Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

suddenly choppy sound and FPS drops drastically [Closed] [Solved]


  • This topic is locked This topic is locked

#1
Pizzatrooper

Pizzatrooper

    New Member

  • Member
  • Pip
  • 8 posts
Hey my name is Adam, and I have been having this issue for quite a while now and I just can't seem to find anyone who can help me with it. This site does look promising though, so here we go!

The issue is that my computer all of a sudden just starts getting super laggy. The sound goes very distorted and choppy and the entire computer slows right down. It doesn't always happen and it sometimes happens 5 minutes after booting up or sometimes I can play a game for a couple hours and nothing ever happens I've been running regular scans and only until recently has anything found anything.

I've been using avast free for a while, and because I couldn't ever detect any viruses I thought that some hardware may just be damaged but it has been going on pretty much since I bought it. I did not assemble this pc myself I bought it from Future Shop. I did install a new graphics card but I know I didn't screw anything up while doing that. I'm hoping someone can pinpoint the issue for me or maybe if anyone knows of something like this happening and knows how to fix it. I've been to a couple other sites and no one can tell me what's happening and seems baffled by it.


I ran a scan with Avast and it says I have some trojans, worms, Rtks, and drp. they are in the processes 3068 (mbamservice.exe, in memory blocks. I would post the results in more detail but I am not sure how to create a report file with Avast.

I also ran a scan with OTL and I will attach the report files to this post. I looked through and I'm not sure what I'm looking for exactly I didn't see anything jumping out at me reading through it.

I once tried disabling the sound from the boot menu before windows started up and then I didn't seem to run into any problems but that may have just been coincidence.

Feel free to ask any questions regarding this issue and I'll get back to you as soon as I can. Thanks in advance for any help that can be offered :)

*Edit* 21/05/12 I am currently running a scan with outpost security and it is picking up some threats. Well, more than just a couple. 37 and it seems to be almost finished. I will post the results once it has finished.

Attached Files


Edited by Pizzatrooper, 21 May 2012 - 01:03 PM.

  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, Pizzatrooper! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Since it has been a little whie we need to update the OTL scan and do an aswMBR scan.

You mentioned a graphics card update, what did you have before, what do you have now, and when did you install the new card?

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt
  • Post the log


Step 3.

Please post:

aswMBR log
OTL.txt


Give me an update on your computer's issues.
  • 0

#3
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Posting allows me to see the log better so I am posting your Extras.txt ;)


