F3D7E7-4308-4CB7-8EEB-058F616085C9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{593D5F06-5852-4411-BA4B-DFE92B0AAA4C}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{5DA3C74A-5BE3-482D-B247-48D606E7EA04}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5F80E4C7-6BCA-48A9-B170-BF1313C675AC}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{5F827731-382D-4EE4-B18D-253B2922349D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5FCDCE9F-9149-4489-8CE7-67111F967B0B}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe |
"{5FD69907-FA0D-4395-93B7-8C48D6EB59FC}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{617A1B48-BEF3-40F5-9AF5-6CEA415A05F0}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{63ED2B26-6E15-45EF-B13D-8A1A8A382375}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{65021D51-3967-4A35-A07B-1BC041BCDE01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66698C43-028D-4320-88B6-29681FC8554A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{67F656C4-7060-4556-8428-4FA333BB0A72}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{693DD1E5-E147-40FC-951D-FA34D495B354}" = protocol=17 | dir=in | app=c:\program files (x86)\id software\enemy territory - quake wars\etqw.exe |
"{6A14C9D0-FF19-44A0-953E-7980FF2E4C14}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yserver.exe |
"{6CF75216-A740-4D53-B2A4-74CBBB2CF755}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{6CFFAC40-CDC0-46A7-AB94-E5230E7D8523}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{6D7B2297-8DE8-4A32-8E85-56CD0900CBB1}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\r.u.s.e. free week end\ruse.exe |
"{6DA2171B-2387-466E-8033-06B4CAB02653}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\gun\gun.exe |
"{6E2E0517-8C1E-4161-9D6B-3B857186A7A1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{70663D43-839B-438E-B5CD-FE71269E273A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{70A2202B-5D98-4F81-A0FB-9DB1DCE291F8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{70A6A469-F97B-454A-AD7B-60382E019FC8}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{72692AE4-A835-43BA-81BB-F7E59022EAD9}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe |
"{729446E0-36AF-40AD-BA0F-2CD0A90A6A03}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{76E0101A-113B-4E79-83A1-053F444B01BC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{787E5C27-29FA-42C5-92DD-3402B18D0D91}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-enus-downloader.exe |
"{78A2E354-0815-4E53-9EA6-DAB1143E5B5B}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{7A7F40E8-58BB-4224-ADFC-143EE3B159ED}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7AE73FB0-9136-444E-8CB1-2F51EE0E17A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D81C720-72E5-451C-AF3A-2A91329EF9F3}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"{7FB5657E-EAE2-4359-BD7E-8CE3321A104E}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{7FE9DA86-BF48-4100-AFCD-80A6353F8BDB}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{80725982-D801-4A70-9379-F36F5DA0C277}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{81964403-6E9B-496D-88C8-D034181DB333}" = protocol=17 | dir=in | app=f:\program files (x86)\mass effect\binaries\masseffect.exe |
"{85CA8C04-D9A4-48C2-90DA-D03E7FE6368C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{85EC4BC0-0148-49B3-97AF-B9F75900E9D1}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{864D62DF-A590-478C-B49C-DC3F8BBDE265}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{89A2B304-BCDB-49F0-B003-89FDA3AC4AE3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{8B636194-17DE-4D33-8205-43834BAF510D}" = protocol=6 | dir=in | app=f:\program files (x86)\mass effect\masseffectlauncher.exe |
"{8BC640C0-7987-4467-8823-B788DEEDC936}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{8C5F7A76-D428-4212-82D0-0DCE650CFEC1}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{8D090E3B-41FD-4582-9B6B-1CB39B5C0EBF}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{8EE298C5-02CA-4265-90BF-55A0C9A68E36}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8EEF58FC-B807-4057-B16A-5F0C5774018D}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\stcc demo\stcc_demo_steam.exe |
"{8F038208-39A7-4840-A4DA-512E5DC75AA8}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\assassins creed\assassinscreed_game.exe |
"{91358567-E479-40E9-B35E-E376A48DB28B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{919D262A-91EB-4C8B-B55E-E3AF7486FAD8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{91FC23D8-D512-406F-A68F-57ED5588E3EF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{949F4A84-B91A-468C-BB33-BFDD4738F1A8}" = protocol=17 | dir=in | app=f:\program files (x86)\ea games\the battle for middle-earth ™\game.dat |
"{963A7624-FFEB-47B9-BFEC-DB30C59DCCED}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{96E0225E-2498-4681-A120-A63A4E17C298}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\killingfloor\system\kfed.exe |
"{975AF6CC-218F-48F3-9EAE-F155C3632F70}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{9771F090-3BA9-4D5B-B14E-DC696A5050A3}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steam.exe |
"{992E40DE-E3F2-4D21-AE9E-5D4312435B6A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\stcc demo\config.exe |
"{9AC60182-98D3-41AE-B0CF-851D825D9E40}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord\config.exe |
"{9C7B560E-BBB7-43E3-96AC-F5F4E009C17A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0A64C00-A21C-4F04-8F32-DBCCA372BC71}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe |
"{A16AC6B9-5BA9-4CE0-99A2-F82E8F4B7F33}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A2B126BA-4C24-4911-9842-4DA4D472167C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{A36DD0B4-DCCA-42EC-9B28-1308FA8E1B86}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"{A4301608-7C65-45EF-925F-E5B8473E8BE8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A6654B2F-F3E0-4104-8D2F-BAD3EF006B66}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{A678FA9C-6363-4302-BE61-B3CC8E749E85}" = protocol=6 | dir=in | app=c:\program files (x86)\id software\enemy territory - quake wars\etqwded.exe |
"{A9487EB4-2D2E-46E8-AC17-87BD2CDEFC6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB4FA445-B0E0-479C-B33C-6924721AB802}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\gun\gun.exe |
"{AB9BA9C0-C5D4-479E-AF03-731D27005445}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord\config.exe |
"{ABEB1AAA-A43A-4202-BD7C-3C17AAE641ED}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{ABF140FF-67D1-4388-A4C3-AF7DBC707395}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\r.u.s.e. free week end\ruse.exe |
"{ADE90486-BE7D-4129-8A2D-E60C32DEF093}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe |
"{AE3E9777-A5C6-48A4-B767-9F149D4EF649}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{AEA70EDD-6E17-43E6-95BC-3102ABF83E34}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{AEAE26FA-4918-47AD-B0E4-E79A63452595}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AFF438AD-CFDE-4991-90C6-81D5D3DAE457}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{B051D21C-E6AD-4D38-AF1C-C645093D91F3}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe |
"{B062BCBA-26BB-4871-A6AE-625136CF3950}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B21128B5-77E3-4CB8-B1FF-FDA04F2A868E}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{B52BEFE1-25CE-4709-9ED9-8F96E343B2B7}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{B6D98829-0464-446E-80A2-A8677A709DAE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B71C2DDD-4D39-4411-A42A-34D80D523F05}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\stcc demo\stcc_demo_steam.exe |
"{B8B24028-81F1-45B7-A846-8E8257D4F2B5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B92E5A80-03B3-4F9C-AF26-33C6D83FFD80}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{B9D665CA-C90F-406B-8C7F-9604A4EB768F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-enus-downloader.exe |
"{BA232B28-0C44-48FE-BC96-5C8AF1906401}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BB9F00A2-F6CF-4BF9-89B7-CAADA37C2EA6}" = protocol=17 | dir=in | app=c:\program files (x86)\id software\enemy territory - quake wars\etqwded.exe |
"{BC29BA05-0ECB-4423-8632-58680AEF96FB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BCC9CC81-6E35-4999-877A-8195479D97A3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{BD498686-2F71-41D6-93F5-9EC5C176B104}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
"{BDC64210-C9AB-4822-B7FD-4B40EA1611C3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{BF0D3DAD-80F2-4CCF-90AB-4D050EDE879D}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord ii\config.exe |
"{BF328C55-F4A7-4641-BA4D-6E5A25061EEC}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steam.exe |
"{C189C870-44EC-456F-A9AF-A34B3166F369}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C3C8B382-8CE4-4481-B2C2-358B529CDF36}" = protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{C572B594-E036-4E6F-9CA2-38D988E6788E}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{C57800D1-BD99-4B88-9389-39381427FA6A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{C7CB3087-09E8-43E0-AE23-171AEAA7EEF7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C8D49C94-59EB-423B-BDA1-26AD699F34BE}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\burnout™ paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{CDE50145-508F-4571-9F8C-BD128B138281}" = protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{CEC0344A-3050-440F-B59D-19744B114184}" = protocol=6 | dir=in | app=f:\program files (x86)\ea games\the battle for middle-earth ™\game.dat |
"{D2C623CF-36A7-4CEE-BCF6-87FCA7CFC842}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{D2F85320-A3C3-4FB9-AE07-F5F9DBBE907B}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
"{D6D86B03-0420-4EBC-BE5D-0B3C95E40C25}" = protocol=6 | dir=in | app=c:\program files (x86)\id software\enemy territory - quake wars\etqw.exe |
"{D768E6EF-0E6E-4A56-B5F0-E2D0504C740F}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{D8C6914B-8E83-45C0-9147-9C23C4995970}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D9758458-A8E6-4017-AE84-3D0DD97C58EA}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life\hl.exe |
"{DA1DD0DE-E9CF-45D6-A66E-92781D64F3E7}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yserver.exe |
"{DABACD59-FD7A-47E5-A571-C5209522BF0A}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\srcds.exe |
"{DB94FF5C-7B8A-4027-A4FF-A0B72CB2116B}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\overlord ii\overlord2.exe |
"{DC6F8F4A-B63A-400F-A9E7-4C2046F3AFCB}" = protocol=6 | dir=in | app=c:\program files (x86)\proxy switcher standard\proxyswitcher.exe |
"{DCE69E6B-42B4-44AB-B355-354F75D284F4}" = dir=in | app=f:\program files (x86)\itunes\itunes.exe |
"{E049A076-C2C9-4E61-9B41-3A41463FCCD4}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe |
"{E35D6242-1138-480E-893B-F30B18A2CE1B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E375E268-0643-4887-B618-703C193EFEE3}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{E5713833-B060-4323-8980-641BA733A60E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{E734A9B2-6C28-4588-BA39-7FCFB9F0E51F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{E9E35039-4DB6-4A1B-A0D5-5C0F0A482CA4}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{EA6B69EF-17C7-4D2E-B413-70315304E480}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm |
"{EAE80008-6583-4298-A434-8F27264F1A75}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{EB89C727-B702-402E-A6FE-29A11B09BAE8}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{EBB47F75-82C3-4B07-9691-DDDD3145210C}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{EE2A3386-B8EA-47B1-8051-CBCE10F85150}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{EF860CA2-17A0-4827-9262-3C9397D77A20}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe |
"{F07BC074-E493-4F38-8D85-993B70D68BD7}" = protocol=6 | dir=out | app=system |
"{F1BC6B30-6E27-4214-8877-0D09B4A928E3}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{F2DA8DCA-02CB-4DF7-9DB2-24EBF0ABC434}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{F409CEE8-B98E-4CBE-8AD0-DAC054E778A1}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life\hl.exe |
"{F523E687-72BB-447F-9A8E-D6149D8B067B}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{F5288469-4B52-4E0A-AD83-416910417D2A}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{F570A7F3-F615-45AE-B75B-4E7D3647498D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F5DBED18-10E9-40F9-A1A7-BE4DBB4709FE}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{F5FB7E79-CE11-4330-BFCB-8B73FA7DFAD4}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{F654215D-716B-415F-800D-D3C5AB07EC95}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-enus-downloader.exe |
"{F66A12F3-691E-4962-932D-BCA00F9F7322}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\garrysmod\hl2.exe |
"{F6A43E8B-DE04-437C-9F50-27D9B7502DEA}" = protocol=17 | dir=in | app=f:\program files (x86)\mass effect\masseffectlauncher.exe |
"{F89BF783-3E53-459B-8C26-EC37AE4C6BDC}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\srcds.exe |
"{F95EC79F-FCE9-4B0B-B83F-D11CB015D805}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FA22155D-BA3E-4EF6-AC78-13DC87938AC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FB667402-5057-4048-AA2F-867D748CF8FE}" = protocol=6 | dir=in | app=f:\program files (x86)\mass effect\binaries\masseffect.exe |
"{FD1522F6-468E-4C47-989B-497DE1EEEF91}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\america's army 3 dedicated server\binaries\myrunserver.bat |
"{FE58FEEB-6141-4461-BBCC-5CA08A2B7E8A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FF23786F-1B30-405C-8DC0-74547B35CF3E}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\docs\ea help\electronic_arts_technical_support.htm |
"{FF42FB44-302B-44DB-B456-6949AF6BD8D1}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\america's army 3 dedicated server\binaries\myrunserver.bat |
"{FFCA173D-8F9A-4B7D-952D-77B6C712FD6C}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike\hl.exe |
"TCP Query User{025A9BD4-858C-4AA9-8A03-76E38FB74977}D:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=6 | dir=in | app=d:\program files\microsoft games\shadowrun\shadowrun.exe |
"TCP Query User{059500F5-2767-45E5-9FC9-56B6FFD7A950}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{0848DCD1-291D-4971-89E4-DF5F6CB9EB37}F:\program files (x86)\steam\steamapps\terror_strike2004\half-life deathmatch source\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life deathmatch source\hl2.exe |
"TCP Query User{0D824A08-4522-46B3-A579-4E6FD8ACE640}C:\program files (x86)\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-1.12.0-enus-downloader.exe |
"TCP Query User{102507D3-1788-42B5-958D-DCA66469BAA7}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{19344FBC-2F92-405F-9A6B-6679B469E2D6}F:\program files (x86)\ea games\the battle for middle-earth ™\patchget.dat" = protocol=6 | dir=in | app=f:\program files (x86)\ea games\the battle for middle-earth ™\patchget.dat |
"TCP Query User{1F0FB096-EE7F-45DB-9DD6-2B58CCA05EC2}F:\program files (x86)\steam\steamapps\terror_strike2004\half-life\hl.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life\hl.exe |
"TCP Query User{1F57A0F7-E62D-435D-9AA0-306951C01C19}F:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scda-offline\system\splintercell4.exe |
"TCP Query User{258C99DC-D657-42FC-9310-C739EB2BDE0D}C:\program files\schwab\sspro\sspro.exe" = protocol=6 | dir=in | app=c:\program files\schwab\sspro\sspro.exe |
"TCP Query User{2855470D-DA66-4A7F-81D4-84410EFD009B}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"TCP Query User{2DDDF108-459D-4EB8-A4CF-4EE0A8DF1310}F:\program files (x86)\steam\steamapps\terror_strike2004\insurgency\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\insurgency\hl2.exe |
"TCP Query User{2FD442B1-DA2A-47EA-9389-2CD6864225B8}F:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source dedicated server\srcds.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source dedicated server\srcds.exe |
"TCP Query User{30D8425F-AA00-4660-9399-12B04521EE97}C:\users\martin\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\martin\program files (x86)\dna\btdna.exe |
"TCP Query User{31867614-8C2C-436F-AA42-EA2F3A2EB5A6}F:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"TCP Query User{38E25E0F-5A7C-4E2D-9DCF-E77045976F67}F:\program files (x86)\steam\steamapps\common\tshb\hyperbol_demo.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\tshb\hyperbol_demo.exe |
"TCP Query User{398158F9-6C8D-4A22-88DA-F260F5F41252}F:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe |
"TCP Query User{3B8C097F-53C0-403D-B4F6-3AA197C04926}H:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=h:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{5213F376-CF97-47AF-82D6-57F68CF07D6C}F:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike source\hl2.exe |
"TCP Query User{541660E1-F76D-41D0-961C-68690916F87B}F:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe |
"TCP Query User{56223887-C7D5-4698-A84D-AF0A21761212}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{5794F631-AA8E-4182-955E-BDE7185E3E4B}F:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{5F422E12-C5BB-4607-B312-7B97F9FF87F6}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{5FBF9898-C2E4-431D-B86D-C0E959235466}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{60C6283E-54C5-43AD-A23C-65ABF36A6CF3}C:\program files (x86)\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe |
"TCP Query User{618E94BD-0ABD-4485-BD3A-4EB42DBE9266}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{63DC5515-E3B4-4C75-A8F8-FD2BD74731AB}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe |
"TCP Query User{6BA2FBD1-1A49-40B4-B7C6-7C30B4E1B75B}F:\program files (x86)\steam\steamapps\terror_strike2004\dystopia\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\dystopia\hl2.exe |
"TCP Query User{6CB50EE6-EE5B-4D73-8CB9-F3A51FA0FCB9}C:\users\martin\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=c:\users\martin\downloads\downloader_starcraft_combo_enus.exe |
"TCP Query User{6E15E87A-AB72-4778-91DB-F9C29AA80B4E}F:\program files (x86)\steam\steamapps\common\left 4 dead demo\left4dead.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead demo\left4dead.exe |
"TCP Query User{6EE13B67-2A1B-4744-8B01-7B221B4449B9}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{7097A9BE-3FFA-4DF1-A934-5AE5318560F0}F:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe |
"TCP Query User{76780B4B-CBD5-4077-924F-1176CD45C478}C:\program files (x86)\net tools\nettools5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"TCP Query User{7DE69002-5F4B-48FD-A7B0-9480A5379EB0}F:\program files (x86)\steam\steamapps\terror_strike2004\eternal-silence\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\eternal-silence\hl2.exe |
"TCP Query User{8492964D-BEBE-4D95-92E1-9126D5F7AFE0}F:\program files (x86)\steam\steamapps\terror_strike2004\smashball\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\smashball\hl2.exe |
"TCP Query User{91AD109C-04FC-42B7-9960-4E054F3146EA}C:\program files (x86)\multiwinia\multiwinia.exe" = protocol=6 | dir=in | app=c:\program files (x86)\multiwinia\multiwinia.exe |
"TCP Query User{98972E02-D134-4670-AB4C-03229A18E509}F:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe |
"TCP Query User{99E5A9F7-1E3C-4D0D-B51F-7011A4D42665}F:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"TCP Query User{9EA9BB67-CF51-45BA-94C8-C07C29132EAD}F:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe |
"TCP Query User{A764DBAF-4F1C-49EE-BA3E-809E958143C6}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{AB7614CB-EF6C-4962-87C6-9DA65CF636FB}F:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"TCP Query User{AE385C42-E77D-4DF3-96E0-BEFE1DCE71E0}C:\users\martin\downloads\downloader_starcraft_combo_enus(2).exe" = protocol=6 | dir=in | app=c:\users\martin\downloads\downloader_starcraft_combo_enus(2).exe |
"TCP Query User{AF3DEAA8-F724-4D62-8C14-62948304375E}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{B52AA448-A854-4483-A846-DCD4AC854C5D}C:\program files (x86)\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe |
"TCP Query User{B8410D6C-CAA6-494D-AD3F-888E05A52F64}F:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=f:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{B8A26AEB-D39E-45EA-8F16-5A091A6D551D}F:\program files (x86)\steam\steamapps\common\assassin's creed 2\uplaybrowser.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\assassin's creed 2\uplaybrowser.exe |
"TCP Query User{BA43C2E4-4A4A-4C44-82DE-716B44405EE5}F:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe |
"TCP Query User{BAF7440C-C512-4FA8-90A6-D1FDDB472FB4}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{BB092845-A57E-4969-BB86-57B33C38549A}F:\program files (x86)\sierra\fear\fpupdate.exe" = protocol=6 | dir=in | app=f:\program files (x86)\sierra\fear\fpupdate.exe |
"TCP Query User{BC610624-26B2-40F5-A478-5E1919B05482}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{BE737120-A6BA-4CB8-8B71-17AD14FBF76C}F:\program files (x86)\steam\steamapps\terror_strike2004\diprip warm up\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\diprip warm up\hl2.exe |
"TCP Query User{C25D4FA1-9DAB-46F6-9F4A-EE84CC72EABC}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"TCP Query User{C51E3E38-5C82-46D0-B206-AB36532BCA87}F:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"TCP Query User{CB86DDF0-4872-4C1C-AF87-045EA17A0F29}F:\program files (x86)\steam\steamapps\terror_strike2004\source sdk base\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\source sdk base\hl2.exe |
"TCP Query User{D1209192-654C-4EA7-981C-0EA1D0016BE4}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{D38A4943-52CB-4F35-883A-3C0522844E3F}F:\program files (x86)\steam\steamapps\terror_strike2004\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life 2 deathmatch\hl2.exe |
"TCP Query User{D85A23B6-0701-4E38-AC50-A9A84304EE18}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"TCP Query User{D86C7187-BC89-44D6-8184-0EA46347B31F}F:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"TCP Query User{DB29DE00-6BDB-4583-BB58-C62B49328317}C:\program files (x86)\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe |
"TCP Query User{F14A2D21-8F61-42CB-A0F6-98DF7650A701}F:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe |
"TCP Query User{F5C72F74-3C93-4D9F-AE6D-1E8E3ED59063}C:\program files (x86)\mediamall\settingsmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamall\settingsmanager.exe |
"UDP Query User{060C46D7-EBDB-45A8-8221-6844DBE92011}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{093F2F49-5DF5-4192-899A-50660717F457}F:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=f:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{0EE9A85F-B207-45DA-A609-24B9ABECC89B}C:\program files (x86)\world of warcraft\wow-1.12.0-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-1.12.0-enus-downloader.exe |
"UDP Query User{26C1B9DB-3A58-43F0-A809-FCF343696979}F:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2.exe |