OTL Extras logfile created on: 20/05/2012 3:45:41 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\O(wner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.17 Gb Available Physical Memory | 64.65% Memory free
16.00 Gb Paging File | 13.82 Gb Available in Paging File | 86.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 99.99 Gb Free Space | 10.91% Space Free | Partition Type: NTFS
Drive D: | 1.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: O(wner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-752240563-1020075330-1848928621-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06067F94-019D-4D9B-99D8-8382FED29330}" = lport=49173 | protocol=6 | dir=in | name=akamai netsession interface |
"{0A43360D-E8B0-4F36-8681-ABE6329E8414}" = lport=6114 | protocol=6 | dir=in | name=diablo ii - 6114 |
"{154A7C91-B259-4967-9A39-49D3AF54174C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1907624D-797B-4D14-B50C-5D41466524AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{26645416-48EC-4F61-8528-E4D5DA9967B4}" = rport=138 | protocol=17 | dir=out | app=system |
"{2D24D3BB-411D-4E59-87B4-1B58CEC7E35E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{2D3B494E-A865-4D63-B07D-4F6F91EA4E35}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FCC2AF7-8E10-4A95-B76E-A658164825E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30F80360-DEDD-40F2-8F3B-C4C07E5D6749}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{313A1E73-EC6E-4758-A01F-BFC7BB51E4D5}" = lport=138 | protocol=17 | dir=in | app=system |
"{35921C4E-4B0A-446E-BEDC-387C0A12ED10}" = lport=10243 | protocol=6 | dir=in | app=system |
"{415B4D9D-D84D-4CAA-A97B-ED65E7375868}" = lport=6119 | protocol=6 | dir=in | name=diablo ii - 6119 |
"{476B313B-481F-49DA-943A-2978718F2D7B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4A376C5E-5F95-4411-8744-214215FD9639}" = lport=445 | protocol=6 | dir=in | app=system |
"{527E954A-DC88-41BC-B1D5-7386D21EA4E3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{52C611A2-B2D1-4B17-A7CF-A32820836D25}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57B3AECD-4921-4AA8-9B89-3969A907D942}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{57BF108E-6C69-4D77-8BF8-2885B32DD5A1}" = lport=6113 | protocol=6 | dir=in | name=diablo ii - 6113 |
"{5C0E9A33-33E6-4CD6-8946-D57E6657A167}" = lport=2869 | protocol=6 | dir=in | app=system |
"{61DA4E09-CA98-4E40-9516-DF51F962E9E6}" = lport=6118 | protocol=6 | dir=in | name=diablo ii - 6118 |
"{6E65327E-4DB7-4B65-9DD4-286385100813}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{700EFF2C-14A4-40C9-9B27-A00BD27E27C7}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{7AA3B4B1-238A-4C5E-9C9F-16935D2451CD}" = rport=137 | protocol=17 | dir=out | app=system |
"{9A7A5B8E-E7E2-4AE8-A8B7-F5ADD5D31A49}" = lport=6116 | protocol=6 | dir=in | name=diablo ii - 6116 |
"{9C30B6BD-3EEB-40CC-A628-1E68AE950DC1}" = lport=6117 | protocol=6 | dir=in | name=diablo ii - 6117 |
"{A1285675-85E8-433C-9439-97C388B7DB84}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{A9BDA5A6-F75F-41F5-990C-4C5154BDDAD4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B7FF8B23-AB39-4207-BE7B-7E6B91D57354}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9823E1E-FF9A-4F00-B24F-436AEB3A2629}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BC316B2C-4D92-4797-B8C3-510EF2092E87}" = lport=137 | protocol=17 | dir=in | app=system |
"{C56FA3B9-04C7-457E-AA76-A4B0A90C5DE1}" = lport=139 | protocol=6 | dir=in | app=system |
"{C61A6514-923B-445E-A933-84E9C009816A}" = rport=139 | protocol=6 | dir=out | app=system |
"{C8BAF0E8-1DE8-485A-8B23-5C79398103B3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D1D283B8-00BC-41D2-9998-EADA8ED8E11D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DCAA16DC-032C-4D50-AC95-1C18E78B70F7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{DE0B83E5-54BA-49DE-84D6-E4429C957314}" = lport=6115 | protocol=6 | dir=in | name=diablo ii - 6115 |
"{E5F07F0F-7042-46CB-9A79-2FBEEFEB81CF}" = lport=6112 | protocol=6 | dir=in | name=diablo ii - 6112 |
"{E61EB6E9-870B-4AE4-9C70-DE06CBAED80F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E6638D18-2D62-4AE4-A557-93810CDB35C2}" = lport=4000 | protocol=6 | dir=in | name=diablo ii - 4000 |
"{EC4934F5-BDC9-4829-BA4B-7C0077D402F8}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005B3658-2294-491E-ACB6-100D6A9C0C22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\steamlauncher.exe |
"{0072A545-BBC1-4BD3-B3C3-11CB05B05592}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\transformers - war for cybertron\binaries\twfc.exe |
"{016CC84F-A123-433A-8D57-2CCBA93E251F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{0750F299-E5A1-4DBC-8BF6-21A5270F69F1}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.patch.exe |
"{07A9511A-2B6C-4C59-9430-0B748C04743B}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\_temple of zakarum\pandemonium\diablo ii.exe |
"{0811BA36-EBE4-4C5F-9EFD-90C1B73A42B0}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\client\tl.exe |
"{085D5C26-3E9E-4767-B460-B3F19991F8AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkspore\darksporebin\darkspore.exe |
"{0C22D569-4003-488E-8957-C3AEB927B25A}" = protocol=6 | dir=in | app=c:\users\o(wner\appdata\local\akamai\netsession_win.exe |
"{0C300698-FFE1-4805-80D6-E9FACEB969E5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0D0C77BE-F84B-4623-BB71-EEB09847990B}" = protocol=6 | dir=in | app=c:\users\public\world of warcraft public test\wow-0.3.3.11573-to-0.3.3.11599-enus-ptr-downloader.exe |
"{0D2102C7-9C63-4174-8198-581CDDB734D7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{0EAA3EF2-E043-4872-98D2-4C43AB7A2B6D}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{0F06A1F9-C553-41C1-BED3-B87D9A31E59E}" = protocol=6 | dir=in | app=c:\games\swwt mod client version 1.4\exe\freelancer.exe |
"{122542F2-E6CE-4D66-A25F-8D8AD2493F73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkspore english trailer\smp.exe |
"{140693CB-C87F-4AE6-B3DB-76D3B8B02212}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{16B16A58-1E6B-4E0F-8F7C-4B548B4098CF}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\transformers - war for cybertron\binaries\twfc.exe |
"{17764D30-908B-4D6B-9E6E-BA9269350549}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{182E1257-272D-40AA-AD8D-A351F03CD197}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{1A0B44C6-4397-4D84-A7E8-98227625C1E5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1BBDF7EF-7039-4AA7-89C6-DC3FA7F9724F}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{1BC232F3-B2E8-4EE8-BCB3-20BDA0CF8B66}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{1C3504F3-D6D4-455E-8122-7A0C972F310E}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe |
"{1F000344-A0FC-448F-8FAC-A398DEA4D19B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\source sdk base 2007\hl2.exe |
"{20E5FCA5-9EF1-4900-9F2D-54263028C9AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{217C53E3-CB5D-47E4-8743-A0FEA35586CD}" = protocol=17 | dir=in | app=c:\program files (x86)\aeriagames\project torque\projecttorque.bin |
"{22638FFD-7CEE-4992-A662-32D4C4734237}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{2388CE11-FEDB-4563-AD94-12139EF392F1}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{2559D28B-DF42-40FC-B3DE-2849715E5FE2}" = protocol=17 | dir=out | app=c:\program files (x86)\tera\client\tl.exe |
"{28A8D2F9-1B10-4D83-B99D-5E2C902385F0}" = protocol=58 | dir=in | [email protected],-28545 |
"{28DD68E8-D242-465A-8BDE-77EFE6E769FF}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{29E3B125-44B8-4B37-8269-287B19207DE5}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.patch.exe |
"{2AB7DA5E-D894-47C8-B19D-302B28C1769F}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe |
"{2BF56D89-EDB8-4885-BDA2-BA22A1B385FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E15D5F4-319C-4166-AF19-591E7EFBA769}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2E7C5DB5-6DFD-445D-816E-101941442B49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"{2EE9CBF1-83E7-446E-8656-FF2670426F4B}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2F1B990E-1CAB-487F-B921-01A3276C7A09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{307FCB45-9535-4DD3-A0F9-63B736D06C7B}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{30A7E12F-6603-4E94-859F-B344F7EA1932}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{32C2D3E7-DF97-4214-A0BA-5C7889CCE33E}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{32E3672C-F223-49A0-B9F5-556B83E76196}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{34BBA7B3-F9BE-4E90-9A75-2BE509065B3F}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{350DD6DC-8D85-409D-94C8-04804E2F2A77}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{35A229BC-1B12-49DF-B942-47B12DBF2593}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{377C54E3-9227-4C00-914E-53D1DA75E5F7}" = dir=in | app=%programfiles% (x86)\mass effect 3\binaries\win32\masseffect3.exe |
"{39CCD09A-DB63-4354-B0CB-F522E65F5927}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A291E3E-53DA-4AF3-8F0D-EA5A02D6D6A0}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\_temple of zakarum\pandemonium\game.exe |
"{3A75F086-6735-43AA-BA20-5EB5EB1FC33F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3BD69609-A7A3-432D-BD47-0F0E34C50ECC}" = protocol=58 | dir=out | [email protected],-28546 |
"{3C935EA2-5288-4B76-AF76-BF4C45D024EA}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{3D8FF448-D932-48E3-9B40-642CF8C963B0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{418600D3-ABE6-484C-BDAA-1FC4F48CE901}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{43A3A175-7657-4501-A4A9-735FA2E28AC3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor mp beta\mohmpupdater.exe |
"{44095E0F-A039-4190-9984-D3377ACB8821}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{472502DF-59A6-496B-80C6-75D5A7E44A84}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47412C90-DB58-40EB-9387-7C83B5A42418}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{476211C3-1A25-4427-8D02-A2E74348A1C6}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{4BB5318F-84EB-4716-A255-ED4E44BA738C}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{4BE24D03-BEC9-48D6-96A4-AF9AA4977EC3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{4E0A14DE-019A-4FA4-8A41-6B92D953C186}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4E0FB539-85A6-44EA-831B-6866E035AC72}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4E3CB2C8-FEF3-40F9-831E-9095FBA23E82}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe |
"{4E540D81-C6F1-483B-9F00-EE2670B18EE6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\source sdk base 2007\hl2.exe |
"{4E8CBFFD-7764-4081-8CB6-4129F6915EAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lara croft and the guardian of light\lcgol_demo.exe |
"{4EB1AAC6-FB78-422B-A77B-81D683B494E4}" = protocol=6 | dir=out | app=system |
"{4F00D3F9-092B-4FAE-B3AA-8B79AF5354F0}" = protocol=17 | dir=in | app=c:\users\public\world of warcraft public test\wow-0.3.3.11573-to-0.3.3.11599-enus-ptr-downloader.exe |
"{50084598-0B5D-4063-87FC-39A645369458}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50DBEF39-AF12-47E5-A5A5-2FEAC4954E20}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{5204E69B-CC5C-4C12-BAEF-6F19C52064FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\launcher.exe |
"{54904C59-D1B5-4BD3-AF75-77747C79144E}" = protocol=1 | dir=in | [email protected],-28543 |
"{5539E3DA-92E2-4ACB-A9AC-F48D63BE895E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{559E41EE-21D3-4FCD-B4E3-F665F7A2A703}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{559EB088-9596-430D-AB44-49983C36429D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{563AEEF1-A60B-497B-B0C8-83EBBAA850C7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe |
"{573B9E0C-E0C9-46B8-B522-72BD5A1E27FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\synergy\hl2.exe |
"{5A381D67-50D2-4FDB-8CA0-B54753CB1868}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{5D78A000-314C-4C25-BC08-B0185852F901}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{628DD3C6-F74F-4F94-8649-41BA10C1DB9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{62C6D317-3293-4F73-96AB-F8AF1779F6B4}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |
"{65EA2B0D-6D77-41EF-9476-4B7A129396D0}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{66955C96-4F35-42E7-8FD2-E8ACB2EC8F9C}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{67308E81-5CAE-4BEE-AD21-8F04CA0A791C}" = protocol=17 | dir=out | app=c:\program files (x86)\tera\client\tera.exe |
"{678AADBC-CE55-4F02-8DB5-2917FEC7BA69}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{6A37862E-858C-4A6B-B9AE-F140879B666F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\launcher.exe |
"{6AF71A68-A598-4154-A4E7-DA03F336C46F}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{6B22F25F-3D14-43B1-8BFC-8AE02D50DFD7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{6BF09223-90C2-4542-981A-A2D03F79D7DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\counter-strike source\hl2.exe |
"{6C35B4F4-CBFA-4EC5-8A48-90192263E2D3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6E7663EC-3364-4041-8772-CFB095B87135}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F69F2A1-CC26-4477-8218-03824A5824BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\pirates, vikings, and knights ii\hl2.exe |
"{70D679B3-4CA1-4F50-837C-77F030FF594A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\diprip warm up\hl2.exe |
"{723D5BDD-23D9-426B-886C-4B916D0EFDD2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\diprip warm up\hl2.exe |
"{73B9323A-305F-4488-A3BB-DF98F629CBEA}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{74A3E187-84E9-4ED6-9728-63E8757EB1B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkspore\darksporebin\darkspore.exe |
"{74BF0E8D-8080-48E6-AB62-8E6264B676D6}" = protocol=6 | dir=in | app=c:\program files (x86)\aeriagames\project torque\projecttorque.bin |
"{750360C9-C9B1-460B-AF18-1C8B4A9A538D}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{75B8820C-E7E5-43C3-B521-1EA86A7BD460}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |
"{7816B841-2588-4942-BB48-BADA9FE6A040}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{79538D55-E490-4078-9FFF-E08094AD06A5}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{79C7B919-F4CA-484B-9485-359A94D250C4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7A827F32-DFA5-41E0-AC27-D70BEBC2A312}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |
"{7B61ED4A-7D13-4618-8C7D-958B6918DAEA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7CE7B89C-513C-45E2-8F5A-F2CEE244D010}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7D6EF40B-1532-49BC-89D7-DA5F3E501579}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe |
"{7FC5C312-4E16-4E2C-A4F1-71B0A80EECAF}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{8008DB53-612A-4D8A-B12D-6E6CCEE1E49F}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe |
"{804F437E-FD0C-4279-868B-0B6E5249AB4F}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2betaupdater.exe |
"{80D6EBAD-2D7D-4871-B72B-54DD0A2D039D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe |
"{847EDE23-39A8-41FC-A723-285D70B2290A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{899FC897-0948-408B-93B8-03E6EE0521A3}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{8B546B91-8AE4-468B-B865-29AF726CC2E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8B89F395-FCA3-4CB7-AD8C-337020591567}" = protocol=17 | dir=in | app=c:\program files (x86)\tera\client\tera.exe |
"{8D9C9BDA-28F0-4EDE-A865-6AC74E267917}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\synergy\hl2.exe |
"{8DCEA8E1-E8CC-4826-8B9D-A85B53D62A08}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\insurgency dedicated server\srcds.exe |
"{8E81F611-76F1-48B4-8A06-15649BB3D294}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{8E8D1C28-7BD2-4668-BA15-D530268771AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pandorasaga\steamintegrator.exe |
"{8ED259E2-D6BB-4CA8-8372-061A876D9FB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{9113BAFC-57C0-43DA-A50F-36A4F4AF7DD3}" = protocol=17 | dir=in | app=c:\games\swwt mod client version 1.4\exe\freelancer.exe |
"{9141E784-102D-4D3D-847F-687F02719B80}" = protocol=6 | dir=out | app=c:\program files (x86)\tera\tera-launcher.exe |
"{9163BAC6-51EB-4904-9D1E-31FF9EDCDC8E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9398DC7C-F5EB-44B4-B302-38A21F9B1D54}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94DCAEC8-4EC5-4076-954D-D90CC3B2265A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{9680131C-BB99-4787-A412-526162770466}" = protocol=17 | dir=in | app=c:\users\o(wner\appdata\local\akamai\netsession_win.exe |
"{98087AF2-1296-47FC-8937-C1B3B4CA9BE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{986BE414-81C3-4A5C-B1A0-0961A5DDD41D}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{9A809C71-2EDC-45C6-933E-4922E1806AAD}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{9BA762F5-7708-4C74-BC10-3C8E82FC335B}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{9CE0D00E-CB80-4986-B2E2-5ECC32ADF9F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lara croft and the guardian of light\lcgol_demo.exe |
"{9D096EE3-6752-4FE3-975E-312C6A9BC894}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{9DCE330C-FC80-4329-883C-D7A59837E3F9}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{9E0FB927-ED53-486A-8B23-7CB94ED4009C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{A0017C3E-D5FE-4FC4-8179-977161411D0B}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{A2537E53-875C-4EF1-A9EE-2DD6C206A57A}" = protocol=6 | dir=out | app=c:\program files (x86)\tera\client\tera.exe |
"{A2DCBA38-1894-4042-A962-981C63802071}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2 demo\bin\supreme commander 2 demo.exe |
"{A329F9FC-4378-4DDA-9AB0-1E1DC6BE31B6}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{A5A986DB-E2E3-4897-87DD-83438477A4A4}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\client\tera.exe |
"{A6893EA8-0D9E-4A97-AEC8-ED3822B7B705}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A6BAEBC6-C4BF-4DA0-99C0-ADFB7A89D987}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{AB38FA66-AE0C-4BFC-8EC0-9AAD14D3AAC7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2 - beta\bfbc2betaupdater.exe |
"{AC49C572-CF1D-4118-A57C-99F00AD22938}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{ACEC8D95-40E7-4BD5-A0A3-5B0C9FE3C69C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{AE8885ED-963D-40E1-902D-B1270E40B649}" = dir=in | app=c:\program files (x86)\acr\autoclubrev\web\acrlauncher.exe |
"{AEAF8CEC-9C6F-4C7E-BE4B-BC2742743324}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\pirates, vikings, and knights ii\hl2.exe |
"{AFD949FF-72FF-4FD9-8375-9E8BEF74B5FF}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\alpha protocol\binaries\apgame.exe |
"{AFF2C0C6-E87A-47BC-9FE5-0A9A4CA2F361}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B09F5A56-618C-45BD-893B-3E5AE3A457FE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B339636B-EDA7-4FFA-9C9C-E11B0CEED23D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor mp beta\mohmpupdater.exe |
"{B408FD6F-F5C7-448B-B5F5-FCC15E2095C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{B5A70501-B4EE-4587-9F41-59C545CF128E}" = protocol=6 | dir=in | app=c:\program files (x86)\bf3 alpha trial web plugins\sonar\sonarhost.exe |
"{B6BF96F7-83E8-4488-9DA6-548C38CCDFB3}" = protocol=17 | dir=out | app=c:\program files (x86)\tera\tera-launcher.exe |
"{B74CC21F-C5FB-430F-A621-AEE2C271B88D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B9A7E34F-CB91-4CF7-B1C4-EC4931F62FAA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BAA61973-184E-4F10-A019-BB19E35F56B7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BB61D46D-6ACE-428D-B2F8-7EC55627A87E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\forsaken world\patcher.exe |
"{BC635C83-BFAD-4E68-BE11-E7BF0E275387}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{BE180BDA-51D2-4D1F-8219-DE979BEC1903}" = dir=in | app=c:\program files (x86)\acr\autoclubrev\bin\acr.exe |
"{BE45B4B4-6DDF-42E1-AA87-C24E94A3CDBC}" = dir=in | app=%programfiles% (x86)\reality pump\two worlds ii\twoworlds2.exe |
"{C12A97B2-2E1C-44E5-9FB4-DAFBD9D6CA87}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C1CA7992-58DC-49EA-8F22-06269AD389DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkspore\support\ea help\electronic_arts_technical_support.htm |
"{C20FEB23-03B1-49E1-AC69-E6BB5C2FFDBE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3DB5F2D-C308-4133-82C8-FE78E043B2E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\counter-strike source\hl2.exe |
"{C585902A-1F82-4A84-A418-25A5E6A9CDE4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe |
"{C721DD40-4460-494C-8381-356E103F4A26}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |
"{C72ACC49-D82D-4B69-83C6-865E798928AD}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{C7D59E19-0DEE-42BB-AB72-4BF524EEC195}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C8D8BFD2-6755-4271-A6E8-D560A1D1BB96}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\_temple of zakarum\pandemonium\game.exe |
"{CB3BF741-FC28-493B-9BDC-6871073191F2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkspore\support\ea help\electronic_arts_technical_support.htm |
"{CD4DBA3F-D991-4F91-B5C4-E39CD851E126}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{CE458C99-1305-4279-BA3F-0844F1A5F6ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{D00097CB-D876-4CE3-9B14-9FEF443D906D}" = protocol=17 | dir=in | app=c:\program files (x86)\bf3 alpha trial web plugins\sonar\sonarhost.exe |
"{D167380B-4F15-4053-9EDD-317A773AEBF5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1C1B08D-9264-4101-87F8-56F40C5A5C9A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D1EE52FC-03A6-4626-B90D-0DD5567F8989}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{D212AB09-747A-4329-A6F2-5A2588EDEE89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{D2BF4AC8-6B71-4189-8A94-948453DA49F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\eve online\eve.exe |
"{D4BB8310-7B0B-443A-A1FB-75434F7C6628}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\steamlauncher.exe |
"{DB980E2B-C768-456A-A7EC-032AF332D095}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DD28B502-1EC0-4389-9E7D-ED1BE0969C9A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{DD7860CC-3B17-41CE-B565-F4B63F44125E}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"{DEE40872-3CD9-48CF-AB45-99210A93D15B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2 demo\bin\supreme commander 2 demo.exe |
"{E0E3810E-F1C1-42BB-919F-36F63F3753F3}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{E27E7EC3-08A7-4D3B-BD10-3708ADC22918}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkspore english trailer\smp.exe |
"{E2F2AB4C-166D-4CEE-BB29-E5A06713649E}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{E6CF378B-9356-47C2-945B-FFC7F31DF269}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{E73B672C-E540-4498-8091-0D65D5FC7A85}" = protocol=6 | dir=out | app=c:\program files (x86)\tera\client\tl.exe |
"{E79D8259-D72A-49BA-A196-763C6F18634E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{EF36CCC7-8F66-42D3-89A8-BE3689A6CBF9}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{F0BD7973-99B0-4B61-A9EA-F5090DE4E7EC}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{F26D15E6-DAB5-4B4B-AEF5-2CBA6D2229FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F411DFC9-8250-43EF-AAEF-9D5BD71C722C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pandorasaga\steamintegrator.exe |
"{F73DB7AD-27BD-4FB7-9EC6-663763378513}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{F791D923-70C7-4DCD-BCB3-97D6B3D93623}" = protocol=1 | dir=out | [email protected],-28544 |
"{F9736920-A280-4148-85BC-072807EC21B7}" = protocol=6 | dir=in | app=c:\program files (x86)\tera\client\tl.exe |
"{FA73D3C8-E38D-433A-ADE5-867DE0376E62}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{FB2ABFB3-4387-4EA8-A82B-ACD39196D190}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\insurgency dedicated server\srcds.exe |
"{FB727C2A-8B17-4EBA-869B-37F751A7AEE7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{FC4D04D8-41F5-413E-A1E1-1FE053D5639F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe |
"{FD703B0B-7E4D-4301-8854-0313B1EA5E31}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds ii\twoworlds2.exe |
"{FF52485B-3EC9-4550-9E19-1F73874B3476}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{FF7331E4-9A5B-4662-A0DA-04788170215F}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{FFD1EDA0-E669-4401-9EE3-F1CAB340E06B}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\_temple of zakarum\pandemonium\diablo ii.exe |
"TCP Query User{05C51226-D7E1-4B4B-BA12-5B9B0EF13965}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |
"TCP Query User{0AC4F407-572B-41AC-87F5-E22D8A757556}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{0C97098E-41E1-43B3-AB75-CEA0FA7EE48D}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{0E6DAF5C-5C38-46DD-BCE0-DBBEFAFCE490}C:\users\public\world of warcraft public test\wow-0.3.3.11623-to-0.3.3.11643-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft public test\wow-0.3.3.11623-to-0.3.3.11643-enus-ptr-downloader.exe |
"TCP Query User{103FB6BD-4C0F-40D2-8D3B-9A6CA6A2947F}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{112888B6-F867-489F-8A16-978A9179276F}C:\users\public\games\world of warcraft public test\wow-0.3.3.11643-to-0.3.3.11655-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11643-to-0.3.3.11655-enus-ptr-downloader.exe |
"TCP Query User{11604F36-1279-4989-B446-8A8F431271ED}C:\program files (x86)\atari\tdu2 demo\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\testdrive2.exe |
"TCP Query User{11929368-7A22-4C40-849C-AF14D4459B6C}C:\users\o(wner\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\o(wner\program files (x86)\dna\btdna.exe |
"TCP Query User{11A044A8-7DD9-4C13-8074-893EE4B12DFA}C:\users\public\world of warcraft public test\wow-0.3.3.11573-to-0.3.3.11599-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft public test\wow-0.3.3.11573-to-0.3.3.11599-enus-ptr-downloader.exe |
"TCP Query User{129A00AC-9512-4D81-A5AD-68AC8FBB117E}C:\users\o(wner\downloads\announce_trailer_en_us.exe" = protocol=6 | dir=in | app=c:\users\o(wner\downloads\announce_trailer_en_us.exe |
"TCP Query User{12D6E598-DC09-4C5A-A02E-BD9757480861}C:\program files (x86)\funcom\age of conan\ageofconandx10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconandx10.exe |
"TCP Query User{18AEB457-3149-46B0-A724-C5AD36231826}C:\users\public\games\world of warcraft public test\wow-0.3.3.11655-to-0.3.3.11685-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11655-to-0.3.3.11685-enus-ptr-downloader.exe |
"TCP Query User{1AB793F8-2587-48C8-BA66-8F708E518365}C:\users\o(wner\downloads\redsn0w_win_0.9.10b2\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\o(wner\downloads\redsn0w_win_0.9.10b2\redsn0w.exe |
"TCP Query User{1ABCDA03-EDE8-4610-A112-E523D80A0F88}C:\users\public\games\world of warcraft public test\wow-0.3.5.12166-to-0.3.5.12196-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12166-to-0.3.5.12196-enus-ptr-downloader.exe |
"TCP Query User{1E693369-A5ED-44B4-B11F-935D34A9E83F}C:\program files (x86)\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe |
"TCP Query User{1F6E1128-694B-4F6A-A1FE-17A159FB3821}C:\users\o(wner\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\o(wner\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
"TCP Query User{23E51B6A-66DB-4221-A302-7C4F12C96BDF}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{26BC3D09-8D05-4276-B8CE-FCDF64C93972}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{26CF3744-E755-4603-A6B7-5D1092E8334A}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{2ACCF4F5-EAF8-477A-B51A-D987107922C7}C:\nexon\vindictus\en-us\nmservice.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"TCP Query User{2BEF72FC-C655-4B8A-AC46-CB61EBAB26B2}C:\program files (x86)\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |
"TCP Query User{2FE6FB19-74BE-478A-A95E-5C2EA527D34B}C:\program files (x86)\saints row 2\sr2_pc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\saints row 2\sr2_pc.exe |
"TCP Query User{3775CADB-B3FF-42EF-B7CC-1B179B86738A}C:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe |
"TCP Query User{37B06C87-5A22-4443-9DE8-E1E35C55133D}C:\users\public\games\world of warcraft public test\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\blizzard downloader.exe |
"TCP Query User{38A57233-5E57-4259-BCE0-BD879242258A}C:\program files (x86)\realtime worlds\apb north america\binaries\apb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\realtime worlds\apb north america\binaries\apb.exe |
"TCP Query User{39400BA6-69B4-463A-A5B2-663583F931A7}C:\program files (x86)\steam\steamapps\flashkillers\team fortress 2 beta\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\team fortress 2 beta\hl2.exe |
"TCP Query User{3A9D0FD3-0A27-468A-B375-E0B727A2C1B1}C:\users\o(wner\downloads\tinyumbrella-4.21.01.exe" = protocol=6 | dir=in | app=c:\users\o(wner\downloads\tinyumbrella-4.21.01.exe |
"TCP Query User{460D570A-D465-42A0-9D7F-90BE68D892DE}C:\program files (x86)\atari\tdu2 demo\uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\uplauncher.exe |
"TCP Query User{46B1D144-75F3-4F50-A804-0594611276CA}C:\users\o(wner\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\o(wner\appdata\local\akamai\netsession_win.exe |
"TCP Query User{4953AFB3-8FE7-4E39-8DED-86C2D07813C2}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{4A00D5BB-F238-4D11-83CB-162D3C0AF0CB}C:\users\o(wner\downloads\sc2_teaser_1080p.exe" = protocol=6 | dir=in | app=c:\users\o(wner\downloads\sc2_teaser_1080p.exe |
"TCP Query User{54CAC502-D9FE-4FC2-8799-C1A8EFF23463}C:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe |
"TCP Query User{5564D42F-E1AD-421F-A578-040621B43EDF}C:\program files (x86)\starcraft ii beta\versions\base14093\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14093\sc2.exe |
"TCP Query User{556E077A-35C4-4CF7-8C8C-6C96F8C047F8}C:\program files (x86)\outspark\divine souls\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\outspark\divine souls\client.exe |
"TCP Query User{55816B10-0B1A-413D-A453-85643F8023CC}C:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"TCP Query User{5873F4BF-196F-49E8-BDFC-6A802C9CE49D}C:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{5881D9B8-9108-445E-B6BC-8B2CDC099BCF}C:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
"TCP Query User{58822CEC-54C0-4E16-B534-484F76F76F6A}C:\users\o(wner\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\o(wner\program files (x86)\dna\btdna.exe |
"TCP Query User{58B37BC7-BD64-41DC-A834-3057C41B7C15}C:\games\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\games\dead space\dead space.exe |
"TCP Query User{5B4E5273-B08B-4617-A1D7-C1EFF903723F}C:\users\public\games\world of warcraft public test\wow-0.3.5.12045-to-0.3.5.12124-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12045-to-0.3.5.12124-enus-ptr-downloader.exe |
"TCP Query User{5B6EABCF-3A78-42B7-A42D-7E18F28C862F}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{5D4C1194-1133-408A-9013-79B31E302A4A}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{61014D11-BD05-4A2D-99CB-CED800FE5346}C:\program files (x86)\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\left 4 dead 2\left4dead2.exe |
"TCP Query User{647A243C-01FE-4AA2-BFDF-3B3DFB2CE618}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe |
"TCP Query User{656924CC-E88A-424E-88D9-8400E0AAE53B}C:\program files\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{6739B11E-317F-40C0-8A96-30FDB00ABAEA}C:\program files\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{67BF2C45-C5D3-48C1-97CF-C7054CEA61D2}C:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"TCP Query User{6942915E-8D09-4895-B381-CB0607BE34EA}C:\users\o(wner\downloads\tinyumbrella-4.21.02.exe" = protocol=6 | dir=in | app=c:\users\o(wner\downloads\tinyumbrella-4.21.02.exe |
"TCP Query User{6B2F1F20-2092-46EE-8A1A-35E63545DB42}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"TCP Query User{77D7A54F-AEE1-4091-A26D-E2DD053B5A37}C:\program files (x86)\atari\tdu2 demo\_uplauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\_uplauncher.exe |
"TCP Query User{78065A04-22CE-472E-A5EA-83B449347B3E}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{7AC5722B-32A1-4F58-8078-F9CAA2877A9D}C:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{7AD0A1FA-3349-4EE5-AD05-A2A514E8A39B}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{80A9D690-E63E-41D9-8610-8E1F8683D0A2}C:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"TCP Query User{81033140-B888-4407-BB1B-B4362C23E1F3}C:\program files (x86)\mta san andreas\server\mta server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mta san andreas\server\mta server.exe |
"TCP Query User{81929F82-0295-440C-8DC5-90392685599A}C:\users\public\games\world of warcraft public test\wow-0.3.3.11685-to-0.3.5.11993-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11685-to-0.3.5.11993-enus-ptr-downloader.exe |
"TCP Query User{842BDED6-1220-41F2-B30B-81E0C86050D3}C:\program files (x86)\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe |
"TCP Query User{8487B7C0-E218-4D1F-842C-CC457E9015FB}C:\users\public\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft public test\launcher.exe |
"TCP Query User{891FB944-DDCB-4254-85C1-816BDC7CF5CC}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"TCP Query User{8BBA0481-36B9-4FFC-802B-29058EA9E426}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{8D4D1F99-E7D0-412C-9479-C07E62339F14}C:\program files\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |
"TCP Query User{8E6BA382-6CCB-4F8B-8BB2-C63C4CB86447}C:\users\public\games\world of warcraft public test\wow-0.3.5.12124-to-0.3.5.12148-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12124-to-0.3.5.12148-enus-ptr-downloader.exe |
"TCP Query User{90402E6A-EC58-4957-AAE2-75DDC174139F}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{90C9B736-BB78-4A08-A4FB-AF8195FD1D77}C:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe |
"TCP Query User{90EF2605-46A7-4CE8-871C-5F439B90F3EB}C:\users\public\games\world of warcraft public test\wow-0.3.5.11993-to-0.3.5.12045-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.11993-to-0.3.5.12045-enus-ptr-downloader.exe |
"TCP Query User{98D5CA58-56F0-4EF4-AC97-816B97FC3067}C:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"TCP Query User{98ED3C36-8A70-4252-B37A-B1A13C7B4DE3}C:\games\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_closed_beta\wotlauncher.exe |
"TCP Query User{9ECEE8A9-A9DC-4AF2-96C2-1B54AA4896EB}C:\users\public\world of warcraft public test\wow-0.3.3.11655-to-0.3.3.11685-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft public test\wow-0.3.3.11655-to-0.3.3.11685-enus-ptr-downloader.exe |
"TCP Query User{A4600CEA-863E-4AFB-94F8-30605E2CF7D5}C:\program files (x86)\microsoft games\freelancer\exe2\freelancer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\freelancer\exe2\freelancer.exe |
"TCP Query User{A65D7D6B-8F22-4552-BE93-D0C401C9B2EC}C:\program files\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"TCP Query User{A8AAEE0A-8626-455F-B4D1-9B7C8390C665}C:\program files (x86)\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\portal 2\portal2.exe |
"TCP Query User{AC44A20B-EA9F-470D-9F56-7FB7600E1E32}C:\games\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\games\dead space\dead space.exe |
"TCP Query User{B199FE64-F9DC-4504-9001-37585D98EC7B}C:\users\public\games\world of warcraft public test\wow-0.3.5.12148-to-0.3.5.12166-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12148-to-0.3.5.12166-enus-ptr-downloader.exe |
"TCP Query User{B66373D1-48A7-46AB-B441-583742842D87}C:\program files (x86)\electronic arts\medal of honor mp beta\mohmpgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor mp beta\mohmpgame.exe |
"TCP Query User{B8CE7A84-0219-4B2F-A4C8-677DF953842A}C:\Program Files (x86)\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dead island\deadislandgame.exe |
"TCP Query User{BC93D989-2A2D-4E0E-A7ED-F8311C1C6794}C:\users\public\games\world of warcraft public test\wow-0.3.5.12196-to-0.3.5.12213-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12196-to-0.3.5.12213-enus-ptr-downloader.exe |
"TCP Query User{BCE65B30-5431-448E-822E-7C3B94E032D9}C:\program files\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"TCP Query User{BE46A73B-730D-4316-B32D-0FF5BEB50745}C:\program files (x86)\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\portal 2\portal2.exe |
"TCP Query User{BE788E2B-03A4-4D6F-92EA-5E1912B45CB5}C:\program files\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"TCP Query User{BF4859CC-9CF0-4B0B-B36E-DBF72A52DC9E}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{C5B5952F-88AD-4541-8589-445C14904A9C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{CAD05BF6-5DFA-40C3-9063-9B9578F3716E}C:\program files\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |
"TCP Query User{CB3C2E17-02EE-4A88-8A39-988C1AD12FC2}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"TCP Query User{CE1046B1-28A8-4788-8FD3-6AE81B80216B}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"TCP Query User{D13AD30B-C3DF-4CDB-B189-FD49B61F5DB6}C:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"TCP Query User{D1E7A500-1115-4D48-807D-2C62D5248AAE}C:\users\o(wner\downloads\ptr-installer-4.0.0.12824-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\o(wner\downloads\ptr-installer-4.0.0.12824-enus-downloader.exe |
"TCP Query User{D27B4623-B7B9-499B-92F7-38F1DD3751F4}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{D5BFA5CD-7CB8-407A-814B-FA725254ED0B}C:\program files (x86)\steam\steamapps\flashkillers\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\team fortress 2\hl2.exe |
"TCP Query User{D9E10EA3-7CC0-475D-94C9-D946CD56FFFE}C:\users\o(wner\downloads\anarchyonline_18.1.1-large.exe" = protocol=6 | dir=in | app=c:\users\o(wner\downloads\anarchyonline_18.1.1-large.exe |
"TCP Query User{E07C4107-4BAD-4C51-8AC0-A1239D2030D8}C:\program files (x86)\entropia universe\bin32\entropia.exe" = protocol=6 | dir=in | app=c:\program files (x86)\entropia universe\bin32\entropia.exe |
"TCP Query User{E08D498D-F712-4454-9F0C-9580615DF00D}C:\users\o(wner\downloads\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\o(wner\downloads\starcraft_2_na_en-us.exe |
"TCP Query User{E0926E27-84D3-4112-8A77-7A6EFB3D1CC4}C:\games\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\games\left 4 dead 2\left4dead2.exe |
"TCP Query User{E3F7D70F-2BBE-4A0C-A1AF-0718F9731310}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{EB431ED7-A3D5-46CD-8442-D4DBDE7C6368}C:\program files (x86)\steam\steamapps\flashkillers\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\insurgency\hl2.exe |
"TCP Query User{EDE5055E-5545-44D9-9D63-26DF93E89943}C:\program files\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"TCP Query User{EF0D09D8-2CCE-41EE-AC86-BF6D1D373618}C:\program files\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe |
"TCP Query User{EFCCD981-A58A-4E56-813E-09A7D25804CC}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{F0601AEE-DB29-49C4-AA05-33117EDA08CE}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"TCP Query User{F66AEA49-FB7E-4B9A-9374-A4F3F9CFEECB}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{F6D92DD9-7F42-4C6C-B8E9-C561DCC34A8F}C:\users\public\games\world of warcraft public test\temp\wow-4.0.0.1852-to-4.0.0.1989-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\temp\wow-4.0.0.1852-to-4.0.0.1989-enus-ptr-tools-downloader.exe |
"TCP Query User{F7CF6CB7-F6B4-4738-8EED-ACB7C029B1A6}C:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{F99A42CD-68DE-409E-8649-C7E9D32FAFB8}C:\program files\world of warcraft\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |
"TCP Query User{FCBBC7A6-C496-40F1-AC7F-FF93D7042A3F}C:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{FE894FE8-71DF-4CEE-81AF-9ADDC50ECB58}C:\program files (x86)\activision\transformers - war for cybertron\binaries\twfc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\transformers - war for cybertron\binaries\twfc.exe |
"UDP Query User{01F76AC2-8C70-4622-A95F-10443D79D1C7}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{026F0501-8F88-48FF-8A50-A5A6DBE82A7A}C:\program files (x86)\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\games\tribes alpha\binaries\win32\tribesascend.exe |
"UDP Query User{06C4EFFD-C99D-452D-AE53-EF607AE7121E}C:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crimecraft\binaries\crimecraft.exe |
"UDP Query User{07E22CE5-44DD-47B4-8FD7-0F6CB4D2F718}C:\program files (x86)\steam\steamapps\flashkillers\team fortress 2 beta\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\team fortress 2 beta\hl2.exe |
"UDP Query User{083753A6-FB82-438E-93E1-8919150DD2ED}C:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{0967A9F0-975D-4E86-951E-751034CF3E4B}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{0E5DC837-1558-4399-91BC-80C2AB851A95}C:\games\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_closed_beta\wotlauncher.exe |
"UDP Query User{0EB14DA6-C701-42A4-984A-2643F88F179B}C:\games\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\games\dead space\dead space.exe |
"UDP Query User{15E37F33-1E3D-4A1F-8C18-3179E3E8CAD3}C:\users\public\games\world of warcraft public test\wow-0.3.5.12196-to-0.3.5.12213-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12196-to-0.3.5.12213-enus-ptr-downloader.exe |