"UDP Query User{2806E026-0E89-477C-81BA-79D1D6CC69C6}C:\users\martin\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\martin\program files (x86)\dna\btdna.exe |
"UDP Query User{296432BD-CB98-41A6-A636-BD9A71B3F9A6}F:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\counter-strike source\hl2.exe |
"UDP Query User{2C9D3740-E9E8-4450-BC11-FA6B76C08EF5}F:\program files (x86)\steam\steamapps\common\left 4 dead demo\left4dead.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead demo\left4dead.exe |
"UDP Query User{2D489F28-BDE3-4417-AA0C-422088B837F6}F:\program files (x86)\steam\steamapps\common\assassin's creed 2\uplaybrowser.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\assassin's creed 2\uplaybrowser.exe |
"UDP Query User{2FA4FF67-2C92-437A-BFA1-774E0B43805B}C:\program files (x86)\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe |
"UDP Query User{3394A4B9-D3D5-43A9-B0CB-DB9414F213F6}C:\program files (x86)\mediamall\settingsmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamall\settingsmanager.exe |
"UDP Query User{369D9583-62BB-422B-8A68-C47028C95F04}F:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"UDP Query User{429F02F5-E59E-430C-94E3-AA9FA23C9C0C}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{4F0CD134-7116-4C9F-A11A-0F5004109D50}C:\program files (x86)\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe |
"UDP Query User{55161082-14DA-4269-AA2A-0C884C6FA65D}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{5D6154E9-6A60-4FA9-A5CF-0CF9481A92B5}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"UDP Query User{5E37C784-E72E-4F96-804E-D1E80EFB45B3}F:\program files (x86)\steam\steamapps\terror_strike2004\half-life deathmatch source\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life deathmatch source\hl2.exe |
"UDP Query User{60BC368D-2E80-44B5-9E8E-9A04EDF08BB1}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{62082973-5A53-4828-8B7B-D0A75E1A3589}F:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"UDP Query User{63034944-633E-4601-93B0-ED1D09202D8E}F:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe |
"UDP Query User{6884A1E2-FCA3-47CD-A463-8121E059B48A}F:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\splinter cell - double agent\scda-offline\system\splintercell4.exe |
"UDP Query User{77895878-0C3A-484D-A030-4D984F3A8D03}D:\program files\microsoft games\shadowrun\shadowrun.exe" = protocol=17 | dir=in | app=d:\program files\microsoft games\shadowrun\shadowrun.exe |
"UDP Query User{7C4036AF-BA75-439B-98A0-23BFBCF00361}F:\program files (x86)\steam\steamapps\terror_strike2004\source sdk base\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\source sdk base\hl2.exe |
"UDP Query User{7D823FD0-9521-43D8-8F8E-8EB8F744139B}F:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source dedicated server\srcds.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source dedicated server\srcds.exe |
"UDP Query User{7DFCD4BF-435E-4D4A-BDC1-230A86B7FD9B}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{7EAF2842-F676-49FA-BDDA-EEDDEDE80F7B}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"UDP Query User{7EBE9F5D-937E-4822-990B-80E2E4227427}C:\program files (x86)\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe |
"UDP Query User{81094E36-0C95-45B8-A99A-2ACC956F656E}F:\program files (x86)\steam\steamapps\terror_strike2004\eternal-silence\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\eternal-silence\hl2.exe |
"UDP Query User{81A3901D-4978-478D-A538-EED0D1E03EA9}F:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe |
"UDP Query User{836CF3F6-1ED0-4FA6-A238-2623F072D0EB}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{857744C7-297E-479B-9EFF-060C2204E368}F:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{88A761FE-61F4-4871-99DB-1B840C8B1136}C:\program files\schwab\sspro\sspro.exe" = protocol=17 | dir=in | app=c:\program files\schwab\sspro\sspro.exe |
"UDP Query User{8BB4BB45-9066-4337-A8AF-28E728291970}F:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe |
"UDP Query User{8CD510ED-D963-4393-9565-6A1B31C46AE3}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{92294910-F8AE-4D51-B6C6-6E808393C97C}F:\program files (x86)\steam\steamapps\terror_strike2004\diprip warm up\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\diprip warm up\hl2.exe |
"UDP Query User{988B49B0-40A9-41F5-97AF-84C12AF48C5E}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{A5D5C6EA-65D9-4CCC-B937-31A6FE7965BF}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{AC6B26A1-ADDF-43A1-965E-00B994B4ECFE}F:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"UDP Query User{ACF6D9D7-702C-45C2-93F3-1FBDA7A041B9}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{AED4A286-6B48-4957-885C-D6496F1AE88B}F:\program files (x86)\steam\steamapps\common\tshb\hyperbol_demo.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\tshb\hyperbol_demo.exe |
"UDP Query User{B2ABB53A-BD11-4FBC-A364-688C40AB159F}C:\users\martin\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=c:\users\martin\downloads\downloader_starcraft_combo_enus.exe |
"UDP Query User{B6A407B0-BE02-4494-88B4-FFF3B71A2CB9}F:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{C117F367-6566-4162-9958-0CE7CB00F294}C:\program files (x86)\multiwinia\multiwinia.exe" = protocol=17 | dir=in | app=c:\program files (x86)\multiwinia\multiwinia.exe |
"UDP Query User{C166DA5D-CCE0-4BF0-AF56-CEA48F8FCBD3}F:\program files (x86)\steam\steamapps\terror_strike2004\dystopia\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\dystopia\hl2.exe |
"UDP Query User{C46B4284-FDE7-4007-B333-063225658F9C}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{CD0F1165-3A38-430E-9E95-D6F508745EC2}F:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"UDP Query User{CE79A2A8-5875-4D9D-90D3-633A2CB8C892}F:\program files (x86)\ea games\the battle for middle-earth ™\patchget.dat" = protocol=17 | dir=in | app=f:\program files (x86)\ea games\the battle for middle-earth ™\patchget.dat |
"UDP Query User{D0291F12-F963-46A9-ADF9-7572CC3D839A}F:\program files (x86)\steam\steamapps\terror_strike2004\half-life\hl.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life\hl.exe |
"UDP Query User{D11E5F1E-605E-4D7F-B906-160EEB290274}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{DA986828-CB53-45D3-AEEE-9354ACF65B9D}F:\program files (x86)\steam\steamapps\terror_strike2004\smashball\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\smashball\hl2.exe |
"UDP Query User{DCFF1A3A-A853-4319-BE73-631758E5C95B}F:\program files (x86)\steam\steamapps\terror_strike2004\insurgency\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\insurgency\hl2.exe |
"UDP Query User{DFCBA3B8-779E-48D0-81D6-14CBA7F1F765}C:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe |
"UDP Query User{EBC2E53E-FE19-4209-9A70-7846071A9053}F:\program files (x86)\sierra\fear\fpupdate.exe" = protocol=17 | dir=in | app=f:\program files (x86)\sierra\fear\fpupdate.exe |
"UDP Query User{EE993C8F-B805-4E19-AFF6-A2395ECD78EE}F:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"UDP Query User{EEA8E0B2-4175-4BD6-8AD1-0C2887FDA50E}F:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\synergy\hl2.exe |
"UDP Query User{EFA90631-0564-477B-A201-7E4A4311664A}C:\program files (x86)\net tools\nettools5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"UDP Query User{F5DB384B-1D3B-4EF4-98C6-9B1A43328A92}F:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\team fortress 2\hl2.exe |
"UDP Query User{F847F542-9E8B-4A8A-AFEE-F6C6AC3837AE}H:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=h:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{F8872B91-BD83-4739-9870-9388E5EFD864}F:\program files (x86)\steam\steamapps\terror_strike2004\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\half-life 2 deathmatch\hl2.exe |
"UDP Query User{FAB1B8A4-6348-4688-8DBC-970460BAB3B8}C:\users\martin\downloads\downloader_starcraft_combo_enus(2).exe" = protocol=17 | dir=in | app=c:\users\martin\downloads\downloader_starcraft_combo_enus(2).exe |
"UDP Query User{FFB41587-DB56-4859-8CCE-D9783D7F20C1}F:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\terror_strike2004\zombie panic! source\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{315ADCE4-CCD6-49FC-BB26-D14E82E6AD7F}" = Saitek SD6 Programming Software 6.2.1.3
"{34280DB1-8558-4709-AB7E-62A572C03355}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"DriverAgent.exe" = DriverAgent by eSupport.com
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{664708B3-C730-11D5-ADE7-00B0D07D157A}" = StreetSmart Pro
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C3234E43-10BF-470E-BD2B-2E36EA29D11C}" = League of Legends
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIM_7" = AIM 7
"Canon MP495 series User Registration" = Canon MP495 series User Registration
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FairUse Wizard 2" = FairUse Wizard 2
"Fraps" = Fraps
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"GoldWave v5.20" = GoldWave v5.20
"Google Updater" = Google Updater
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"Intelli-studio" = SAMSUNG Intelli-studio
"ManyCam" = ManyCam 2.6.30 (remove only)
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 11.50.1074" = Opera 11.50
"Pamela" = Pamela Pro 4.6
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.24
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Solid YouTube FileBulldog Toolbar" = Solid YouTube FileBulldog Toolbar
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Steam App 10" = Counter-Strike
"Steam App 11450" = Overlord
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 1260" = Killing Floor SDK
"Steam App 12810" = Overlord II
"Steam App 130" = Half-Life: Blue Shift
"Steam App 13180" = America's Army 3 Dedicated Server
"Steam App 13210" = Unreal Tournament 3
"Steam App 15100" = Assassin's Creed
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 17505" = Zombie Panic! Source Dedicated Server
"Steam App 17525" = Synergy Dedicated Server
"Steam App 17535" = D.I.P.R.I.P. Dedicated Server
"Steam App 20" = Team Fortress Classic
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 22000" = World of Goo
"Steam App 240" = Counter-Strike: Source
"Steam App 24400" = King Arthur - The Role-playing Wargame
"Steam App 24740" = Burnout Paradise: The Ultimate Box
"Steam App 24980" = Mass Effect 2
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 5" = Dedicated Server
"Steam App 50" = Opposing Force
"Steam App 500" = Left 4 Dead
"Steam App 510" = Left 4 Dead Dedicated Server
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 6310" = The Longest Journey
"Steam App 8710" = STCC Demo Dedicated Server
"Steam App 8730" = GTR Evolution Demo Dedicated Server
"Steam App 8850" = BioShock 2
"SystemRequirementsLab" = System Requirements Lab
"The Sith Lords Restored Content Mod_is1" = TSLRCM 1.5
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.7
"VTFEdit_is1" = VTFEdit 1.2.5
"Warcraft III" = Warcraft III
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2012 19:04:46 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/26/2012 19:04:46 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/26/2012 19:04:46 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/26/2012 19:04:46 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/26/2012 19:04:46 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/26/2012 19:04:46 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/26/2012 19:04:46 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/26/2012 19:04:46 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/26/2012 19:04:46 | Computer Name = Awesome | Source = Windows Search Service | ID = 3013
Description =