"UDP Query User{1731FD12-DDC5-43F8-9DAA-FCDD9728C91A}C:\users\public\games\world of warcraft public test\wow-0.3.3.11685-to-0.3.5.11993-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11685-to-0.3.5.11993-enus-ptr-downloader.exe |
"UDP Query User{186A1F39-CC3B-4154-BCBD-026E6B87C5A6}C:\program files (x86)\funcom\age of conan\ageofconandx10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconandx10.exe |
"UDP Query User{1B239CD3-C645-4176-9A8E-71275601AF38}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{1BA0A30A-A6E2-4D02-8FFD-84A62BE678FD}C:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{1D935C28-5DD8-4C64-9857-4386E7EEE0AB}C:\program files (x86)\mta san andreas\server\mta server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mta san andreas\server\mta server.exe |
"UDP Query User{1E4F1D0B-6270-4ED2-A862-9F34301A7A5C}C:\users\o(wner\downloads\ptr-installer-4.0.0.12824-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\o(wner\downloads\ptr-installer-4.0.0.12824-enus-downloader.exe |
"UDP Query User{1FBD6A9E-4E28-40A9-BDA2-DA69B473EC8A}C:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe |
"UDP Query User{23AD522F-742A-4305-8EB9-3DA73682625E}C:\users\public\games\world of warcraft public test\temp\wow-4.0.0.1852-to-4.0.0.1989-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\temp\wow-4.0.0.1852-to-4.0.0.1989-enus-ptr-tools-downloader.exe |
"UDP Query User{28D6911E-3065-4451-9D21-10A395A95775}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{29036A2E-C9EC-4154-96C2-E803C4521A9C}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{29C37959-9EF5-46FA-93DC-9BE00BF0F94C}C:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{35E22BF4-E41F-4FC3-9A9F-9AEB8E8F5374}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"UDP Query User{37892645-E76F-4C1D-86E1-BF153772860D}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{4225665F-65BE-47A1-8F88-9825C5D52D48}C:\program files (x86)\activision\transformers - war for cybertron\binaries\twfc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\transformers - war for cybertron\binaries\twfc.exe |
"UDP Query User{43E1BEFF-4DD7-4412-A5F0-953226DC9AFD}C:\program files (x86)\atari\tdu2 demo\uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\uplauncher.exe |
"UDP Query User{45BDBEA3-04D7-46F7-BDF9-55BE96A6976E}C:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\champions online\champions online\live\gameclient.exe |
"UDP Query User{4606473C-553B-419A-88DC-3A985D147BB1}C:\program files (x86)\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |
"UDP Query User{4B0B6723-E526-4FE3-867A-5F388FB53FCA}C:\program files\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |
"UDP Query User{4D069B1F-9CBA-43A0-9FCE-29FD8E1EDD89}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe |
"UDP Query User{4D6BEBE6-79FD-482A-8618-274CDC1D6B1C}C:\program files (x86)\starcraft ii beta\versions\base14093\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14093\sc2.exe |
"UDP Query User{50F62871-AA3B-40A8-8306-E522FF567CF9}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |
"UDP Query User{53469296-9319-4EC1-84F9-D8480E80FCF9}C:\users\public\games\world of warcraft public test\wow-0.3.3.11643-to-0.3.3.11655-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11643-to-0.3.3.11655-enus-ptr-downloader.exe |
"UDP Query User{544AD007-808F-4A94-B0F9-CB7ECC1D5ACD}C:\users\o(wner\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\o(wner\program files (x86)\dna\btdna.exe |
"UDP Query User{56268903-23AC-4B76-AA58-709A0504C8F6}C:\users\o(wner\downloads\tinyumbrella-4.21.02.exe" = protocol=17 | dir=in | app=c:\users\o(wner\downloads\tinyumbrella-4.21.02.exe |
"UDP Query User{565FFF68-C10A-4CA4-A357-E730C5FD26F8}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{58D86B28-CD6C-45E9-8A00-9E800FA51D81}C:\program files (x86)\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\left 4 dead 2\left4dead2.exe |
"UDP Query User{5A9A8887-988A-4E12-89B5-38A47439D4B8}C:\program files (x86)\microsoft games\freelancer\exe2\freelancer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\freelancer\exe2\freelancer.exe |
"UDP Query User{5AD53F90-F93E-42D1-8489-ADB76F49E11C}C:\nexon\vindictus\en-us\nmservice.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"UDP Query User{5B26C4C6-99B4-49EA-BD4E-D4B4DE904AB5}C:\users\public\games\world of warcraft public test\wow-0.3.5.12166-to-0.3.5.12196-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12166-to-0.3.5.12196-enus-ptr-downloader.exe |
"UDP Query User{5B7071F6-3CE4-4DCC-9467-CBF1819E6677}C:\program files\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{5B9132E3-3A79-4A68-B5F9-61FCBEA25256}C:\users\o(wner\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\o(wner\appdata\local\akamai\netsession_win.exe |
"UDP Query User{60F4D0E5-8320-492C-8CA1-4D1557243FBE}C:\program files (x86)\atari\tdu2 demo\_uplauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\_uplauncher.exe |
"UDP Query User{616AE7DD-ED15-4E9C-9B35-BEDEC9D51773}C:\users\public\world of warcraft public test\wow-0.3.3.11573-to-0.3.3.11599-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft public test\wow-0.3.3.11573-to-0.3.3.11599-enus-ptr-downloader.exe |
"UDP Query User{67C9461B-6CE1-47B9-9BE9-FF134F1A11D7}C:\users\public\games\world of warcraft public test\wow-0.3.3.11655-to-0.3.3.11685-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11655-to-0.3.3.11685-enus-ptr-downloader.exe |
"UDP Query User{67D3B844-5ADF-4128-93E4-DD071157C187}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{6A7D9D9C-AFFB-4C4A-99B3-0478569D369F}C:\users\o(wner\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\o(wner\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe |
"UDP Query User{6BE19A59-ACFB-45FD-A854-C838C44161FD}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"UDP Query User{6D78A48C-5AF7-4645-BC6A-24C02EE3D563}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{6E2E1A65-E826-41BF-B2AC-5BD869A5DC7E}C:\games\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\games\dead space\dead space.exe |
"UDP Query User{705E6500-B19C-44F9-AD35-6647DE2FAD79}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{74315C5B-CCF1-48AD-A537-238CC5001969}C:\games\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\games\left 4 dead 2\left4dead2.exe |
"UDP Query User{7464442A-3202-40FE-A938-9255795EB366}C:\program files (x86)\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe |
"UDP Query User{761CE0FE-625C-4324-B664-DC398D614091}C:\program files\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe |
"UDP Query User{7912E6D7-8FC8-4F67-B08D-0FE69CF135FF}C:\users\o(wner\downloads\announce_trailer_en_us.exe" = protocol=17 | dir=in | app=c:\users\o(wner\downloads\announce_trailer_en_us.exe |
"UDP Query User{79740285-5524-4E41-841B-0ACB7F682FA5}C:\users\o(wner\downloads\sc2_teaser_1080p.exe" = protocol=17 | dir=in | app=c:\users\o(wner\downloads\sc2_teaser_1080p.exe |
"UDP Query User{7B354E87-A31E-40C7-B74A-9A60B1D76826}C:\program files\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"UDP Query User{7CA033CF-2164-4455-BA06-FFFD151C5E7E}C:\program files\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"UDP Query User{811C1AAA-D16E-46C8-9050-C63D99FC0A85}C:\program files (x86)\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\portal 2\portal2.exe |
"UDP Query User{8317FDDA-D643-48CE-B317-2B472E287ED0}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{850E1AD6-77CD-4FF9-AECB-DE61079CDC1D}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{8A95E9B1-29FB-464A-A9E7-0F8B126AAD25}C:\users\public\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft public test\launcher.exe |
"UDP Query User{8C6CD1EF-72CD-4650-B5F5-98D205076E01}C:\users\public\games\world of warcraft public test\wow-0.3.5.12124-to-0.3.5.12148-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12124-to-0.3.5.12148-enus-ptr-downloader.exe |
"UDP Query User{8D1806E0-D7AE-43A0-82D2-7970071D1C05}C:\users\public\world of warcraft public test\wow-0.3.3.11623-to-0.3.3.11643-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft public test\wow-0.3.3.11623-to-0.3.3.11643-enus-ptr-downloader.exe |
"UDP Query User{90BD6964-4559-485B-9B46-0A010F7978B2}C:\program files (x86)\atari\tdu2 demo\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\tdu2 demo\testdrive2.exe |
"UDP Query User{94A7C2B7-C2D7-4B26-B735-4FCB7E3DC7CD}C:\users\public\world of warcraft public test\wow-0.3.3.11655-to-0.3.3.11685-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft public test\wow-0.3.3.11655-to-0.3.3.11685-enus-ptr-downloader.exe |
"UDP Query User{97E4BD8C-0A34-455B-9F9F-E6EE2C00F10B}C:\users\o(wner\downloads\redsn0w_win_0.9.10b2\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\o(wner\downloads\redsn0w_win_0.9.10b2\redsn0w.exe |
"UDP Query User{98B70677-51F9-4CE0-9C10-C9842DFDF88E}C:\users\public\games\world of warcraft public test\wow-0.3.5.12148-to-0.3.5.12166-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12148-to-0.3.5.12166-enus-ptr-downloader.exe |
"UDP Query User{990FB898-0E16-4627-8752-79E67A26A0EC}C:\Program Files (x86)\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dead island\deadislandgame.exe |
"UDP Query User{9C5EC4AB-D03E-48D1-9E19-23DD64564D80}C:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe |
"UDP Query User{A2F396E1-3392-4558-AFC5-493E37583973}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{AFF60530-A999-4B81-8048-29BB1E76179A}C:\program files (x86)\saints row 2\sr2_pc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\saints row 2\sr2_pc.exe |
"UDP Query User{B150A904-755C-4608-98F5-6F0B1788A023}C:\program files\world of warcraft\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |
"UDP Query User{B2068664-EE51-4F8C-B6E4-7293880C14B2}C:\program files (x86)\entropia universe\bin32\entropia.exe" = protocol=17 | dir=in | app=c:\program files (x86)\entropia universe\bin32\entropia.exe |
"UDP Query User{B263B429-3B94-43F1-810C-865E62FD74FF}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{B4D70C6D-6738-4013-8B02-52E372C6BE3E}C:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"UDP Query User{B52E002F-BB2D-4285-9D66-CE09E8A305D3}C:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{BAC8C4AC-AF91-4A93-8986-6320584AC9F9}C:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{BBAC7991-4ADE-475D-8C27-4BF16CBB0F4C}C:\program files (x86)\steam\steamapps\flashkillers\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\team fortress 2\hl2.exe |
"UDP Query User{BCE21901-3C7B-45A6-9E93-F313338B8EAE}C:\users\public\games\world of warcraft public test\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\blizzard downloader.exe |
"UDP Query User{BDDFE2CD-8B5D-4333-9665-32ABAA608B3A}C:\program files (x86)\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\portal 2\portal2.exe |
"UDP Query User{C1DF6FC6-8371-4E61-909F-921B45076071}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"UDP Query User{C655DFB6-CCFD-4889-B74F-F4ECD494D5A0}C:\users\public\games\world of warcraft public test\wow-0.3.5.11993-to-0.3.5.12045-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.11993-to-0.3.5.12045-enus-ptr-downloader.exe |
"UDP Query User{CAEACF9C-1FBB-4151-B1C2-B83A6334F473}C:\users\o(wner\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\o(wner\program files (x86)\dna\btdna.exe |
"UDP Query User{CBDECF7F-8AF1-4302-9E11-840B9457984A}C:\program files\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{D9620C00-2B93-4322-86E9-666383C2151B}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{D9FDE7F5-5F3D-47BD-AA27-7F2B41ACA26A}C:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"UDP Query User{DE20B445-68C5-44ED-997F-CFE0EF3BE589}C:\users\public\games\world of warcraft public test\wow-0.3.5.12045-to-0.3.5.12124-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12045-to-0.3.5.12124-enus-ptr-downloader.exe |
"UDP Query User{DFE3C9F6-AF69-4E39-9857-2E6789F8CD64}C:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{E0D70652-5C92-46B3-8478-B57F2C3507F0}C:\program files\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{E1219C03-8043-4D71-A5C3-EFCB362CB068}C:\users\o(wner\downloads\tinyumbrella-4.21.01.exe" = protocol=17 | dir=in | app=c:\users\o(wner\downloads\tinyumbrella-4.21.01.exe |
"UDP Query User{E13D3E48-6C54-4AD0-AF34-98078722F23F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{E22FF550-C07E-4BE1-893B-431EDB2D4ED7}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{E4931420-8D75-486F-A8FF-023D3E4CDC7B}C:\program files (x86)\outspark\divine souls\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\outspark\divine souls\client.exe |
"UDP Query User{E6557CEB-4E16-49C0-90CD-DAACC560E5C8}C:\users\o(wner\downloads\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\o(wner\downloads\starcraft_2_na_en-us.exe |
"UDP Query User{E99A5EFE-7FE2-470D-9298-EFFD38098730}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{EA5C7984-34CF-4DCC-9E44-BABDEFB3022C}C:\program files\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12340-x86-win-enus-bkgnd-downloader.exe |
"UDP Query User{F18CD93B-61B1-4F2D-AEA6-2D75BE4E0877}C:\program files\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"UDP Query User{F23F7E5A-CE05-4A9A-B9B9-B387C1AB75FB}C:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"UDP Query User{F3E0E991-E81A-4FA9-9692-97B3932A13A3}C:\program files (x86)\electronic arts\medal of honor mp beta\mohmpgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor mp beta\mohmpgame.exe |
"UDP Query User{F4ECABB2-4694-4DBE-B8B8-E69313C43804}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"UDP Query User{F72C751B-7E36-4293-9D01-33820B1CD9BB}C:\program files (x86)\steam\steamapps\flashkillers\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\flashkillers\insurgency\hl2.exe |
"UDP Query User{F946F52E-DE98-4642-9073-AF69FD9758DF}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{FA337DF9-47D1-43F3-9CE2-CAB699435DC1}C:\program files (x86)\realtime worlds\apb north america\binaries\apb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\realtime worlds\apb north america\binaries\apb.exe |
"UDP Query User{FED228C5-213D-49FE-8D1D-F778556BEA91}C:\users\o(wner\downloads\anarchyonline_18.1.1-large.exe" = protocol=17 | dir=in | app=c:\users\o(wner\downloads\anarchyonline_18.1.1-large.exe |
"UDP Query User{FF9E3525-5ADE-4A2F-BCFD-AFF2F9BFFDBA}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel® Network Connections 14.8.43.0
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{24190661-2122-40D1-9F7C-8FDEA5AE4197}" = Microsoft Windows Performance Toolkit
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java™ 6 Update 29 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A7CA92E-C518-9C36-3105-B087DCE86887}" = ccc-utility64
"{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSetDX" = Intel® Network Connections 14.8.43.0
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0F82F47A-52CD-49C8-8960-404FF6487C7C}" = Path of Exile
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
"{14E94112-5F6B-4049-B177-4C7E69D3C3A0}_is1" = Dragonica Online
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks Closed Beta v.0.5.4.1
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Activision®
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF001}" = Global Agenda Live
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3CDC9034-9505-BABE-215A-3250EC111E5E}" = Catalyst Control Center HydraVision Full
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40a87585-3dea-47d0-8aac-c7c19689b431}" = Nero 9 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A25BF3A-5AA3-62F8-7AE1-412107673F42}" = Catalyst Control Center Graphics Light
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}" = Global Agenda Launcher
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{82442D8F-A2B7-4038-A62E-3DDC75215AAA}" = Catalyst Control Center Core Implementation
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87D00EFA-985C-DFEF-0FE1-92AB2EC328C9}" = Catalyst Control Center Graphics Previews Vista
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD970EF-2149-4775-B0A1-69B06945868D}" = Panda Global Protection 2010
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95723791-2C44-454B-9220-C65D47D70E9C}" = WEBZEN Browser Extension
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}" = Psychonauts
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B0C539DC-FFA1-75FD-5FDF-4D1B766A527D}" = Catalyst Control Center Graphics Full New
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B32FBC93-9E8B-4FDB-B927-840F998B4196}" = SWWT Mod Client Version 1.4
"{B3406FEC-334B-4487-ADE0-2A36A549FB9F}" = ToZ - Pandemonium 2.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B672D77A-8BA3-24EF-3421-8FB8E35E2A8D}" = Catalyst Control Center InstallProxy
"{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1" = ACR version 0.001
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DA94DBCB-FA7B-7746-DDDE-1173F06D633A}" = Catalyst Control Center Graphics Full Existing
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE51FC86-7F89-D281-FCB1-A78BFE0C9044}" = ccc-core-static
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1" = Rappelz_US
"{EB1F288D-4835-6D99-B9F4-09983AA60B17}" = Catalyst Control Center Graphics Previews Common
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0AB2BE7-1C66-B4FE-DA8C-127CE781E893}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F9448646-B1A1-46F4-82E1-8304AFEABD5F}" = Panda Global Protection 2010
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.06.00.8025
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface Service
"Anarchy Online_is1" = Anarchy Online
"APB Reloaded" = APB Reloaded
"avast" = avast! Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BearShare" = BearShare
"CCleaner" = CCleaner
"Crossfire" = Crossfire1.9 (remove only)
"Deus Ex" = Deus Ex
"Diablo II" = Diablo II
"Diamond Multimedia 11.8 2400-6900 PCIe Win7Vista" = Diamond Multimedia 11.8 2400-6900 PCIe Win7Vista
"Entropia Universe" = Entropia Universe
"ESN Sonar" = ESN Sonar
"Fallout New Vegas_is1" = Fallout New Vegas
"FAM" = FAM 1.0.0.0
"Freelancer 1.0" = Freelancer
"FrostWire" = FrostWire 4.21.6
"GamersFirst LIVE!" = GamersFirst LIVE!
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Registration" = Gateway Registration
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"Guild Wars" = Guild Wars
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2A96D655-4FEF-4512-9468-0AABA70CD389}" = Transformers™ - War for Cybertron™
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"KitsuSaga" = KitsuSaga
"L4D2SP" = Left 4 Dead 2 Standalone Patch™
"LimeWire" = LimeWire 5.5.16
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA" = MTA:SA v1.0.4
"Nehrim - At Fate's Edge_is1" = NehrimUninstaller
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OpenAL" = OpenAL
"Origin" = Origin
"Plants vs. Zombies" = Plants vs. Zombies
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Rockstar Games Social Club" = Rockstar Games Social Club
"ST6UNST #1" = Hero Editor V1.03
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"StarCraft II" = StarCraft II
"Steam App 102800" = Darkspore Beta
"Steam App 104700" = Super Monday Night Combat
"Steam App 106010" = Pandora Saga: Weapons of Balance
"Steam App 109410" = Brawl Busters
"Steam App 12910" = Audiosurf Demo
"Steam App 17520" = Synergy
"Steam App 17530" = D.I.P.R.I.P. Warm Up
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 17700" = Insurgency
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 33310" = R.U.S.E. Free Week End
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 35150" = Lara Croft and the Guardian of Light Demo
"Steam App 36620" = Forsaken World
"Steam App 38830" = Crimecraft: BLEEDOUT
"Steam App 400" = Portal
"Steam App 41500" = Torchlight
"Steam App 42120" = Lead and Gold - Gangs of the Wild West
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 520" = Team Fortress 2 Beta
"Steam App 630" = Alien Swarm
"Steam App 8510" = EVE Online Demo
"Steam App 99900" = Spiral Knights
"Test Drive Unlimited 2 Demo_is1" = Test Drive Unlimited 2 Demo
"TmNationsForever_is1" = TmNationsForever
"Two Worlds II" = Two Worlds II
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"uTorrent" = µTorrent
"Vindictus" = Vindictus
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Xfire" = Xfire (remove only)
"ZillaTube" = ZillaTube 4.7.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-752240563-1020075330-1848928621-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"090215de958f1060" = Curse Client
"Akamai" = Akamai NetSession Interface
"BitTorrent DNA" = DNA
"Crossfire 1.9" = Crossfire 1.9
"SOE-Pirates of the Burning Sea (English)" = Pirates of the Burning Sea (English)
"Star Wars Movie Duels 2" = Star Wars Movie Duels 2
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/08/2011 12:16:52 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 22589007