Error - 1/26/2012 19:08:11 | Computer Name = Awesome | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 7/1/2011 04:17:07 | Computer Name = Awesome | Source = McrMgr | ID = 112
Description =

Error - 7/1/2011 20:24:31 | Computer Name = Awesome | Source = McrMgr | ID = 109
Description =

Error - 7/1/2011 20:34:54 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 20:36:18 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 20:37:08 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 20:39:09 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 23:14:15 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 23:14:46 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 23:27:47 | Computer Name = Awesome | Source = Mcx2Svc | ID = 301
Description =

Error - 7/1/2011 23:53:23 | Computer Name = Awesome | Source = McrMgr | ID = 109
Description =

[ System Events ]
Error - 1/26/2012 18:58:14 | Computer Name = Awesome | Source = Service Control Manager | ID = 7030
Description =

Error - 1/26/2012 19:05:04 | Computer Name = Awesome | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 1/26/2012 19:05:53 | Computer Name = Awesome | Source = Service Control Manager | ID = 7030
Description =

Error - 1/26/2012 19:08:12 | Computer Name = Awesome | Source = Service Control Manager | ID = 7023
Description =

Error - 1/26/2012 19:08:12 | Computer Name = Awesome | Source = Service Control Manager | ID = 7001
Description =

Error - 1/26/2012 19:08:12 | Computer Name = Awesome | Source = Service Control Manager | ID = 7000
Description =

Error - 1/26/2012 19:08:21 | Computer Name = Awesome | Source = Service Control Manager | ID = 7026
Description =

Error - 1/26/2012 19:08:41 | Computer Name = Awesome | Source = WMPNetworkSvc | ID = 866293
Description =

Error - 1/26/2012 19:11:17 | Computer Name = Awesome | Source = WMPNetworkSvc | ID = 866293
Description =

Error - 1/26/2012 19:15:14 | Computer Name = Awesome | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.

< End of report >

#10
Seran

Posted 26 January 2012 - 07:03 PM

Member

Topic Starter
Member
37 posts

I also ran TDSS again and I deleted that TDSS file thingy.

#11
RKinner

Posted 26 January 2012 - 08:39 PM

Malware Expert

Expert
24,625 posts

If you followed the procedure I gave you then Tea timer is turned off and it will remain off until we finish at which time if you really must you can turn it back on.

Uninstall
Java™ 6 Update 24
Java™ 6 Update 22
Java™ 6 Update 4
Java™ 6 Update 7 - Get the latest from java.com
DNA
µTorrent

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9
FF - prefs.js..extensions.enabledItems: {0002ee26-8c11-49eb-9cdf-56eeffef664f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "http://radiobar.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.backup.ftp: "localhost"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "localhost"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 3128
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
[2012/01/09 02:32:35 | 000,000,000 | ---D | M] (HotSpot International Community Toolbar) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}
[2012/01/24 17:59:31 | 000,008,431 | ---- | C] () -- C:\ProgramData\22cd857d
[2012/01/23 00:29:52 | 000,000,272 | ---- | C] () -- C:\Users\Martin\AppData\Local\~AHjs55iiYfoKZz
[2012/01/23 00:29:52 | 000,000,168 | ---- | C] () -- C:\Users\Martin\AppData\Local\~AHjs55iiYfoKZzr
[2012/01/23 00:29:40 | 000,000,336 | ---- | C] () -- C:\Users\Martin\AppData\Local\AHjs55iiYfoKZz
[2012/01/02 02:47:50 | 000,012,630 | -HS- | C] () -- C:\Users\Martin\AppData\Local\xlt745ig3wqn56yo7h712l8rwidbr1xs8xcjm
[2012/01/02 02:47:50 | 000,012,630 | -HS- | C] () -- C:\ProgramData\xlt745ig3wqn56yo7h712l8rwidbr1xs8xcjm

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config wsearch start= disabled /c
C:\Windows\wininit.ini 
C:\Users\Martin\AppData\Roaming\setvalue.bat 
C:\Users\Martin\AppData\Roaming\GetValue.vbs 

    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

I don't see MBAM's log so:

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Run OTL, Quickscan and Copy and paste the log into a reply.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#12
Seran

Posted 26 January 2012 - 09:44 PM

Member

Topic Starter
Member
37 posts

========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9 removed from extensions.enabledItems
Prefs.js: {0002ee26-8c11-49eb-9cdf-56eeffef664f}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.1.3 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: [email protected]:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "http://radiobar.tool...spx?srch=ku&q=" removed from keyword.URL
Prefs.js: "localhost" removed from network.proxy.backup.ftp
Prefs.js: 3128 removed from network.proxy.backup.ftp_port
Prefs.js: "localhost" removed from network.proxy.backup.gopher
Prefs.js: 3128 removed from network.proxy.backup.gopher_port
Prefs.js: "localhost" removed from network.proxy.backup.socks
Prefs.js: 3128 removed from network.proxy.backup.socks_port
Prefs.js: "localhost" removed from network.proxy.backup.ssl
Prefs.js: 3128 removed from network.proxy.backup.ssl_port
Prefs.js: "localhost" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "localhost" removed from network.proxy.gopher
Prefs.js: 3128 removed from network.proxy.gopher_port
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\searchplugin folder moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\modules folder moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\META-INF folder moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\defaults folder moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\components folder moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\chrome folder moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\d69mvsbf.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f} folder moved successfully.
C:\ProgramData\22cd857d moved successfully.
C:\Users\Martin\AppData\Local\~AHjs55iiYfoKZz moved successfully.
C:\Users\Martin\AppData\Local\~AHjs55iiYfoKZzr moved successfully.
C:\Users\Martin\AppData\Local\AHjs55iiYfoKZz moved successfully.
C:\Users\Martin\AppData\Local\xlt745ig3wqn56yo7h712l8rwidbr1xs8xcjm moved successfully.
C:\ProgramData\xlt745ig3wqn56yo7h712l8rwidbr1xs8xcjm moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Martin\Desktop\cmd.bat deleted successfully.
C:\Users\Martin\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Martin\Desktop\cmd.bat deleted successfully.
C:\Users\Martin\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Martin\Desktop\cmd.bat deleted successfully.
C:\Users\Martin\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Martin\Desktop\cmd.bat deleted successfully.
C:\Users\Martin\Desktop\cmd.txt deleted successfully.
< sc config wsearch start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Martin\Desktop\cmd.bat deleted successfully.
C:\Users\Martin\Desktop\cmd.txt deleted successfully.
C:\Windows\wininit.ini moved successfully.
C:\Users\Martin\AppData\Roaming\SetValue.bat moved successfully.
C:\Users\Martin\AppData\Roaming\GetValue.vbs moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: GTA