Error - 01/08/2011 12:16:52 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 22589007

Error - 01/08/2011 12:16:53 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/08/2011 12:16:53 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 22590006

Error - 01/08/2011 12:16:53 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 22590006

Error - 01/08/2011 12:16:54 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/08/2011 12:16:54 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 22591004

Error - 01/08/2011 12:16:54 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 22591004

Error - 01/08/2011 12:16:55 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/08/2011 12:16:55 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 22592002

[ Media Center Events ]
Error - 02/10/2011 9:01:48 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 6:01:47 PM - Error connecting to the internet. 6:01:47 PM - Unable
to contact server..

[ System Events ]
Error - 20/05/2012 12:58:18 PM | Computer Name = Owner-PC | Source = Application Popup | ID = 875
Description = Driver atksgt.sys has been blocked from loading.

Error - 20/05/2012 12:58:18 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%1275

Error - 20/05/2012 12:58:50 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 20/05/2012 2:41:25 PM | Computer Name = Owner-PC | Source = Application Popup | ID = 875
Description = Driver atksgt.sys has been blocked from loading.

Error - 20/05/2012 2:41:25 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%1275

Error - 20/05/2012 2:41:35 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 20/05/2012 2:59:31 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:57:21 PM on ?20/?05/?2012 was unexpected.

Error - 20/05/2012 2:59:39 PM | Computer Name = Owner-PC | Source = Application Popup | ID = 875
Description = Driver atksgt.sys has been blocked from loading.

Error - 20/05/2012 2:59:39 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%1275

Error - 20/05/2012 3:00:06 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#5
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
User returned.
  • 0

#6
Pizzatrooper

Pizzatrooper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hey,

sorry about that, and thank you very much for reopening this topic for me.

Regarding the Graphics card update, before I have an ATI Radeon HD 4600 installed and now i have a Gigabyte Nvidia Geforce GTX 550 Ti. I installed this new card two weeks ago. The issues seem to have been unaltered and remain random and quite a nuisance.

I have the aswMBR and the OTL scan logs here.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-28 23:37:48
-----------------------------
23:37:48.205	OS Version: Windows x64 6.1.7601 Service Pack 1
23:37:48.205	Number of processors: 4 586 0x170A
23:37:48.206	ComputerName: OWNER-PC  UserName: O(wner
23:37:51.713	Initialize success
23:41:18.280	AVAST engine defs: 12052800
23:43:49.578	Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:43:49.580	Disk 0 Vendor: ST310005 CC44 Size: 953869MB BusType: 8
23:43:49.583	Disk 0 MBR read successfully
23:43:49.585	Disk 0 MBR scan
23:43:49.589	Disk 0 Windows 7 default MBR code
23:43:49.597	Disk 0 Partition 1 00 	27 Hidden NTFS WinRE NTFS    	15360 MB offset 2048
23:43:49.616	Disk 0 Partition 2 80 (A) 07	HPFS/NTFS NTFS      	100 MB offset 31459328
23:43:49.630	Disk 0 Partition 3 00 	07	HPFS/NTFS NTFS   	938407 MB offset 31664128
23:43:49.661	Disk 0 scanning C:\Windows\system32\drivers
23:44:04.023	Service scanning
23:44:36.548	Modules scanning
23:44:36.555	Disk 0 trace - called modules:
23:44:36.576	ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spuq.sys hal.dll 
23:44:36.907	1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008a0c060]
23:44:36.911	3 CLASSPNP.SYS[fffff88001b8843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b8a050]
23:44:45.320	AVAST engine scan C:\Windows
23:44:50.308	AVAST engine scan C:\Windows\system32
23:49:24.163	AVAST engine scan C:\Windows\system32\drivers
23:49:42.012	AVAST engine scan C:\Users\O(wner
00:17:24.403	AVAST engine scan C:\ProgramData
00:25:41.108	Scan finished successfully
12:44:33.005	Disk 0 MBR has been saved successfully to "C:\Users\O(wner\Desktop\MBR.dat"
12:44:33.067	The log file has been saved successfully to "C:\Users\O(wner\Desktop\aswMBR.txt"

OTL logfile created on: 29/05/2012 12:50:37 PM - Run 2
OTL by OldTimer - Version 3.2.43.1 	Folder = C:\Users\O(wner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
8.00 Gb Total Physical Memory | 5.40 Gb Available Physical Memory | 67.53% Memory free
16.00 Gb Paging File | 13.13 Gb Available in Paging File | 82.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 151.00 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive D: | 1.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: OWNER-PC | User Name: O(wner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/05/20 15:43:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\O(wner\Desktop\OTL.exe
PRC - [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/15 22:13:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\O(wner\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/29 18:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/12 15:58:52 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/07/20 15:07:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 07:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/03/05 18:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2009/01/26 17:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/05/18 05:40:34 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/14 16:28:31 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/14 16:28:25 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/14 16:28:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/14 16:28:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/14 16:28:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/14 16:27:50 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/29 13:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/11/19 16:39:03 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/06/12 17:37:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
MOD - [2009/06/12 17:37:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
MOD - [2009/02/02 18:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2012/04/05 20:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/05/25 21:04:53 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/19 00:47:51 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/18 05:40:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/15 22:13:37 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/05 13:50:06 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 18:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/08/30 10:08:31 | 003,673,416 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/28 13:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 07:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012/04/05 23:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2012/04/05 23:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2012/04/05 19:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/01/17 06:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2011/05/10 09:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:[b]64bit:[/b] - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/09/29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation                       	) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:[b]64bit:[/b] - [2010/06/24 15:48:26 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:[b]64bit:[/b] - [2010/06/24 15:42:41 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:[b]64bit:[/b] - [2009/12/29 12:33:14 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2009/10/20 15:22:54 | 000,289,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
DRV:[b]64bit:[/b] - [2009/08/09 15:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:[b]64bit:[/b] - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/06/04 15:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2009/06/04 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:[b]64bit:[/b] - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:[b]64bit:[/b] - [2009/02/24 20:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2011/11/24 17:44:44 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/24 21:46:50 | 000,032,256 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2005/01/03 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4822&r=173612096106p0315v1m5k48j1r289
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4822&r=173612096106p0315v1m5k48j1r289
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4822&r=173612096106p0315v1m5k48j1r289
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4822&r=173612096106p0315v1m5k48j1r289
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enCA360
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\SearchScopes\{9B524586-101F-4485-8A48-FA85EBA5AF07}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "WebSearch+"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.27.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.53.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\O(wner\Program Files (x86)\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\O(wner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/18 05:40:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/19 14:40:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\O(wner\Program Files (x86)\DNA
 
[2010/03/28 17:56:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O(wner\AppData\Roaming\mozilla\Extensions
[2010/03/01 21:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O(wner\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/03/28 17:56:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O(wner\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/05/13 19:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O(wner\AppData\Roaming\mozilla\Firefox\Profiles\ki5slr9j.default\extensions
[2010/01/29 01:22:04 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\O(wner\AppData\Roaming\mozilla\Firefox\Profiles\ki5slr9j.default\extensions\[email protected]
[2011/04/18 23:54:10 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\O(wner\AppData\Roaming\mozilla\Firefox\Profiles\ki5slr9j.default\extensions\[email protected]
[2012/05/13 19:50:04 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\O(wner\AppData\Roaming\mozilla\Firefox\Profiles\ki5slr9j.default\extensions\[email protected]
[2009/12/29 12:34:36 | 000,002,055 | ---- | M] () -- C:\Users\O(wner\AppData\Roaming\Mozilla\Firefox\Profiles\ki5slr9j.default\searchplugins\daemon-search.xml
[2012/05/18 05:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/08 19:26:46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/05/18 05:40:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/09 23:14:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/30 13:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2012/03/05 17:44:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/05 17:44:34 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\O(wner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: NPGameWebStarter (Enabled) = C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\O(wner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\O(wner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\O(wner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\O(wner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\O(wner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/05/17 21:19:23 | 000,442,912 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1   	localhost
O1 - Hosts: ::1         	localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 15219 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000..\Run: [Akamai NetSession Interface] C:\Users\O(wner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000..\Run: [PlayNC Launcher]  File not found
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1007..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1007..\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default File not found
O4 - Startup: C:\Users\O(wner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31605AD6-16B8-409C-A095-E64AFC3FCE3D}: DhcpNameServer = 70.28.245.255 204.101.237.136
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1625B52-AB65-4B47-A8B5-B34618929125}: DhcpNameServer = 10.0.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\avldr: DllName - (avldr64.dll) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/17 23:54:13 | 000,000,000 | ---- | M] () - C:\Autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/07 01:04:31 | 000,000,000 | ---D | M] - D:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [2004/09/26 21:24:38 | 000,000,041 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4846c4e3-8156-11df-a94f-00251187aeab}\Shell - "" = AutoRun
O33 - MountPoints2\{4846c4e3-8156-11df-a94f-00251187aeab}\Shell\AutoRun\command - "" = J:\Install.exe
O33 - MountPoints2\{5b1cf7a9-ce89-11de-aa9f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5b1cf7a9-ce89-11de-aa9f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{f56de313-f4a8-11de-8071-00251187aeab}\Shell - "" = AutoRun
O33 - MountPoints2\{f56de313-f4a8-11de-8071-00251187aeab}\Shell\AutoRun\command - "" = J:\autorun.exe -auto
O33 - MountPoints2\{f56de32b-f4a8-11de-8071-00251187aeab}\Shell - "" = AutoRun
O33 - MountPoints2\{f56de32b-f4a8-11de-8071-00251187aeab}\Shell\AutoRun\command - "" = K:\EN_Fallout_3_DLC.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/05/28 23:37:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\O(wner\Desktop\aswMBR.exe
[2012/05/28 23:09:37 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{693B30B0-8053-4CCD-BED0-E1B3519D6B4B}
[2012/05/23 21:36:57 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{3CF8753E-EB7C-4D7F-870C-88B638F4B18A}
[2012/05/23 21:36:29 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{F5D8ADE8-1C10-44DC-9CA1-8E26695B8E89}
[2012/05/21 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{D1281D15-67B5-472C-B722-20B3B5B5744A}
[2012/05/21 18:13:37 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{9C48E31B-BE91-4D20-A37E-D6D0AAEEE960}
[2012/05/21 18:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/21 18:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/20 22:58:43 | 000,000,000 | ---D | C] -- C:\Users\O(wner\Desktop\Blacklight Retribution
[2012/05/20 15:43:39 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\O(wner\Desktop\OTL.exe
[2012/05/20 12:43:50 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{9C03E7D4-0CF5-4893-AB80-C552E0D7A812}
[2012/05/20 12:43:42 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{5A0BDA2C-CB69-4C13-B94C-D5F8DFBC7CE6}
[2012/05/19 14:25:15 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{6DF4016D-ADC1-4D27-9533-9C2C34CD17DD}
[2012/05/19 14:25:06 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{F73C4588-4720-4598-8C29-2C5CC4F37C57}
[2012/05/18 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{F2807430-78ED-46E5-BB64-8FE7D111A2D3}
[2012/05/18 16:35:38 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{59D0B2A9-BD86-4DE1-B292-69DAB6D976D3}
[2012/05/18 16:35:19 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{6A940B3C-228D-490B-9B55-B8D24298DC8E}
[2012/05/18 05:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/18 05:40:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/17 19:10:33 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{4F188177-8A05-4505-ADF5-05900C5C0800}
[2012/05/16 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Roaming\NVIDIA
[2012/05/16 20:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/05/16 20:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/05/16 20:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/05/16 20:06:39 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/05/16 20:06:39 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/05/16 20:05:52 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/05/16 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{5A60B7AE-363F-4095-83FC-6E079BB963CE}
[2012/05/16 20:00:16 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{47C28517-C3C3-413F-BB41-8FDD41B479AB}
[2012/05/16 19:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/05/16 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{7225A80F-198E-4355-839B-0F778AB6C505}
[2012/05/15 21:57:39 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/05/15 19:23:49 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{16212783-1848-4E1C-93B0-F6648A60DC34}
[2012/05/15 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{BEC451F9-2FB3-4875-A1D6-FC6668A6F89D}
[2012/05/15 18:51:16 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\28050
[2012/05/15 18:51:15 | 000,000,000 | ---D | C] -- C:\Users\O(wner\Documents\ALI213
[2012/05/15 18:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
[2012/05/15 18:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Square Enix
[2012/05/15 17:04:42 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{C6D275E8-DBE4-421E-B408-544678288F5B}
[2012/05/14 22:17:39 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{2C8D775D-3B62-4349-93A8-DAE6E709B457}
[2012/05/14 22:10:08 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diamond Multimedia 11.8 2400-6900 PCIe Win7Vista
[2012/05/14 22:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diamond Multimedia 11.8 2400-6900 PCIe Win7Vista
[2012/05/14 22:07:43 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{622462DC-1E35-4574-8C79-099B1AB7232F}
[2012/05/14 22:06:26 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{B139E4A0-C447-4641-8570-B22B091A4C02}
[2012/05/14 17:57:01 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{89C9CFB7-7FC2-4447-BE10-0472264329C7}
[2012/05/14 17:18:20 | 000,000,000 | ---D | C] -- C:\Users\O(wner\Documents\The Lord of the Rings Online
[2012/05/14 17:18:20 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\The Lord of the Rings Online
[2012/05/14 16:41:09 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\Turbine
[2012/05/14 03:02:29 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\ApplicationHistory
[2012/05/14 03:00:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012/05/14 03:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
[2012/05/14 02:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine
[2012/05/13 17:12:27 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{44EC5741-4346-4F9B-A4AB-A58F5873D3A4}
[2012/05/13 17:12:02 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{44EF47F0-57D6-4CF8-BA9A-BA4070571CF9}
[2012/04/30 11:49:21 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{45B2DD22-AA69-42BA-8BD6-56EBDEEF34D0}
[2012/04/29 15:17:24 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{2EC1D4CF-7E07-4EDA-B098-3E89BC24B9C6}
[2012/04/29 15:16:43 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{C132F533-DDFF-451E-AAF9-0536BC09974B}
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/05/29 12:44:33 | 000,000,512 | ---- | M] () -- C:\Users\O(wner\Desktop\MBR.dat
[2012/05/29 12:44:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/29 09:00:00 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - O(wner - Full System Scan.job
[2012/05/28 23:44:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/28 23:37:29 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\O(wner\Desktop\aswMBR.exe
[2012/05/28 23:17:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 23:17:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 23:14:01 | 000,802,480 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/28 23:14:01 | 000,679,716 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/28 23:14:01 | 000,132,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/28 23:08:48 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/05/28 23:08:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/28 23:08:18 | 2146,807,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/23 21:45:38 | 000,002,309 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/21 18:05:11 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/21 18:05:02 | 000,807,882 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/20 22:59:09 | 000,000,482 | ---- | M] () -- C:\Users\O(wner\Desktop\Resume Download of Blacklight Retribution.url
[2012/05/20 15:43:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\O(wner\Desktop\OTL.exe
[2012/05/19 14:40:51 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/05/19 00:47:13 | 000,000,222 | ---- | M] () -- C:\Users\O(wner\Desktop\Super Monday Night Combat.url
[2012/05/19 00:43:16 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/19 00:40:54 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/05/19 00:40:54 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/05/19 00:40:54 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Global Agenda Live.lnk
[2012/05/17 21:19:23 | 000,442,912 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/16 21:05:45 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/05/16 21:05:45 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/15 22:13:47 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/05/15 22:13:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/15 18:50:54 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\Deus Ex - Human Revolution.lnk
[2012/05/15 18:21:09 | 000,007,603 | ---- | M] () -- C:\Users\O(wner\AppData\Local\Resmon.ResmonCfg
[2012/05/14 16:41:12 | 000,000,094 | ---- | M] () -- C:\Users\O(wner\AppData\Local\fusioncache.dat
[2012/05/14 16:27:11 | 000,365,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/14 09:00:00 | 000,000,670 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/05/14 03:00:35 | 000,002,242 | ---- | M] () -- C:\Users\O(wner\Application Data\Microsoft\Internet Explorer\Quick Launch\The Lord of the Rings Online.lnk
[2012/05/14 03:00:35 | 000,002,218 | ---- | M] () -- C:\Users\O(wner\Desktop\The Lord of the Rings Online.lnk
[2012/05/13 20:53:28 | 000,000,187 | ---- | M] () -- C:\Users\Public\Desktop\ijji.url
[2012/05/13 20:53:22 | 000,002,052 | ---- | M] () -- C:\Users\O(wner\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2012/05/13 20:53:21 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2012/05/13 19:02:01 | 000,007,597 | ---- | M] () -- C:\Windows\WinInit.Ini
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/05/29 12:44:33 | 000,000,512 | ---- | C] () -- C:\Users\O(wner\Desktop\MBR.dat
[2012/05/21 18:05:11 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/21 18:05:05 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/20 22:59:09 | 000,000,482 | ---- | C] () -- C:\Users\O(wner\Desktop\Resume Download of Blacklight Retribution.url
[2012/05/19 00:47:13 | 000,000,222 | ---- | C] () -- C:\Users\O(wner\Desktop\Super Monday Night Combat.url
[2012/05/19 00:43:16 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/19 00:40:54 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/05/19 00:40:54 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/05/19 00:40:54 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\Global Agenda Live.lnk
[2012/05/16 20:11:41 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/05/16 20:06:39 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/05/15 18:50:54 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\Deus Ex - Human Revolution.lnk
[2012/05/14 16:41:12 | 000,000,094 | ---- | C] () -- C:\Users\O(wner\AppData\Local\fusioncache.dat
[2012/05/14 03:00:35 | 000,002,242 | ---- | C] () -- C:\Users\O(wner\Application Data\Microsoft\Internet Explorer\Quick Launch\The Lord of the Rings Online.lnk
[2012/05/14 03:00:35 | 000,002,218 | ---- | C] () -- C:\Users\O(wner\Desktop\The Lord of the Rings Online.lnk
[2012/05/13 20:53:26 | 000,000,187 | ---- | C] () -- C:\Users\Public\Desktop\ijji.url
[2012/05/13 20:53:21 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/02/14 20:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 20:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/12/21 00:24:30 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/10/25 23:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/13 14:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/28 01:15:42 | 000,000,008 | -HS- | C] () -- C:\Users\O(wner\AppData\Roaming\date
[2011/07/28 01:15:41 | 000,000,002 | -HS- | C] () -- C:\Users\O(wner\AppData\Roaming\evf6
[2011/01/15 03:26:52 | 000,003,584 | ---- | C] () -- C:\Users\O(wner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/18 03:14:47 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/12/18 03:14:47 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/11/28 23:30:07 | 000,013,734 | ---- | C] () -- C:\Users\O(wner\AppData\Roaming\UserTile.png
[2010/10/08 15:34:54 | 000,807,882 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/26 23:27:43 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/09/13 00:04:14 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/06/16 23:56:28 | 002,419,568 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/03 23:36:30 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/10/15 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\.minecraft
[2011/01/15 03:20:38 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\BearShare
[2010/12/18 03:27:04 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\BugTrap Console Test108
[2011/05/26 18:21:07 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Canneverbe Limited
[2010/01/01 14:05:08 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\DAEMON Tools Lite
[2011/04/02 20:04:01 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\DarksporeData
[2010/04/07 00:13:56 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\DNA
[2010/02/23 21:39:30 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Downloaded Installations
[2011/12/13 14:16:35 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\FrostWire
[2010/01/01 14:32:07 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\FUEL Demo
[2011/07/16 00:41:04 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Hi-Rez Studios
[2012/05/13 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\ijjigame
[2010/11/07 18:28:02 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\LimeWire
[2010/12/18 18:26:16 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\LolClient
[2010/04/21 17:44:31 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Mount&Blade Warband
[2011/01/15 03:26:24 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\MusicNet
[2010/09/05 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Need for Speed World
[2011/04/17 18:11:13 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\OpenOffice.org
[2011/07/28 17:31:53 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Origin
[2010/02/17 23:54:13 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Panda Security
[2011/05/07 20:26:23 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\PunkBuster
[2012/02/22 21:47:08 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\redsn0w
[2011/02/05 02:09:24 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\RIFT
[2010/02/21 01:00:50 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\runic games
[2012/02/22 22:56:23 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\SystemRequirementsLab
[2010/12/01 16:43:31 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Template
[2010/04/25 16:19:48 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\The Creative Assembly
[2010/02/23 20:58:44 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Unity
[2012/05/15 05:45:28 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\uTorrent
[2010/10/11 01:09:10 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\W
[2010/10/11 01:04:52 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\wargaming.net
[2010/11/18 18:21:29 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Windows Live Writer
[2010/04/13 00:42:28 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\ZombieDriver
[2012/05/14 09:00:00 | 000,000,670 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/01/06 02:00:00 | 000,000,520 | ---- | M] () -- C:\Windows\Tasks\Basic clean-up.job
[2012/05/16 19:14:57 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >[/color]
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{31605AD6-16B8-409C-A095-E64AFC3FCE3D}]
"NameServerList" =  [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{EA8713C9-52CC-42DD-A388-B7B0CCC5398B}]
"NameServerList" =  [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F1625B52-AB65-4B47-A8B5-B34618929125}]
"NameServerList" =  [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >[/color]
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 05 01 01 01 00 01 04 01 03 01 08 01 06 01 02  [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/18 05:40:31 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/18 05:40:31 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/18 05:40:31 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/11/30 23:09:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/11/30 23:09:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/11/30 23:09:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/11/30 23:09:41 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/11/30 23:09:41 | 000,748,336 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/05/18 05:40:31 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/05/18 05:40:31 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/05/18 05:40:31 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/11/30 23:09:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/11/30 23:09:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/11/30 23:09:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/11/30 23:09:41 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/11/30 23:09:41 | 000,748,336 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color]
 