User: Martin
->Flash cache emptied: 566 bytes

User: Mcx1
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: GTA

User: Martin
->Java cache emptied: 0 bytes

User: Mcx1

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01262012_213037

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#13
Seran

Posted 26 January 2012 - 10:24 PM

Member

Topic Starter
Member
37 posts

Ok so I did the MBR thing again. Saved the log onto my desktop... this is what I got...

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-26 17:47:43
-----------------------------
17:47:43.628 OS Version: Windows x64 6.0.6002 Service Pack 2
17:47:43.628 Number of processors: 2 586 0x1706
17:47:43.629 ComputerName: AWESOME UserName: Martin
17:47:44.867 Initialize success
17:50:30.087 AVAST engine defs: 12012602
17:51:39.802 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-5
17:51:39.805 Disk 0 Vendor: ST3250310NS SN04 Size: 238474MB BusType: 3
17:51:39.808 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-6
17:51:39.811 Disk 1 Vendor: ST3250310NS SN04 Size: 238474MB BusType: 3
17:51:39.814 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2
17:51:39.816 Disk 2 Vendor: ST3320613AS CC2J Size: 305245MB BusType: 3
17:51:39.836 Disk 0 MBR read successfully
17:51:39.839 Disk 0 MBR scan
17:51:39.845 Disk 0 unknown MBR code
17:51:39.851 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 2048
17:51:39.858 Service scanning
17:51:40.644 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
17:51:40.748 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:51:41.350 Modules scanning
17:51:41.356 Disk 0 trace - called modules:
17:51:41.365 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80047bf2c0]<<spja.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:51:41.370 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cb84c0]
17:51:41.376 3 CLASSPNP.SYS[fffffa6000fd1c33] -> nt!IofCallDriver -> [0xfffffa800494d580]
17:51:41.381 5 acpi.sys[fffffa6000b7ffde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa800495c940]
17:51:41.386 \Driver\atapi[0xfffffa80049073c0] -> IRP_MJ_CREATE -> 0xfffffa80047bf2c0
17:51:42.088 AVAST engine scan C:\Windows
17:51:45.329 AVAST engine scan C:\Windows\system32
17:55:39.398 AVAST engine scan C:\Windows\system32\drivers
17:56:03.721 AVAST engine scan C:\Users\Martin
18:13:41.995 AVAST engine scan C:\ProgramData
18:28:42.205 Scan finished successfully
18:29:20.119 Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
18:29:20.128 The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-26 21:45:24
-----------------------------
21:45:24.080 OS Version: Windows x64 6.0.6002 Service Pack 2
21:45:24.081 Number of processors: 2 586 0x1706
21:45:24.081 ComputerName: AWESOME UserName: Martin
21:45:25.250 Initialize success
21:45:34.657 AVAST engine defs: 12012602
21:45:49.869 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-5
21:45:49.871 Disk 0 Vendor: ST3250310NS SN04 Size: 238474MB BusType: 3
21:45:49.875 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-6
21:45:49.877 Disk 1 Vendor: ST3250310NS SN04 Size: 238474MB BusType: 3
21:45:49.880 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2
21:45:49.883 Disk 2 Vendor: ST3320613AS CC2J Size: 305245MB BusType: 3
21:45:49.954 Disk 0 MBR read successfully
21:45:49.958 Disk 0 MBR scan
21:45:49.963 Disk 0 unknown MBR code
21:45:50.020 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 2048
21:45:50.028 Service scanning
21:45:51.496 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:45:51.614 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:45:52.547 Modules scanning
21:45:52.553 Disk 0 trace - called modules:
21:45:52.577 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80047a82c0]<<spoi.sys ataport.SYS pciide.sys
21:45:52.582 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b9e790]
21:45:52.587 3 CLASSPNP.SYS[fffffa60011d0c33] -> nt!IofCallDriver -> [0xfffffa8004977760]
21:45:52.592 5 acpi.sys[fffffa6000b77fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa800497e940]
21:45:52.597 \Driver\atapi[0xfffffa8004950ae0] -> IRP_MJ_CREATE -> 0xfffffa80047a82c0
21:45:53.418 AVAST engine scan C:\Windows
21:45:59.067 AVAST engine scan C:\Windows\system32
21:50:59.372 AVAST engine scan C:\Windows\system32\drivers
21:51:29.593 AVAST engine scan C:\Users\Martin
22:08:20.547 AVAST engine scan C:\ProgramData
22:20:49.379 Scan finished successfully
22:22:46.299 Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
22:22:46.315 The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"

And yes, Teatimer is not on.

#14
Seran

Posted 26 January 2012 - 10:26 PM

Member

Topic Starter
Member
37 posts

Oh wait, sorry, I dled the wrong one. Hold on, I'll get the right MBW

#15
Seran

Posted 26 January 2012 - 10:32 PM

Member

Topic Starter
Member
37 posts

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Martin :: AWESOME [administrator]

Protection: Enabled

1/26/2012 22:26:54
mbam-log-2012-01-26 (22-26-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232812
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)