[color=#A23BEC]< C:\Program Files\Common Files\ComObjects\*.* /s >[/color]
 
[color=#A23BEC]< C:\windows\*. /RP /s >[/color]
 
[color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color]
 
[color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color]
 
[color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color]
 
[color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color]
 
[color=#A23BEC]< type c:\diskreport.txt /c >[/color]
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: OWNER-PC
  Volume ###  Ltr  Label    	Fs 	Type    	Size 	Status 	Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0 	D   GV-N550_11   CDFS   DVD-ROM 	1075 MB  Healthy        	
  Volume 1     	SYSTEM RESE  NTFS   Partition	100 MB  Healthy	System  
  Volume 2 	C   Gateway  	NTFS   Partition	916 GB  Healthy	Boot	
  Volume 3     	PQSERVICE	NTFS   Partition 	15 GB  Healthy	Hidden  
  Volume 4 	E                   	Removable   	0 B  No Media       	
  Volume 5 	F                   	Removable   	0 B  No Media       	
  Volume 6 	G                   	Removable   	0 B  No Media       	
  Volume 7 	H                   	Removable   	0 B  No Media       	
  Volume 8 	I                   	Removable   	0 B  No Media       	
 
[color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color]
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

Edited by Pizzatrooper, 29 May 2012 - 12:59 PM.

  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
I am posting this log without code box. Please post like this in the future ;)


OTL logfile created on: 29/05/2012 12:50:37 PM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\O(wner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.40 Gb Available Physical Memory | 67.53% Memory free
16.00 Gb Paging File | 13.13 Gb Available in Paging File | 82.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 151.00 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive D: | 1.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: O(wner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/20 15:43:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\O(wner\Desktop\OTL.exe
PRC - [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/15 22:13:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\O(wner\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/29 18:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/12 15:58:52 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/07/20 15:07:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 07:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/03/05 18:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2009/01/26 17:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/18 05:40:34 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/14 16:28:31 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/14 16:28:25 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/14 16:28:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/14 16:28:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/14 16:28:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/14 16:27:50 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/29 13:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/11/19 16:39:03 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/06/12 17:37:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
MOD - [2009/06/12 17:37:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
MOD - [2009/02/02 18:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 20:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/05/25 21:04:53 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/19 00:47:51 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/18 05:40:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/15 22:13:37 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/05 13:50:06 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 18:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/08/30 10:08:31 | 003,673,416 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/28 13:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 07:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/05 23:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/05 23:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 19:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/17 06:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/10 09:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/06/24 15:48:26 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/06/24 15:42:41 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/12/29 12:33:14 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/20 15:22:54 | 000,289,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/08/09 15:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 15:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/04 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/02/24 20:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2011/11/24 17:44:44 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/24 21:46:50 | 000,032,256 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2005/01/03 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...15v1m5k48j1r289
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...15v1m5k48j1r289
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...15v1m5k48j1r289
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...15v1m5k48j1r289
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACGW_enCA360
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\SearchScopes\{9B524586-101F-4485-8A48-FA85EBA5AF07}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "WebSearch+"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.27.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.53.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\O(wner\Program Files (x86)\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\O(wner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/18 05:40:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/19 14:40:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\O(wner\Program Files (x86)\DNA

[2010/03/28 17:56:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O(wner\AppData\Roaming\mozilla\Extensions
[2010/03/01 21:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O(wner\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/03/28 17:56:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O(wner\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/05/13 19:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O(wner\AppData\Roaming\mozilla\Firefox\Profiles\ki5slr9j.default\extensions
[2010/01/29 01:22:04 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\O(wner\AppData\Roaming\mozilla\Firefox\Profiles\ki5slr9j.default\extensions\[email protected]
[2011/04/18 23:54:10 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\O(wner\AppData\Roaming\mozilla\Firefox\Profiles\ki5slr9j.default\extensions\[email protected]
[2012/05/13 19:50:04 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\O(wner\AppData\Roaming\mozilla\Firefox\Profiles\ki5slr9j.default\extensions\[email protected]
[2009/12/29 12:34:36 | 000,002,055 | ---- | M] () -- C:\Users\O(wner\AppData\Roaming\Mozilla\Firefox\Profiles\ki5slr9j.default\searchplugins\daemon-search.xml
[2012/05/18 05:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/08 19:26:46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/05/18 05:40:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/09 23:14:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/30 13:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2012/03/05 17:44:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/05 17:44:34 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\O(wner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: NPGameWebStarter (Enabled) = C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\O(wner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\O(wner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\O(wner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\O(wner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\O(wner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/17 21:19:23 | 000,442,912 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 15219 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000..\Run: [Akamai NetSession Interface] C:\Users\O(wner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1007..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-752240563-1020075330-1848928621-1007..\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default File not found
O4 - Startup: C:\Users\O(wner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31605AD6-16B8-409C-A095-E64AFC3FCE3D}: DhcpNameServer = 70.28.245.255 204.101.237.136
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1625B52-AB65-4B47-A8B5-B34618929125}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/17 23:54:13 | 000,000,000 | ---- | M] () - C:\Autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/07 01:04:31 | 000,000,000 | ---D | M] - D:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [2004/09/26 21:24:38 | 000,000,041 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4846c4e3-8156-11df-a94f-00251187aeab}\Shell - "" = AutoRun
O33 - MountPoints2\{4846c4e3-8156-11df-a94f-00251187aeab}\Shell\AutoRun\command - "" = J:\Install.exe
O33 - MountPoints2\{5b1cf7a9-ce89-11de-aa9f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5b1cf7a9-ce89-11de-aa9f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{f56de313-f4a8-11de-8071-00251187aeab}\Shell - "" = AutoRun
O33 - MountPoints2\{f56de313-f4a8-11de-8071-00251187aeab}\Shell\AutoRun\command - "" = J:\autorun.exe -auto
O33 - MountPoints2\{f56de32b-f4a8-11de-8071-00251187aeab}\Shell - "" = AutoRun
O33 - MountPoints2\{f56de32b-f4a8-11de-8071-00251187aeab}\Shell\AutoRun\command - "" = K:\EN_Fallout_3_DLC.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 23:37:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\O(wner\Desktop\aswMBR.exe
[2012/05/28 23:09:37 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{693B30B0-8053-4CCD-BED0-E1B3519D6B4B}
[2012/05/23 21:36:57 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{3CF8753E-EB7C-4D7F-870C-88B638F4B18A}
[2012/05/23 21:36:29 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{F5D8ADE8-1C10-44DC-9CA1-8E26695B8E89}
[2012/05/21 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{D1281D15-67B5-472C-B722-20B3B5B5744A}
[2012/05/21 18:13:37 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{9C48E31B-BE91-4D20-A37E-D6D0AAEEE960}
[2012/05/21 18:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/21 18:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/20 22:58:43 | 000,000,000 | ---D | C] -- C:\Users\O(wner\Desktop\Blacklight Retribution
[2012/05/20 15:43:39 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\O(wner\Desktop\OTL.exe
[2012/05/20 12:43:50 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{9C03E7D4-0CF5-4893-AB80-C552E0D7A812}
[2012/05/20 12:43:42 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{5A0BDA2C-CB69-4C13-B94C-D5F8DFBC7CE6}
[2012/05/19 14:25:15 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{6DF4016D-ADC1-4D27-9533-9C2C34CD17DD}
[2012/05/19 14:25:06 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{F73C4588-4720-4598-8C29-2C5CC4F37C57}
[2012/05/18 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{F2807430-78ED-46E5-BB64-8FE7D111A2D3}
[2012/05/18 16:35:38 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{59D0B2A9-BD86-4DE1-B292-69DAB6D976D3}
[2012/05/18 16:35:19 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{6A940B3C-228D-490B-9B55-B8D24298DC8E}
[2012/05/18 05:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/18 05:40:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/17 19:10:33 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{4F188177-8A05-4505-ADF5-05900C5C0800}
[2012/05/16 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Roaming\NVIDIA
[2012/05/16 20:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/05/16 20:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/05/16 20:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/05/16 20:06:39 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/05/16 20:06:39 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/05/16 20:05:52 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/05/16 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{5A60B7AE-363F-4095-83FC-6E079BB963CE}
[2012/05/16 20:00:16 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{47C28517-C3C3-413F-BB41-8FDD41B479AB}
[2012/05/16 19:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/05/16 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{7225A80F-198E-4355-839B-0F778AB6C505}
[2012/05/15 21:57:39 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/05/15 19:23:49 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{16212783-1848-4E1C-93B0-F6648A60DC34}
[2012/05/15 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{BEC451F9-2FB3-4875-A1D6-FC6668A6F89D}
[2012/05/15 18:51:16 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\28050
[2012/05/15 18:51:15 | 000,000,000 | ---D | C] -- C:\Users\O(wner\Documents\ALI213
[2012/05/15 18:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
[2012/05/15 18:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Square Enix
[2012/05/15 17:04:42 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{C6D275E8-DBE4-421E-B408-544678288F5B}
[2012/05/14 22:17:39 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{2C8D775D-3B62-4349-93A8-DAE6E709B457}
[2012/05/14 22:10:08 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diamond Multimedia 11.8 2400-6900 PCIe Win7Vista
[2012/05/14 22:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diamond Multimedia 11.8 2400-6900 PCIe Win7Vista
[2012/05/14 22:07:43 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{622462DC-1E35-4574-8C79-099B1AB7232F}
[2012/05/14 22:06:26 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{B139E4A0-C447-4641-8570-B22B091A4C02}
[2012/05/14 17:57:01 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{89C9CFB7-7FC2-4447-BE10-0472264329C7}
[2012/05/14 17:18:20 | 000,000,000 | ---D | C] -- C:\Users\O(wner\Documents\The Lord of the Rings Online
[2012/05/14 17:18:20 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\The Lord of the Rings Online
[2012/05/14 16:41:09 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\Turbine
[2012/05/14 03:02:29 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\ApplicationHistory
[2012/05/14 03:00:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012/05/14 03:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
[2012/05/14 02:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turbine
[2012/05/13 17:12:27 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{44EC5741-4346-4F9B-A4AB-A58F5873D3A4}
[2012/05/13 17:12:02 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{44EF47F0-57D6-4CF8-BA9A-BA4070571CF9}
[2012/04/30 11:49:21 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{45B2DD22-AA69-42BA-8BD6-56EBDEEF34D0}
[2012/04/29 15:17:24 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{2EC1D4CF-7E07-4EDA-B098-3E89BC24B9C6}
[2012/04/29 15:16:43 | 000,000,000 | ---D | C] -- C:\Users\O(wner\AppData\Local\{C132F533-DDFF-451E-AAF9-0536BC09974B}
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/29 12:44:33 | 000,000,512 | ---- | M] () -- C:\Users\O(wner\Desktop\MBR.dat
[2012/05/29 12:44:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/29 09:00:00 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - O(wner - Full System Scan.job
[2012/05/28 23:44:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/28 23:37:29 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\O(wner\Desktop\aswMBR.exe
[2012/05/28 23:17:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 23:17:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 23:14:01 | 000,802,480 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/28 23:14:01 | 000,679,716 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/28 23:14:01 | 000,132,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/28 23:08:48 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/05/28 23:08:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/28 23:08:18 | 2146,807,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/23 21:45:38 | 000,002,309 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/21 18:05:11 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/21 18:05:02 | 000,807,882 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/20 22:59:09 | 000,000,482 | ---- | M] () -- C:\Users\O(wner\Desktop\Resume Download of Blacklight Retribution.url
[2012/05/20 15:43:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\O(wner\Desktop\OTL.exe
[2012/05/19 14:40:51 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/05/19 00:47:13 | 000,000,222 | ---- | M] () -- C:\Users\O(wner\Desktop\Super Monday Night Combat.url
[2012/05/19 00:43:16 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/19 00:40:54 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/05/19 00:40:54 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/05/19 00:40:54 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\Global Agenda Live.lnk
[2012/05/17 21:19:23 | 000,442,912 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/16 21:05:45 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/05/16 21:05:45 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/15 22:13:47 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/05/15 22:13:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/15 18:50:54 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\Deus Ex - Human Revolution.lnk
[2012/05/15 18:21:09 | 000,007,603 | ---- | M] () -- C:\Users\O(wner\AppData\Local\Resmon.ResmonCfg
[2012/05/14 16:41:12 | 000,000,094 | ---- | M] () -- C:\Users\O(wner\AppData\Local\fusioncache.dat
[2012/05/14 16:27:11 | 000,365,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/14 09:00:00 | 000,000,670 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/05/14 03:00:35 | 000,002,242 | ---- | M] () -- C:\Users\O(wner\Application Data\Microsoft\Internet Explorer\Quick Launch\The Lord of the Rings Online.lnk
[2012/05/14 03:00:35 | 000,002,218 | ---- | M] () -- C:\Users\O(wner\Desktop\The Lord of the Rings Online.lnk
[2012/05/13 20:53:28 | 000,000,187 | ---- | M] () -- C:\Users\Public\Desktop\ijji.url
[2012/05/13 20:53:22 | 000,002,052 | ---- | M] () -- C:\Users\O(wner\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2012/05/13 20:53:21 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2012/05/13 19:02:01 | 000,007,597 | ---- | M] () -- C:\Windows\WinInit.Ini
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/29 12:44:33 | 000,000,512 | ---- | C] () -- C:\Users\O(wner\Desktop\MBR.dat
[2012/05/21 18:05:11 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/21 18:05:05 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/20 22:59:09 | 000,000,482 | ---- | C] () -- C:\Users\O(wner\Desktop\Resume Download of Blacklight Retribution.url
[2012/05/19 00:47:13 | 000,000,222 | ---- | C] () -- C:\Users\O(wner\Desktop\Super Monday Night Combat.url
[2012/05/19 00:43:16 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/19 00:40:54 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/05/19 00:40:54 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/05/19 00:40:54 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\Global Agenda Live.lnk
[2012/05/16 20:11:41 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/05/16 20:06:39 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/05/15 18:50:54 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\Deus Ex - Human Revolution.lnk
[2012/05/14 16:41:12 | 000,000,094 | ---- | C] () -- C:\Users\O(wner\AppData\Local\fusioncache.dat
[2012/05/14 03:00:35 | 000,002,242 | ---- | C] () -- C:\Users\O(wner\Application Data\Microsoft\Internet Explorer\Quick Launch\The Lord of the Rings Online.lnk
[2012/05/14 03:00:35 | 000,002,218 | ---- | C] () -- C:\Users\O(wner\Desktop\The Lord of the Rings Online.lnk
[2012/05/13 20:53:26 | 000,000,187 | ---- | C] () -- C:\Users\Public\Desktop\ijji.url
[2012/05/13 20:53:21 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/02/14 20:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 20:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/12/21 00:24:30 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/10/25 23:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/13 14:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/28 01:15:42 | 000,000,008 | -HS- | C] () -- C:\Users\O(wner\AppData\Roaming\date
[2011/07/28 01:15:41 | 000,000,002 | -HS- | C] () -- C:\Users\O(wner\AppData\Roaming\evf6
[2011/01/15 03:26:52 | 000,003,584 | ---- | C] () -- C:\Users\O(wner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/18 03:14:47 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/12/18 03:14:47 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/11/28 23:30:07 | 000,013,734 | ---- | C] () -- C:\Users\O(wner\AppData\Roaming\UserTile.png
[2010/10/08 15:34:54 | 000,807,882 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/26 23:27:43 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/09/13 00:04:14 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/06/16 23:56:28 | 002,419,568 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/03 23:36:30 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll

========== LOP Check ==========

[2011/10/15 15:37:40 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\.minecraft
[2011/01/15 03:20:38 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\BearShare
[2010/12/18 03:27:04 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\BugTrap Console Test108
[2011/05/26 18:21:07 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Canneverbe Limited
[2010/01/01 14:05:08 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\DAEMON Tools Lite
[2011/04/02 20:04:01 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\DarksporeData
[2010/04/07 00:13:56 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\DNA
[2010/02/23 21:39:30 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Downloaded Installations
[2011/12/13 14:16:35 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\FrostWire
[2010/01/01 14:32:07 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\FUEL Demo
[2011/07/16 00:41:04 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Hi-Rez Studios
[2012/05/13 20:53:52 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\ijjigame
[2010/11/07 18:28:02 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\LimeWire
[2010/12/18 18:26:16 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\LolClient
[2010/04/21 17:44:31 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Mount&Blade Warband
[2011/01/15 03:26:24 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\MusicNet
[2010/09/05 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Need for Speed World
[2011/04/17 18:11:13 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\OpenOffice.org
[2011/07/28 17:31:53 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Origin
[2010/02/17 23:54:13 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Panda Security
[2011/05/07 20:26:23 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\PunkBuster
[2012/02/22 21:47:08 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\redsn0w
[2011/02/05 02:09:24 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\RIFT
[2010/02/21 01:00:50 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\runic games
[2012/02/22 22:56:23 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\SystemRequirementsLab
[2010/12/01 16:43:31 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Template
[2010/04/25 16:19:48 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\The Creative Assembly
[2010/02/23 20:58:44 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Unity
[2012/05/15 05:45:28 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\uTorrent
[2010/10/11 01:09:10 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\W
[2010/10/11 01:04:52 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\wargaming.net
[2010/11/18 18:21:29 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\Windows Live Writer
[2010/04/13 00:42:28 | 000,000,000 | ---D | M] -- C:\Users\O(wner\AppData\Roaming\ZombieDriver
[2012/05/14 09:00:00 | 000,000,670 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/01/06 02:00:00 | 000,000,520 | ---- | M] () -- C:\Windows\Tasks\Basic clean-up.job
[2012/05/16 19:14:57 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{31605AD6-16B8-409C-A095-E64AFC3FCE3D}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{EA8713C9-52CC-42DD-A388-B7B0CCC5398B}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F1625B52-AB65-4B47-A8B5-B34618929125}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 05 01 01 01 00 01 04 01 03 01 08 01 06 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/18 05:40:31 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/18 05:40:31 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/18 05:40:31 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/11/30 23:09:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/11/30 23:09:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/11/30 23:09:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/11/30 23:09:41 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/11/30 23:09:41 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/05/18 05:40:31 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/05/18 05:40:31 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/05/18 05:40:31 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/05/18 05:40:36 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/22 19:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/11/30 23:09:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/11/30 23:09:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/11/30 23:09:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/11/30 23:09:41 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/11/30 23:09:41 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: OWNER-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D GV-N550_11 CDFS DVD-ROM 1075 MB Healthy
Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System
Volume 2 C Gateway NTFS Partition 916 GB Healthy Boot
Volume 3 PQSERVICE NTFS Partition 15 GB Healthy Hidden
Volume 4 E Removable 0 B No Media
Volume 5 F Removable 0 B No Media
Volume 6 G Removable 0 B No Media
Volume 7 H Removable 0 B No Media
Volume 8 I Removable 0 B No Media

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

10.0.1.1 Do you recognize this DHCP NameServer?


Step 2.

You have remnants of an Avast! AV install please download and run this tool in safe mode.


Step 3.

You have too many resident antispyware programs on your machine, they can conflict and slow your machine down as they fight one another.
Please uninstall SpyBot S & D and keep MalwareBytes'


Step 4.

P2P Warning!:

IMPORTANT I have noticed that there are signs of Bearshare, Frostwire, Limewire, Pando Networks, uTorrent, and BitTorrentDNA P2P (Peer to Peer) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Bearshare, Frostwire, Limewire, Pando Networks, uTorrent, and BitTorrentDNA, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.


Step 5.

PunkBuster Advice:

There are some Issues with infections in relation to PunkBuster...The computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games, or worse.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is no assurance you will be able to do games afterwards.
If the Uninstaller ever fails, it is a nightmare to remove, just as they have intended.

So my advice would be download the Removal Tool for PunkBuster to the desktop.

Right-click on pbsvc.exe and select Run as Administrator >> follow the prompts.

You may reinstall Punkbuster when I give the all clear if you so wish.


Step 6.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
    IE - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
    FF - prefs.js..browser.search.selectedEngine: "WebSearch+"
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKU\S-1-5-21-752240563-1020075330-1848928621-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    
    
    
    
    :files
    ipconfig /flushdns /c
    C:\Windows\tasks\At*.job
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 7.

Please let me know which programs you have removed.

Please post:

OTL fix log

Also give me an update on your computer issues.
  • 0

#9
Pizzatrooper

Pizzatrooper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
So! First of all thank you once again for your determined and continued aid in this matter.

Step 1. I do not recognize that and I'm not even entirely sure what you are asking. is it allowed on my computer?

Now I have completed everything up until step six, where I cannot access those options. It just has a bar to click that says start trial but when I do, it says that it's not available to my version. So I can't disable it to start with windows. What do you suggest I do?
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

I do not recognize that and I'm not even entirely sure what you are asking. is it allowed on my computer?

I am researching it based on you not knowing about it so we will see.

So I can't disable it to start with windows. What do you suggest I do?

This is only if you have the trial or paid version. Ignore this part and go ahead with the OTL fix immediately below it. :thumbsup:
  • 0

Advertisements


#11
Pizzatrooper

Pizzatrooper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-752240563-1020075330-1848928621-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
HKU\S-1-5-21-752240563-1020075330-1848928621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "WebSearch+" removed from browser.search.selectedEngine
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-752240563-1020075330-1848928621-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-752240563-1020075330-1848928621-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\O(wner\Desktop\cmd.bat deleted successfully.
C:\Users\O(wner\Desktop\cmd.txt deleted successfully.
C:\Windows\tasks\At1.job moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 57840 bytes
->Temporary Internet Files folder emptied: 33404 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: O(wner
->Temp folder emptied: 102621142 bytes
->Temporary Internet Files folder emptied: 101316809 bytes
->Java cache emptied: 21915735 bytes
->FireFox cache emptied: 54982357 bytes
->Google Chrome cache emptied: 7682672 bytes
->Flash cache emptied: 3444 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 757760 bytes
%systemroot%\System32 .tmp files removed: 1564672 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1272333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67624 bytes
RecycleBin emptied: 371186 bytes

Total Files Cleaned = 279.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.1 log created on 05302012_122201

Files\Folders moved on Reboot...
C:\Users\O(wner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


That's the report. I will test out a few things and try to see if I can tell if the issues are lessened or if anything has changed.
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Thanks,

I will research the issue on DNS and wait for your response to prepare the next steps.

Regards,

CompCav
  • 0

#13
Pizzatrooper

Pizzatrooper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The issues seem to have disappeared. Since it has been always random I can't be sure but I have done a couple things that usually trigger it and so far so good. I will continue to try and get it to happen. but, as for as far as I know, it seems rectified.
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
I am glad it is working well. We still have a few more steps in the process to insure it is clean and security files are all updated.




Step 1.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log


Please give me an update on how your computer is doing!
  • 0

#15
Pizzatrooper

Pizzatrooper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
MBAM log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
O(wner :: OWNER-PC [administrator]

Protection: Enabled

31/05/2012 12:04:59 PM
mbam-log-2012-05-31 (12-04-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250237
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



The ESET Online scan log


C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
C:\Users\O(wner\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\O(wner\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\O(wner\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\O(wner\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.2.9.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\O(wner\Downloads\Pscychonauts\psychonauts.iso a variant of Win32/GameHack.O application deleted - quarantined


Security Check Log

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.1.102.55 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
ESET ESET Online Scanner OnlineScannerApp.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


I will give you an update on the perfomance of my computer tomorrow.

Thanks :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP